GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → trailofbits → KRFAnalysis

trailofbits / KRFAnalysis

Licence: other
Collection of LLVM passes and triage tools for use with the KRF fuzzer

Programming Languages

LLVM
166 projects

Labels

llvmfuzzing

Projects that are alternatives of or similar to KRFAnalysis

Jfs
Constraint solver based on coverage-guided fuzzing
Stars: ✭ 215 (+726.92%)
Mutual labels:  llvm, fuzzing
crusher
No description or website provided.
Stars: ✭ 21 (-19.23%)
Mutual labels:  fuzzing
graph-llvm-ir
Visualization of LLVM IR
Stars: ✭ 43 (+65.38%)
Mutual labels:  llvm
libfuzzer-cov
Get actually nice HTML coverage overview on libfuzzer runs
Stars: ✭ 20 (-23.08%)
Mutual labels:  fuzzing
fuzzing
🐰 Tool set for fuzz and stress testing your functions!
Stars: ✭ 22 (-15.38%)
Mutual labels:  fuzzing
llvm-brainfuck
Brainfuck compiler based on LLVM API
Stars: ✭ 27 (+3.85%)
Mutual labels:  llvm
ManuFuzzer
Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM
Stars: ✭ 118 (+353.85%)
Mutual labels:  fuzzing
clusterfuzzlite
ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
Stars: ✭ 315 (+1111.54%)
Mutual labels:  fuzzing
papers-as-modules
Software Papers as Software Modules: Towards a Culture of Reusable Results
Stars: ✭ 18 (-30.77%)
Mutual labels:  fuzzing
dmr c
dmr_C is a C parser and JIT compiler with LLVM, Eclipse OMR and NanoJIT backends
Stars: ✭ 45 (+73.08%)
Mutual labels:  llvm
VxFuzz
Some VxWorks fuzzing examples using Cisco-Kitty and WDBDbg framework
Stars: ✭ 16 (-38.46%)
Mutual labels:  fuzzing
fuzzing
Easy fuzzing with go-fuzz
Stars: ✭ 15 (-42.31%)
Mutual labels:  fuzzing
progge.rs
Program analysis playground for a simple, imperative language
Stars: ✭ 29 (+11.54%)
Mutual labels:  llvm
snowstar
Here lies the code for the Snow* programming language, currently being rewritten.
Stars: ✭ 31 (+19.23%)
Mutual labels:  llvm
libebpf
Experiemental userspace eBPF library
Stars: ✭ 14 (-46.15%)
Mutual labels:  llvm
llvm-project-prepo
Fork of LLVM with modifications to support a program repository
Stars: ✭ 27 (+3.85%)
Mutual labels:  llvm
llvm-svn
Arch Linux PKGBUILD for LLVM, Clang et al. (latest SVN code)
Stars: ✭ 18 (-30.77%)
Mutual labels:  llvm
qcc
qcc is a small toy C compiler
Stars: ✭ 37 (+42.31%)
Mutual labels:  llvm
bl
Simple imperative programming language created for fun.
Stars: ✭ 57 (+119.23%)
Mutual labels:  llvm
AliveInLean
Formally verified implementation of Alive in Lean
Stars: ✭ 30 (+15.38%)
Mutual labels:  llvm
View All Similar Projects ➔

KRFAnalysis

Build Status

KRFAnalysis contains an LLVM pass and related scipts that test potential vulnerability to the tool KRF by checking whether the result of a syscall is checked for errors.

It runs through opt on LLVM IR files (.bc)

What?

An LLVM Pass runs on the LLVM IR and can do analysis, transformations, and optimizations. In our case, we attempt to analyze when the results of syscalls are used.

LLVM Passes have several benefits:

  • Works on any platform (since IR is platform agnostic)
  • Works with Go, C, C++, and Rust
  • Extremely rich capability for static analysis

But also some downsides:

  • Need to have the IR bytecode, which effectively means you must have the source code
  • Only works with Go, C, C++, and Rust
  • LLVM has a somewhat steep learning curve

Setup

Docker

Docker is recommended, since it makes the setup and build process easier.

git clone https://github.com/trailofbits/KRFAnalysis && cd KRFAnalysis
docker build . -t krf
docker run -it krf

Not docker

First, you needs to install the dependencies including cmake, llvm, llvm-dev, and python3.7
Then, run the following commands to clone and build the repository, which will generate a libLLVMKRF.so file.

git clone https://github.com/trailofbits/KRFAnalysis && cd KRFAnalysis
mkdir build && cd build
cmake ../
cmake --build .

Usage

The LLVM pass runs through opt (which may be opt-6.0 or whatever version of llvm you have).

To analyze the file file.bc and output human readable text into the file output.txt, you would run:

opt -load path/to/libLLVMKRF.so -KRF -disable-output -krf-output output.txt file.bc

To analyze the file file.bc and output JSON into the file pass_output.json, you would run:

opt -load path/to/libLLVMKRF.so -KRF -disable-output -krf-output pass_output.json -krf-json file.bc

If -krf-output is not specified, the output will default to krfpass.out

After creating JSON output, it can be further analyzed and triaged by the triage script:

python3 triage/triage.py pass_output.json # Outputs human readable triaged information
python3 triage/triage.py -json pass_output.json # Outputs JSON
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].