Debloater output sample set

trailofbits / differ

Detecting Inconsistencies in Feature or Function Evaluations of Requirements

GNU Affero General Public License v3.0

67 stars 4 forks source link

Debloater output sample set #9

Closed ameily closed 1 year ago

ameily commented 1 year ago

We need a decent sized corpus of debloated binaries to test against that fully exercise DIFFER. In general, our sample set should include:

A sample that reads from stdin, similar to head
A sample that reads an input file, similar to cat

We should have output from several delobaters and be able to trigger failures for missing features.

ameily commented 1 year ago

During today's call, it was also mentioned that we could perform analysis on different release versions of a binary. For example, if a feature was added to a command line application within a release, evaluate the original and the updated binary.

ameily commented 1 year ago

We can potentially use output from the "Debloating Tradeoffs" paper

Artifacts: https://github.com/qixin5/debloating_study
Data with debloated samples: https://gitlab.com/anony22/debaug_release

ameily commented 1 year ago

Reviewing the debloated samples above, it may be difficult to use them because we don't know the inputs used during delobating or what was actually debloated. The output is the debloated code that we need to compile. So, these may not be ideal since it would require a good amount of work to get working.

ameily commented 1 year ago

I believe this is done. We've added the benchmark programs from the spreadsheet and I believe GT is on the hook for eventually providing debloated versions of these.