Loop Summarization

Implement loop summarization ¹ on FuzzBALL and evaluate it with CGC benchmark.

Test loop summarization with toy examples

There are several examples in examples/loopsum, run them with the following cmdline to test. You can add -trace-loop(-detailed) and -trace-loopsum(-detailed) for more debugging information.

More details in the documents of each example folders

cd fuzzball-loopsum/examples/loopsum
../../exec_utils/fuzzball -use-loopsum -trace-loop -trace-iterations -trace-conditions \
 -fuzz-start-addr [addr] -fuzz-end-addr 0x5006f63a -solver smtlib \
 -solver-path ../../../../lib/z3/build/z3 -linux-syscalls \
-skip-call-ret-symbol [addr of atoi] -trace-stopping input-dependent -- ./input-dependent 0

Run CBs wtih (loopsum)FuzzBALL

Use the cmdline bellow to run Palindrome on FuzzBALL. pyelftools is required by this script.

cd cb-multios/tools/
./cb-test.py --directory ../../cb-multios/build/challenges/Palindrome --xml_dir \
../../cb-multios/build/challenges/Palindrome --concurrent 4 --timeout 5 \
--negotiate_seed --cb Palindrome --should_core

Results are logged in this google spreadsheet.

FuzzBALL output is stored in outputs/CB_name for debugging purpose.

Reference

[1] Patrice Godefroid and Daniel Luchaup. Automatic partial loop summarization in dynamic test generation. In Proceedings of the 2011 International Symposium on Software Testing and Analysis, ISSTA ’11, pages 23–33, New York, NY, USA, 2011. ACM.