Wishlist: secondary fuzzer instance like eclipser 2.0

eurecom-s3 / symcc

SymCC: efficient compiler-based symbolic execution

http://www.s3.eurecom.fr/tools/symbolic_execution/symcc.html

GNU General Public License v3.0

773 stars 135 forks source link

Wishlist: secondary fuzzer instance like eclipser 2.0 #36

Closed vanhauser-thc closed 3 years ago

vanhauser-thc commented 3 years ago

eclipser 2.0 (https://github.com/SoftSec-KAIST/Eclipser#eclipser-v20) now does not its own fuzzing anymore and "just" tried to find new paths by concolic execution, basically what symcc does, but already as a ready-made tool to just just as an afl-fuzz -S secondary.

This feature is seriously missing for symcc, and would spread and improve it's usage. my assumption is that the symcc is faster and better than eclipser so this would really be a great step forward.

sebastianpoeplau commented 3 years ago

Hi @vanhauser-thc,

I haven't tried the new Eclipser feature yet, but we have symcc_fuzzing_helper to run SymCC just like a secondary AFL instance (see https://github.com/eurecom-s3/symcc/blob/master/docs/Fuzzing.txt). How is that different from what you have on your wish list?

vanhauser-thc commented 3 years ago

I wasnt aware that this existed ... uh ... forget it ;)