PMFuzz
PMFuzz is a testcase generation tool to generate high-value tests cases for PM testing tools (XFDetector, PMDebugger, PMTest and Pmemcheck)
If you find PMFuzz useful in your research, please cite:
Sihang Liu, Suyash Mahar, Baishakhi Ray, and Samira Khan
PMFuzz: Test Case Generation for Persistent Memory Programs
The International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2021
BibTex
Dependencies
PMFuzz was tested using the following environment configuration, other versions may work:
- Ubuntu 18.04
- NDCTL v64 or higher
- libunwind (
libunwind-dev
) - libini-config (
libini-config-dev
) - Python 3.8
- GNUMake >= 3.82
- Kernel version 5.4
- Anaconda or virtualenv (recommended)
For compiling documentation:
- doxygen
- pdflatex
- doxypypy
Compiling PMFuzz
Build PMFuzz and AFL
make -j $(nproc --all)
Install PMFuzz
sudo make install
Now, pmfuzz-fuzz should be available as an executable:
pmfuzz-fuzz --help
The following man pages are also installed:
man 1 pmfuzz-fuzz
man 7 libpmfuzz
man 7 libfakepmfuzz
To uninstall PMFuzz, run the following command:
sudo make uninstall
Compiling PMFuzz Docker image
PMFuzz also comes with a docker file to automatically configure and install pmfuzz. To build the image, run the following command from the root of the repository:
docker build -t pmfuzz-v0.9 .
The raw dockerfile is also available here: /Dockerfile.
Using PMFuzz
After installing PMFuzz, use annotations by including the PMFuzz header file:
#include "pmfuzz/pmfuzz.h" int main() { printf("PMFuzz version: %s\n", pmfuzz_version_str); }
The program would then have to be linked with either libpmfuzz or libfakepmfuzz. e.g.,
example: example.o $(CXX) -o $@ $< -lfakepmfuzz # or -lpmfuzz
To compile a program linked with libpmfuzz
, you'd need to use PMFuzz's AFL++ version of gcc/clang. Check build/bin
after building PMFuzz.
For debugging, libfakepmfuzz
exports the same interface but no actual tracking mechanism, allowing it to compile with any C/C++ compiler.
An example program is available in src/example. The original ASPLOS 2021 artifact is available at https://github.com/Systems-ShiftLab/pmfuzz_asplos21_ae.
libpmfuzz
API is available at docs/libpmfuzz.7.md
Compiling Documentation
Run make docs
from the root, and all the documentation will be linked in the docs/
directory.
Some man pages are available as markdown formatted files:
Running custom configuration
PMFuzz uses a YML based configuration to set different parameters for fuzzing, to write a custom configuration, please follow one of the existing examples in src/pmfuzz/configs/examples/ directory.
More information on PMFuzz's syntax is here.
Modifying PMFuzz
PMFuzz was written in a modular way allowing part of PMFuzz's components to be swapped with something that has the same interface. If you have a question please open a new issue or a discussion.
Other useful information
Env variables
NOTE: If a variable doesn't have a possible value next to it, that variable would be enabled by setting it to any non-empty value (including 0
).
USE_FAKE_MMAP
=(0,1): Enables fake mmap which mounts an image in the volaile memory.PMEM_MMAP_HINT
=<addr>
: Address of the mount point of the pool.ENABLE_CNST_IMG
=(0,1): Disables default PMDK's behaviour that generates non-identical images for same input.FI_MODE
=(<empty or unset>|IMG_GEN|IMG_REP)
: See libpmfuzz.cFAILURE_LIST
=<path-to-output-file>
: See libpmfuzz.cPMFUZZ_DEBUG
=(0,1): Enables debug output from libpmfuzzENABLE_PM_PATH
: Enables deep paths in PMFuzzGEN_ALL_CS
: Partially disables the probabilistic generation of crash sites and more of them are generated fromlibpmfuzz.c
IMG_CREAT_FINJ
: Disables the probabilistic generation of crash sites and all of them are generated fromlibpmfuzz.c
PMFUZZ_SKIP_TC_CHECK
: Disable testcase size check in AFL++PRIMITIVE_BASELINE_MODE
: Makes workload delete image on start if the pool exists
Adding git hook for development
Following command adds a pre-commit hook to check if the tests pass:
git config --local core.hooksPath .githooks/
Reasons for Common errors
1. FileNotFoundError for instance's pid file
Raised when AFL cannot bind to a free core or no core is free.
2. Random tar command failed
Check if no free disk space is left on the device
3. shmget (2): No space left on device
Run:
ipcrm -a
Warning: This removes all user owned shared memory segments, don't run with superuser privilege or on a machine with other critical applications running.
Licensing
PMFuzz is licensed under BSD-3-clause except noted otherwise.
PMFuzz uses of the following open-source software:
- Preeny (license)
Preeny was modified to fix a bug in desock. All changes are contained in vendor/pathes/preeny_path - AFL++ (license)
AFL++ was modified to include support for persistent memory tracking for PMFuzz.