Skip to content

OSUSecLab/elfuzz

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

492 Commits
.devcontainer
.devcontainer
 
 
.vscode
.vscode
 
 
access_adapt
access_adapt
 
 
analysis
analysis
 
 
cli
cli
 
 
deprecated
deprecated
 
 
docs
docs
 
 
evaluation
evaluation
 
 
extradata
extradata
 
 
fuzzbench
fuzzbench
 
 
plot
plot
 
 
preset
preset
 
 
tmp/fastdata
tmp/fastdata
 
 
.dockerignore
.dockerignore
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
TODO.md
TODO.md
 
 
all_gen.sh
all_gen.sh
 
 
analyze_cov.py
analyze_cov.py
 
 
artifacts_readme.md
artifacts_readme.md
 
 
bump_version.py
bump_version.py
 
 
code_diffs.sh
code_diffs.sh
 
 
do_gen.sh
do_gen.sh
 
 
docker_readme.md
docker_readme.md
 
 
drive_log.py
drive_log.py
 
 
driver.py
driver.py
 
 
elmconfig.py
elmconfig.py
 
 
genoutputs.py
genoutputs.py
 
 
genvariants_parallel.py
genvariants_parallel.py
 
 
getcov.py
getcov.py
 
 
getcov_fuzzbench.py
getcov_fuzzbench.py
 
 
glade_patch.sh
glade_patch.sh
 
 
launch_dev_container.xsh
launch_dev_container.xsh
 
 
migrate_version.py
migrate_version.py
 
 
prepare_fuzzbench.py
prepare_fuzzbench.py
 
 
replication_package.version.history
replication_package.version.history
 
 
select_seeds.py
select_seeds.py
 
 
shrink_variant.py
shrink_variant.py
 
 
shrink_variants_in_dir.py
shrink_variants_in_dir.py
 
 
start_tgi_servers.sh
start_tgi_servers.sh
 
 
start_tgi_servers_debug.sh
start_tgi_servers_debug.sh
 
 
tar_docker.py
tar_docker.py
 
 
tar_src.py
tar_src.py
 
 
util.py
util.py
 
 
utmp.py
utmp.py
 
 
utmp_reader.py
utmp_reader.py
 
 

Repository files navigation

ELFuzz

Artifacts DOI

This repository contains the source code of the replication package of the paper "ELFuzz: Efficient Input Generation via LLM-driven Synthesis Over Fuzzer Space."

Experiment data

The experiment data are published on Zenodo.

Replication package

The code and environment to replicate the experiments are published as a Docker image. Run the following command to pull it:

docker pull ghcr.io/osuseclab/elfuzz:25.07.2

Before launching docker, set up core_patterns for the host machine, which is required by AFL++ later:

echo core > /proc/sys/kernel/core_pattern

Instead, if you download the Docker image as a tarball from Zenodo, you can import it using the following commands:

zstd -d "elfuzz_docker_<timetag>.tar.zst"
docker load --input "elfuzz_docker_<timetag>.tar"

After pulling/importing the image, run the following command to start the container:

mkdir -p /tmp/host
docker run --storage-opt size=100G --cpus 30 -it --add-host=host.docker.internal:host-gateway -v /tmp/host:/tmp/host -v /var/run/docker.sock:/var/run/docker.sock --name elfuzz ghcr.io/osuseclab/elfuzz:25.07.2

Explanation of the command is as follows:

  • --storage-opt size=100G: Allocates 100 GB of disk space to the container. We need this as some files generated/downloaded during the experiments are large, such as the models pulls from Hugging Face and the seed test cases generated by ELFuzz fuzzers.
  • --cpus 32: Allocates 32 CPU cores to the container. This is to speed up operations such as minimizing seed test cases via parallelization.
  • -it: Runs the container in interactive mode with a terminal.
  • --add-host=host.docker.internal:host-gateway: Adds a host entry to the container so that it can access the host machine. This is needed for query the LLM served in a sibling container.
  • -v /tmp/host:/tmp/host: Mounts the /tmp/host directory on the host machine into the container as a shared temporary directory with sibling containers.
  • -v "/var/run/docker.sock:/var/run/docker.sock": Mounts the Docker socket into the container, allowing it to run sibling containers.
  • --name elfuzz: Names the container elfuzz.
  • ghcr.io/osuseclab/elfuzz:25.07.2: Specifies the Docker image to use.

This will enter a shell into the container. Then, following the instructions in /elfuzz/README.md (which is a symlink to docker_readme.md in this repository) to replicate the experiments.

The Docker image has only been tested on X86-64 machines.

How to build the Docker image

Before building the Docker image, you should cd to the root of the ELFuzz source code and put elfuzz_baselines.tar.zst (downloaded from Zenodo) into tmp/.

The Docker image is built by the following command:

docker build -t ghcr.io/osuseclab/elfuzz:25.07.2 -f .devcontainer/Dockerfile --target publish .

Source code layout

First, I'm sorry that the codebase is messy. It is hard to keep it clean while rushing towards the paper deadline.

TODO

Miscellaneous

  • The Docker version at the time that the image was built is 28.2.2.
  • There is a PDF (misc/sibling_container.pdf) in the data tarball (elfuzz_data_<timestamp>.tar.zst) downloaded from the Zenodo repository. It is a persistent version of the Stack Overflow post referenced above, in case that the link to the post is broken in the future.

Maintenance statements

  • [2025-06-19] I tried my best to preserve the environment in the Docker image, keeping the replication package usable for as long as possible. However, there may be some aspects that I have not considered. If you encounter any issues that prevent you from using the package, please open an issue or launch a pull request.

Cite this work

TODO

About

Replication package of ELFuzz

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages