Python implementation of LLM Agent-based fuzz-driver generation
For mac
brew install universal-ctags
brew install global
brew install llvm
brew install graphvizFor Ubuntu
sudo apt-get install -y global universal-ctags graphviz llvmInstall the agentfuzz
git clone https://github.com/revsic/agent-fuzz
cd agent-fuzz && pip install .Prepare the project, reference sample benchmark/cjson/build script.
cd benchmark/cjson
bash build.sh
# project structure
# | workspace
# | src (required)
# | cJSON (repo)
# | build
# | lib (required)
# | libcjson.a
# | include (optional)
# | cJSON.h
# | corpus (optional)
# | dict (optional)
# | json.dictRun the agentic harness generator, reference sample benchmark/cjson/config
cd benchmark/cjson
OPENAI_API_KEY=$YOUR_API_KEY_HERE python -m agentfuzz \
--language c/cpp \
--workdir workspace/agentfuzz \
--config config.yamlRun the benchmarks.
cd experiments
# cjson
OPENAI_API_KEY=$YOUR_API_KEY_HERE python -m agent.py --target=cjson
# libpcap
OPENAI_API_KEY=$YOUR_API_KEY_HERE python -m agent.py --target=libpcapBenchmark
- cJSON
- libpcap
- libxml2
- libtiff
- libaom
- zlib
- c-ares
- lcms
Static analysis
- Clang AST parser supports
- Collect API function/type gadgets
- Infer input constraints
- Literal analysis, FDP supports
- Critical path extraction
Dynamic analysis
- Compile the harness
- Run the fuzzer
- Compute the branch coverage
FP Elimination
- Runtime fuzzing validation: 60sec for cov growth, 600sec for corpus pool
- Runtime coverapge validation: critical path check
- Corpus reusage
Agentic Fuzz-driver generation
- Initial generation pipeline
- Energy measure supports (ref:PromptFuzz)
- Density measure supports
- API scheduler
- Fuzzer-run / harness-generation scheduler
- Agentic fuzz-driver generation
- State load and dump supports
- Fuzzer fuser
- Multiprocessing Support