PTrix

Chen, Yaohui; Mu, Dongliang; Xu, Jun; Sun, Zhichuang; Shen, Wenbo; Xing, Xinyu; Lu, Long; Mao, Bing

doi:10.1145/3321705.3329828

Cited by 42 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using the packet trace captured by Intel PT along with the corresponding binary of the PUT, the execution path of the PUT could be fully reconstructed. There have been attempts of fuzzing with PT [10,[112][113][114], but it has never been used to DGF yet. For the problem of target identification and labeling at the binary code level, a machine-learning-based approach [30,31] and a heuristic binary diffing approach [100] can be leveraged to automatically identify the vulnerable code.…”

Section: Dependence On the Put Source Codementioning

confidence: 99%

See 1 more Smart Citation

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryGreybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs, blindly extending code coverage is less efficient, especially for corner cases. Unlike coverage‐guided greybox fuzzing which increases code coverage in an undirected manner, directed greybox fuzzing (DGF) spends most of its time allocation on reaching specific targets (e.g. the bug‐prone zone) without wasting resources stressing unrelated parts. Thus, DGF is particularly suitable for scenarios such as patch testing, bug reproduction, and special bug detection. For now, DGF has become an active research area. However, DGF has general limitations and challenges that are worth further studying. Based on the investigation of 42 state‐of‐the‐art fuzzers that are closely related to DGF, we conducted the first in‐depth study to summarize the empirical evidence on the research progress of DGF. This paper studies DGF from a broader view, which takes into account not only the location‐directed type that targets specific code parts but also the behavior‐directed type that aims to expose abnormal program behaviors. By analyzing the benefits and limitations of DGF research, we try to identify gaps in current research, meanwhile, reveal new research opportunities and suggest areas for further investigation.

show abstract

Section: Dependence On the Put Source Codementioning

confidence: 99%

“…However, emulator‐based tools are usually less efficient. For example, the execution speed of vanilla AFL is 2‐5 times faster than its QEMU mode [112]. Second, difficulty in collecting target information .…”

Section: Challenges Faced By Dgfmentioning

confidence: 99%

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

show abstract

“…Hardware tracing has already enabled a variety of client tasks, including testing/fuzzing [5,28,47,63], debugging [30,33,34,44], security enforcement [32,39,55], performance tuning [50,51], etc. Multiple fuzzing systems, such as Honggfuzz, kAFL, PTFuzz, and PTrix, collect code coverage information via PT so as to efficiently guide the fuzzing process.…”

Section: Applications Of Hardware Tracingmentioning

confidence: 99%

“…Modern CPUs are equipped with tracing modules such as Intel processor trace (PT) [19] and ARM embedded trace macrocell (ETM) [18], providing ultra efficiency for control-flow profiling of end-to-end program executions. With these hardware traces, it is possible to reconstruct a program's complete execution flow, enabling a wide spectrum of client applications in testing [5,28,47,[61][62][63], debugging [27,30,64,65], performance analysis [50,51], etc. For example, with a program's control flow, various execution statistics, such as function and statement coverage, path profiles, call tree profiles, etc.…”

Section: Introductionmentioning

confidence: 99%

JPortal: precise and efficient control-flow tracing for JVM programs with Intel processor trace

Zuo

Jiao

Wang

et al. 2021

Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Hardware tracing modules such as Intel Processor Trace perform continuous control-flow tracing of an end-to-end program execution with an ultra-low overhead. PT has been used in a variety of contexts to support applications such as testing, debugging, and performance diagnosis. However, these hardware modules have so far been used only to trace native programs, which are directly compiled down to machine code. As high-level languages (HLL) such as Java and Go become increasingly popular, there is a pressing need to extend these benefits to the HLL community. This paper presents JPortal, a JVM-based profiling tool that bridges the gap between HLL applications and low-level hardware traces by using a set of algorithms to precisely recover an HLL program's control flow from PT traces. An evaluation of JPortal with the DaCapo benchmark shows that JPortal achieves an overall 80% accuracy for end-to-end control flow profiling with only a 4-16% runtime overhead.

show abstract

“…In this scenario, SHIFT can borrow design ideas from previous works (e.g., Chen et al, 2019, andLi et al, 2022) to acquire coverage information from blobs using tracing components provided by the Cortex-M architecture (e.g., the ARM-embedded trace macrocell (ETM) or the embedded trace buffer (ETB), ARM Ltd., 2020b). These 4.6.…”

Section: Configuring Mcu Internalsmentioning

confidence: 99%

Holistic methods for protecting and testing embedded devices

Mera¹

View full text Add to dashboard Cite

show abstract

PTrix

Cited by 42 publications

References 25 publications

The progress, challenges, and perspectives of directed greybox fuzzing

The progress, challenges, and perspectives of directed greybox fuzzing

JPortal: precise and efficient control-flow tracing for JVM programs with Intel processor trace

Holistic methods for protecting and testing embedded devices

Contact Info

Product

Resources

About