Giters

pombredanne / hydra-4

Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Hydra - SOSP19 Artifact

Contents

  • General code base

    • src/combined: Hydra input mutator
    • src/lkl/tools/lkl/{FS}-combined-consistency: Hydra LibOS-based Executor (will be downloaded and compiled during setup)

  • Checkers

    • src/emulator: Hydra's in-house crash consistency checker, SymC3

Setup

  1. All setup should be done under src
$ cd src
  1. Install dependencies
./dep.sh
  1. Run make for each file system
$ make build-btrfs-imgwrp
  • We can the same for other file systems:
$ make build-ext4-imgwrp
$ make build-f2fs-imgwrp
$ make build-xfs-imgwrp
  • To reproduce bugs presented in the SOSP'19 paper, do the following:
$ cd lkl (pwd: proj_root/src/lkl) # assuming that you are in the src directory
$ make mrproper
$ git pull
$ git checkout v4.16-backport
$ ./compile -t btrfs
$ cd .. (pwd: proj_root/src)
  1. Set up environments
$ sudo ./prepare_fuzzing.sh
$ ./prepare_env.sh
  1. Run fuzzing (single instance)
$ ./run.py -t [fstype] -c [cpu_id] -l [tmpfs_id] -g [fuzz_group]

-t: choose from btrfs, f2fs, ext4, xfs
-c: cpu id to run this fuzzer instance
-l: tmpfs id to store logs (choose one from /tmp/mosbench/tmpfs-separate/)
-g: specify group id for parallel fuzzing, default: 0

e.g., ./run.py -t btrfs -c 4 -l 10 -g 1
Runs btrfs fuzzer, and pins the instance to Core #4.
Logs will be accumulated under /tmp/mosbench/tmpfs-separate/10/log/ .

You can also run multiple fuzzers in parallel by doing:

[Terminal 1] ./run.py -t btrfs -c 1 -l 10 -g 1
[Terminal 2] ./run.py -t btrfs -c 2 -l 10 -g 1
[Terminal 3] ./run.py -t btrfs -c 3 -l 10 -g 1
[Terminal 4] ./run.py -t btrfs -c 4 -l 10 -g 1
// all btrfs bug logs will be under /tmp/mosbench/tmpfs-separate/10/log/

[Terminal 5] ./run.py -t f2fs -c 5 -l 11 -g 2
[Terminal 6] ./run.py -t f2fs -c 6 -l 11 -g 2
[Terminal 7] ./run.py -t f2fs -c 7 -l 11 -g 2
[Terminal 8] ./run.py -t f2fs -c 8 -l 11 -g 2
// all f2fs bug logs will be under /tmp/mosbench/tmpfs-separate/11/log/
  1. Important note

It is highly encouraged that you use separate input, output, log directories for each file system, unless you are running fuzzers in parallel. If you reuse the same directories from previous testings of other file systems, it won't work properly.

  1. Experiments

Please refer to EXPERIMENTS.md for detailed experiment information.

About

Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems

License:MIT License

Languages

Language:C++ 40.9%Language:LLVM 32.8%Language:Assembly 11.6%Language:C 9.4%Language:Objective-C 1.6%Language:Coq 0.9%Language:Python 0.5%Language:Objective-C++ 0.5%Language:HTML 0.4%Language:Roff 0.3%Language:CMake 0.2%Language:TeX 0.1%Language:OCaml 0.1%Language:Shell 0.1%Language:Makefile 0.1%Language:Cuda 0.1%Language:Go 0.0%Language:Perl 0.0%Language:Haskell 0.0%Language:M4 0.0%Language:MATLAB 0.0%Language:JavaScript 0.0%Language:C# 0.0%Language:Emacs Lisp 0.0%Language:CSS 0.0%Language:Batchfile 0.0%Language:Vim Script 0.0%Language:Mathematica 0.0%Language:Awk 0.0%Language:Fortran 0.0%Language:Dockerfile 0.0%Language:Yacc 0.0%Language:Cool 0.0%Language:sed 0.0%Language:M 0.0%Language:TSQL 0.0%Language:Nix 0.0%Language:Pawn 0.0%Language:AppleScript 0.0%Language:Mercury 0.0%Language:Standard ML 0.0%Language:Forth 0.0%Language:PLpgSQL 0.0%Language:RenderScript 0.0%Language:Scilab 0.0%Language:Swift 0.0%Language:Rust 0.0%Language:Rich Text Format 0.0%Language:Logos 0.0%