... | ... | @@ -9,10 +9,22 @@ Welcome to **ZAFL**: a project to extend compiler-quality instrumentation speed |
|
|
<tr><td><b>License:</b></td><td><a href="https://git.zephyr-software.com/opensrc/zafl/-/blob/master/LICENSE">BSD 3-Clause License</a></td></tr>
|
|
|
<tr><td><b>Disclaimer:</b></td><td><i>This software is provided as-is with no warranty.</i></td></tr></table>
|
|
|
|
|
|
## Demonstration
|
|
|
Below is a short [video demonstration](ZAFL Video) highlighting ZAFL's ease-of-use and application in a DevOps pipeline:
|
|
|
## Video Demonstrations
|
|
|
Below are video links to **(1)** a demo of ZAFL's ease-of-use in DevSecOps and **(2)** our USENIX Security paper talk:
|
|
|
|
|
|
[![ZAFL-binary-fuzzing](uploads/video_preview.png)](http://www.youtube.com/watch?v=8ZIMTfWP3vg "ZAFL binary fuzzing")
|
|
|
[![ZAFL-demo](http://img.youtube.com/vi/8ZIMTfWP3vg/0.jpg)](http://www.youtube.com/watch?v=8ZIMTfWP3vg "ZAFL demo video")
|
|
|
[![ZAFL-talk](http://img.youtube.com/vi/8Z-5aTpk_l0/0.jpg)](https://www.youtube.com/watch?v=8Z-5aTpk_l0 "ZAFL paper talk")
|
|
|
|
|
|
## FuzzBench Results
|
|
|
Below shows ZAFL's performance on Google's FuzzBench compared to:
|
|
|
* *Source*-instrumented **AFLPlusPlus** (with CmpLog and Dictionary enhancements)
|
|
|
* *Source*-instrumented **AFLPlusPlus-tracepc** (no enhancements)
|
|
|
* *Binary*-instrumented **AFLPlusPlus-QEMU** (with CmpLog and Dictionary enhancements)
|
|
|
* *Binary*-instrumented **AFLPlusPlus-QEMU-tracepc** (no enhancements)
|
|
|
|
|
|
[![FuzzBench-results](https://www.fuzzbench.com/reports/experimental/2021-10-29/experiment_critical_difference_plot.svg)](https://www.fuzzbench.com/reports/experimental/2021-10-29/index.html "ZAFL FuzzBench results")
|
|
|
|
|
|
Overall, ZAFL peforms on-par with state-of-the-art source-level instrumentation while beating the leading QEMU-based instrumentation (even with enhancements)!
|
|
|
|
|
|
## Fuzzing-enhancing Binary Transformations
|
|
|
ZAFL facilitates *binary-level* reimplementations of the many transformations successful among the open-source fuzzing world. Some built-in examples:
|
... | ... | |