A library for performing coverage guided fuzzing of neural networks

Overview

TensorFuzz: Coverage Guided Fuzzing for Neural Networks

This repository contains a library for performing coverage guided fuzzing of neural networks, as was described in this paper. It's still a prototype, but the ultimate goal is for people to actually use this to test real software. Any suggestions about how to make it more useful for that purpose would be appreciated.

Installation

You ought to be able to run the code in this repository by doing the following:

pip install -r requirements.txt

Then do:

export PYTHONPATH="$PYTHONPATH:$HOME/tensorfuzz"

The structure of this repository

Broadly speaking, this repository contains a core fuzzing library, examples of how to use the fuzzer, a list of bugs found with the fuzzer, and some utilities.

/bugs

This directory contains bugs or weird behaviors that we've found by using this tool.

/examples

This directory contains examples of how to use the fuzzer in several different ways. It contains examples of looking for numerical errors, finding broken loss functions in publicly available code, and checking for disagreements between trained classifiers and their quantized versions.

/lib

This directoy contains the fuzzing engine and all the necessary utils.

/third_party

This directory contains code written by other people and the (potentially updated) LICENSES for that code.

Disclaimers

This is not an officially supported Google product.

Comments
  • could you kindly help me start?

    could you kindly help me start?

    Could you guys push some example code(like detect NaNs, find disagreements on 32 bit model and 16bit model) on the github so i can understand the lib better~

    I would appreciate it if you could show me some example !

    opened by KingsleyAdamWang 1
  • Security Policy violation Binary Artifacts

    Security Policy violation Binary Artifacts

    This issue was automatically created by Allstar.

    Security Policy Violation Project is out of compliance with Binary Artifacts policy: binaries present in source code

    Rule Description Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

    Remediation Steps To remediate, remove the generated executable artifacts from the repository.

    First 10 Artifacts Found

    • examples/dcgan/pycache/ops.cpython-36.pyc
    • examples/nans/pycache/dataset.cpython-36.pyc
    • lib/pycache/init.cpython-36.pyc
    • lib/pycache/corpus.cpython-36.pyc
    • lib/pycache/coverage_functions.cpython-36.pyc
    • lib/pycache/dataset.cpython-36.pyc
    • lib/pycache/fuzz_utils.cpython-36.pyc
    • lib/pycache/fuzzer.cpython-36.pyc
    • lib/pycache/mutation_functions.cpython-36.pyc
    • lib/pycache/sample_functions.cpython-36.pyc
    • Run a Scorecards scan to see full list.

    Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.


    Allstar has been installed on all Google managed GitHub orgs. Policies are gradually being rolled out and enforced by the GOSST and OSPO teams. Learn more at http://go/allstar

    This issue will auto resolve when the policy is in compliance.

    Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

    allstar 
    opened by google-allstar-prod[bot] 12
  • Issues when running examples

    Issues when running examples

    Hi, I'm currently running this fuzzer with the code provided in the /examples directory but it doesn't work out. For the dcgan example, I always get 'Fuzzing failed to satisfy objective function.' Just wondering what could be the reason for producing a none result? And for the nan and quantized example, there is an exception: ValueError: Cannot add function '__inference_Dataset_flat_map_read_one_file_44' because a different function with the same name already exists. I'm not sure if it is because there are some defects in TensorFlow 1.

    I'm running it using python 3.6.9 and TensorFlow 1.15 by the way.

    opened by Budd00 0
  • Error in examples - TypeError: Cannot interpret feed_dict key as Tensor: The name 'save/Const:0' refers to a Tensor which does not exist. The operation, 'save/Const', does not exist in the graph.

    Error in examples - TypeError: Cannot interpret feed_dict key as Tensor: The name 'save/Const:0' refers to a Tensor which does not exist. The operation, 'save/Const', does not exist in the graph.

    I am using TF 1.15.0 I am trying to run the examples and get the following error during fuzzing, TypeError: Cannot interpret feed_dict key as Tensor: The name 'save/Const:0' refers to a Tensor which does not exist. The operation, 'save/Const', does not exist in the graph.

    opened by badrid75 0
  • coverage_functions

    coverage_functions

    I could‘t figure out why the nan_fuzzer.py used the all_logit_coverage_function while the quantized_fuzzer and the dcgan_fuzzer used the raw_logit_coverage_fuction.Is there anyone could explain the reason about the qusetion?Thanks a lot.

    opened by zeliangchu 1
  • Plans to update the repo for TF2.0

    Plans to update the repo for TF2.0

    First of all thank you very much for open-sourcing this! I just wanted to ask if there are any plans to accept PRs to adapt this code base to tensorflow2?

    I'd be willing to discuss / submit some changes but want to know if this is on the roadmap or if I should consider a fork?

    opened by seanpmorgan 1
  • What is a spurious disagreement in the quantization example?

    What is a spurious disagreement in the quantization example?

    Hi,

    I am interested in the accuracy loss due to quantization and was running the quantized_fuzzer.py example. In the script I see that we first get a "result" when the objective function is not met, namely argmax for logits and quantized_logits differ. And then, we check whether the disagreement is correct or spurious. Is this to capture non-determinism in floating point operation? I see that the loop runs 10 times for the same input. Is that intentional?

    Thanks!

    opened by vv-ss 0
Owner
Brain Research
Brain Research
Fuzzing tool (TFuzz): a fuzzing tool based on program transformation

T-Fuzz T-Fuzz consists of 2 components: Fuzzing tool (TFuzz): a fuzzing tool based on program transformation Crash Analyzer (CrashAnalyzer): a tool th

HexHive 244 Nov 9, 2022
An AFL implementation with UnTracer (our coverage-guided tracer)

UnTracer-AFL This repository contains an implementation of our prototype coverage-guided tracing framework UnTracer in the popular coverage-guided fuz

null 113 Dec 17, 2022
ParmeSan: Sanitizer-guided Greybox Fuzzing

ParmeSan: Sanitizer-guided Greybox Fuzzing ParmeSan is a sanitizer-guided greybox fuzzer based on Angora. Published Work USENIX Security 2020: ParmeSa

VUSec 158 Dec 31, 2022
[ICSE2020] MemLock: Memory Usage Guided Fuzzing

MemLock: Memory Usage Guided Fuzzing This repository provides the tool and the evaluation subjects for the paper "MemLock: Memory Usage Guided Fuzzing

Cheng Wen 54 Jan 7, 2023
Rethinking Space-Time Networks with Improved Memory Coverage for Efficient Video Object Segmentation

STCN Rethinking Space-Time Networks with Improved Memory Coverage for Efficient Video Object Segmentation Ho Kei Cheng, Yu-Wing Tai, Chi-Keung Tang [a

Rex Cheng 456 Dec 12, 2022
Code for 'Self-Guided and Cross-Guided Learning for Few-shot segmentation. (CVPR' 2021)'

SCL Introduction Code for 'Self-Guided and Cross-Guided Learning for Few-shot segmentation. (CVPR' 2021)' We evaluated our approach using two baseline

null 34 Oct 8, 2022
A modular application for performing anomaly detection in networks

Deep-Learning-Models-for-Network-Annomaly-Detection The modular app consists for mainly three annomaly detection algorithms. The system supports model

Shivam Patel 1 Dec 9, 2021
S2-BNN: Bridging the Gap Between Self-Supervised Real and 1-bit Neural Networks via Guided Distribution Calibration (CVPR 2021)

S2-BNN (Self-supervised Binary Neural Networks Using Distillation Loss) This is the official pytorch implementation of our paper: "S2-BNN: Bridging th

Zhiqiang Shen 52 Dec 24, 2022
Code for the paper "JANUS: Parallel Tempered Genetic Algorithm Guided by Deep Neural Networks for Inverse Molecular Design"

JANUS: Parallel Tempered Genetic Algorithm Guided by Deep Neural Networks for Inverse Molecular Design This repository contains code for the paper: JA

Aspuru-Guzik group repo 55 Nov 29, 2022
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

Angora Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without s

null 833 Jan 7, 2023
FCA: Learning a 3D Full-coverage Vehicle Camouflage for Multi-view Physical Adversarial Attack

FCA: Learning a 3D Full-coverage Vehicle Camouflage for Multi-view Physical Adversarial Attack Case study of the FCA. The code can be find in FCA. Cas

IDRL 21 Dec 15, 2022
Codecov coverage standard for Python

Python-Standard Last Updated: 01/07/22 00:09:25 What is this? This is a Python application, with basic unit tests, for which coverage is uploaded to C

Codecov 10 Nov 4, 2022
An open source machine learning library for performing regression tasks using RVM technique.

Introduction neonrvm is an open source machine learning library for performing regression tasks using RVM technique. It is written in C programming la

Siavash Eliasi 33 May 31, 2022
A vision library for performing sliced inference on large images/small objects

SAHI: Slicing Aided Hyper Inference A vision library for performing sliced inference on large images/small objects Overview Object detection and insta

Open Business Software Solutions 2.3k Jan 4, 2023
docTR by Mindee (Document Text Recognition) - a seamless, high-performing & accessible library for OCR-related tasks powered by Deep Learning.

docTR by Mindee (Document Text Recognition) - a seamless, high-performing & accessible library for OCR-related tasks powered by Deep Learning.

Mindee 1.5k Jan 1, 2023
Complex-Valued Neural Networks (CVNN)Complex-Valued Neural Networks (CVNN)

Complex-Valued Neural Networks (CVNN) Done by @NEGU93 - J. Agustin Barrachina Using this library, the only difference with a Tensorflow code is that y

youceF 1 Nov 12, 2021
Differential fuzzing for the masses!

NEZHA NEZHA is an efficient and domain-independent differential fuzzer developed at Columbia University. NEZHA exploits the behavioral asymmetries bet

null 147 Dec 5, 2022
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing

ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing ProFuzzBench is a benchmark for stateful fuzzing of network protocols. It includes a suite of

null 155 Jan 8, 2023
Emulation and Feedback Fuzzing of Firmware with Memory Sanitization

BaseSAFE This repository contains the BaseSAFE Rust APIs, introduced by "BaseSAFE: Baseband SAnitized Fuzzing through Emulation". The example/ directo

Security in Telecommunications 138 Dec 16, 2022