PolyGlot, a fuzzing framework for language processors
Build
We tested PolyGlot
on Ubuntu 18.04
.
- Get the source code:
git clone https://github.com/s3team/Polyglot && cd Polyglot
- Install prerequisite:
sudo apt install -y make python g++ bison flex clang-format clang
- Modify the
Makefile
to choose the language you want to test - Build everything:
make
- The fuzzer is in
AFL_replate_mutate/afl-fuzz
- Use the
afl-gcc/afl-g++/afl-clang/afl-clang++
inAFL_replace_mutate
to compile the program you want to fuzz.
Config the semantic.json
Before we run the fuzzer, we need to set some values in semantic.json
. Here are some important values that you should set:
InitFileDir
: This should be an absolute path of your init seed file dir. It can be the same as/different from your path of input.BuiltinObjFile
: If you want to use the build-in functions/variables/class for semantic validation, set this path (not a single file). Refer togrammar/solidity_grammar/semantic.json
for an example.
Run
To run the fuzzer, we just run it like normal afl-fuzz
:
afl-fuzz -i path/to/inputs -o path/to/outputs -- prog [args @@]
You should collect your own seed inputs for the fuzzer.
Apply on a new language
To do
Video tutorial
Publication
One Engine to Fuzz ‘em All: Generic Language Processor Testing with Semantic Validation
Yongheng Chen, Rui Zhong(co-first author), Hong Hu, Hangfan Zhang, Yupeng Yang, Dinghao Wu and Wenke Lee.
In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland 2021).
Contact
Yongheng Chen: [email protected]
Rui Zhong: [email protected]
Hangfan Zhang: [email protected]
Yupeng Yang: [email protected]