Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QSYM results are inaccurate, does not work on modern kernel #131

Open
inferno-chromium opened this issue Mar 19, 2020 · 9 comments
Open

QSYM results are inaccurate, does not work on modern kernel #131

inferno-chromium opened this issue Mar 19, 2020 · 9 comments
Labels
bug Something isn't working fuzzer blocker new fuzzer priority

Comments

@inferno-chromium
Copy link
Collaborator

As per Josh Bundt,

QSYM's relies on Intel PIN v2.14-71313 and hence it has not worked at all when using a modern kernel. He only found it working on 3.X kernel from Centos 7 or Ubuntu 14.04.

We have verified that QSYM queue dir is empty, e.g. https://storage.cloud.google.com/fuzzbench-data/2020-03-11/experiment-folders/sqlite3_ossfuzz-qsym/trial-55048/corpus/corpus-archive-0097.tar.gz?authuser=0&_ga=2.54350888.-1894397538.1582244984
The current results probably show better results due to running AFL in slave mode (-s), but we need to verify this.
@inferno-chromium
Copy link
Collaborator Author

@jakkdu - We would really appreciate if you can help us fix QSYM integration and benchmark results from it.

@jonathanmetzman jonathanmetzman mentioned this issue Mar 19, 2020
Merged
@inferno-chromium
Copy link
Collaborator Author

We have temporarily removed it since integration is not working. Once we get fixes in upstream QSYM code, then we want to bring it back.

@inferno-chromium inferno-chromium added the bug Something isn't working label Mar 19, 2020
@insuyun
Copy link

insuyun commented Mar 19, 2020

Hi.
This is related to sslab-gatech/qsym#4.
If QSYM is ready for the latest kernel, I will let you know.
Thank you.

@inferno-chromium
Copy link
Collaborator Author

Thanks @jakkdu !

@insuyun
Copy link

insuyun commented Apr 3, 2020

Hi, @inferno-chromium. I recently checked recent PIN. Unfortunately, I think they still have issues in supporting c++ features, system calls, and external libraries (e.g., https://groups.io/g/pinheads/topic/65995449#12831). I want to dig into this issue more if I can shift QSYM to use PIN 3.x, which seems the most reasonable way to support latest kernel. If it fails, I need to use other DBT, which will require more time to modify :(, sadly. If I have any update, I will let you know. Thank you.

@inferno-chromium
Copy link
Collaborator Author

Thanks @jakkdu , using PIND 3.x seems reasonable, thanks for working on this!

@vanhauser-thc
Copy link
Collaborator

@jakkdu I can highly recommend DynamoRIO. it is about 10x faster than PIN (e.g. see my afl-pin and afl-dynamorio implementations). It also works on ARM and AARCH64.

@insuyun
Copy link

insuyun commented Apr 3, 2020

@vanhauser-thc Actually, at the start of the QSYM project, I tried to use DynamoRIO because I love open-source tools for easier debugging. But at that moment, DynamoRIO fails to work with z3 (DynamoRIO/dynamorio#1881). I think it is worth to check it again whether this problem is still there. Thank you for your recommendation :).

@insuyun
Copy link

insuyun commented Apr 3, 2020

@vanhauser-thc It's off topic, though. I should merge AFL++ to QSYM. Please forgive my laziness + lack of time due to my job searching.

@insuyun insuyun mentioned this issue Jun 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working fuzzer blocker new fuzzer priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@insuyun @vanhauser-thc @inferno-chromium