Skip to content

Python implementation of LLM Agent-based fuzz-driver generation

License

Notifications You must be signed in to change notification settings

revsic/agent-fuzz

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

agent-fuzz

Python implementation of LLM Agent-based fuzz-driver generation

Usage

For mac

brew install universal-ctags
brew install global
brew install llvm
brew install graphviz

For Ubuntu

sudo apt-get install -y global universal-ctags graphviz llvm

Install the agentfuzz

git clone https://github.com/revsic/agent-fuzz
cd agent-fuzz && pip install .

Prepare the project, reference sample benchmark/cjson/build script.

cd benchmark/cjson
bash build.sh
# project structure
# | workspace
#   | src (required)
#     | cJSON (repo)
#   | build
#   | lib (required)
#     | libcjson.a
#   | include (optional)
#     | cJSON.h
#   | corpus (optional)
#   | dict (optional)
#     | json.dict

Run the agentic harness generator, reference sample benchmark/cjson/config

cd benchmark/cjson
OPENAI_API_KEY=$YOUR_API_KEY_HERE python -m agentfuzz \
    --language c/cpp \
    --workdir workspace/agentfuzz \
    --config config.yaml

Run the benchmarks.

cd experiments
# cjson
OPENAI_API_KEY=$YOUR_API_KEY_HERE python -m agent.py --target=cjson
# libpcap
OPENAI_API_KEY=$YOUR_API_KEY_HERE python -m agent.py --target=libpcap

Roadmap

OSS-Fuzz Build Script supports

Benchmark

  • cJSON
  • libpcap
  • libxml2
  • libtiff
  • libaom
  • zlib
  • c-ares
  • lcms

Fuzz-driver generation loop

Static analysis

  • Clang AST parser supports
  • Collect API function/type gadgets
  • Infer input constraints
  • Literal analysis, FDP supports
  • Critical path extraction

Dynamic analysis

  • Compile the harness
  • Run the fuzzer
  • Compute the branch coverage

FP Elimination

  • Runtime fuzzing validation: 60sec for cov growth, 600sec for corpus pool
  • Runtime coverapge validation: critical path check
  • Corpus reusage

Agentic Fuzz-driver generation

  • Initial generation pipeline
  • Energy measure supports (ref:PromptFuzz)
  • Density measure supports
  • API scheduler
  • Fuzzer-run / harness-generation scheduler
  • Agentic fuzz-driver generation
  • State load and dump supports
  • Fuzzer fuser
  • Multiprocessing Support

About

Python implementation of LLM Agent-based fuzz-driver generation

Resources

License

Stars

Watchers

Forks

Packages

No packages published