alwin.berger/FRET
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
35 Commits 2 Branches 1 Tag
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Alwin Berger 4ebc399993 AE++
2025-08-16 07:55:07 +00:00
Docker
AE hints
2025-08-16 07:21:08 +00:00
FreeRTOS @ 24bba6bde0
update subvolumes
2025-08-12 12:09:59 +00:00
LibAFL @ 36bd06cb99
update subvolumes
2025-08-12 12:09:59 +00:00
qemu-libafl-bridge @ fead70c87b
update deps
2025-05-21 08:32:53 +00:00
.envrc
update
2025-05-21 08:30:17 +00:00
.gitignore
add tools
2025-08-07 12:06:01 +00:00
.gitmodules
update urls
2023-06-02 08:48:50 +02:00
AE.md
AE++
2025-08-16 07:55:07 +00:00
flake.lock
update dependencies
2025-07-23 11:34:46 +00:00
flake.nix
update subvolumes
2025-08-12 12:09:59 +00:00
one_time_setup.sh
move tools, update README
2025-08-12 11:43:30 +00:00
README.md
move tools, update README
2025-08-12 11:43:30 +00:00
run_eval.sh
AE hints
2025-08-16 07:21:08 +00:00
shell.nix
init
2022-11-09 08:50:57 +01:00

README.md

FRET

Structure

  • git submodule update --init
  • LibAFL-based fuzzer under LibAFL/fuzzers/FRET
  • FreeRTOS demos under FreeRTOS/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC
  • QEMU instrumentation under qemu-libafl-bridge

HowTo

Development environment using nix

Use nix develop or nix-shell to enter a shell with all required tools.

Development environment using podman/docker

If you don't have nix installed, you can use it though a container. See Docker/README.md.

Potential Issues

If you encounter errors where a temporary directory is not found, use mkdir -p $TMPDIR

Build FRET

cd LibAFL/fuzzers/FRET
# First time and after changes to QEMU
sh -c "unset CUSTOM_QEMU_NO_BUILD CUSTOM_QEMU_NO_CONFIGURE && cargo build"
# Afterwards, simply use
cargo build

Build additional tools

LibAFL/fuzzers/FRET/tools/build.sh

Build FreeRTOS Demos

cd LibAFL/fuzzers/FRET/benchmark
sh build_all_demos.sh
# see LibAFL/fuzzers/FRET/benchmark/build

Example usage

  • Build the demos and additional tools first
cd LibAFL/fuzzers/FRET
# Help for arguments
cargo run -- --help
# Example
export DUMP=$(mktemp -d)
dd if=/dev/random of=$DUMP/input bs=8K count=1
# fuzz for 10 seconds
cargo run -- -k benchmark/build/waters_seq_full.elf -c benchmark/target_symbols.csv -n $DUMP/output -tag fuzz -t 10 --seed 123456
# Produce a trace for the worst case found
cargo run -- -k benchmark/build/waters_seq_full.elf -c benchmark/target_symbols.csv -n $DUMP/show -tr showmap -i $DUMP/output.case
# plot the result
../../../state2gantt/driver.sh $DUMP/show.trace.ron
# view the gantt chart
open $DUMP/show_job.html

Perform canned benchmarks

  • Build the demos and additional tools first
  • Select a benchmark set in LibAFL/fuzzers/FRET/benchmark/Snakefile
  • Hardware Requirements:
    • Recommendation: 512GiB of RAM with 64 physical cores
    • About 8GB of RAM per Job on average are required to prevent OOMs
    • The set used for the paper consists of ~270 Jobs, so you will need about five day to reproduce the results
# $BENCHDIR
cd LibAFL/fuzzers/FRET/benchmark
# optional
export BENCHDIR="eval_$(date -I)"
# Reproduce the evals in the paper e.g.
snakemake --cores 64 eval_bytes eval_int eval_full waters_multi
# plot the resutls
sh plot_all_benchmarks.sh
# See images in $BENCHDIR
sh plot_all_traces.sh
# See HTML files in $BENCHDIR/timedump/*/ for traces of the worst cases
Description
No description provided
Readme 135 KiB
Languages
Nix 55.1%
Shell 31.6%
Dockerfile 13.3%