Thanks, Jakob. With the usage slice, the idea I had in mind was to identify hotspots and then find the test coverage to determine any gaps. With the dataflow slice, precompute paths based on criteria, such as usage of a certain memory or Unicode operation, and then guide the fuzzer to test those particular flows.
I will spend more time with the codebase to produce a working poc and come back with an update. Best, Prabhu > On 11 Sep 2023, at 15:50, Jakob Kummerow <jkumme...@chromium.org> wrote: > > On Sun, Sep 10, 2023 at 2:06 PM Prabhu Subramanian <pra...@appthreat.dev > <mailto:pra...@appthreat.dev>> wrote: >> Hello, >> >> I am a newbie here. Apologies if this is not the right group for the below >> message. >> >> I am one of the developers of a static program analysis/slicer tool called >> atom (Apache-2.0). Atom uses the popular joern library (which internally >> uses Eclipse CDT for c/c++). >> >> https://github.com/AppThreat/atom >> >> With atom, it is possible to generate an intermediate representation for a >> project and then slice it into two modes - usages and data-flow. This is >> discussed in the below document. >> >> https://github.com/AppThreat/atom/blob/main/specification/docs/slices.md >> >> We recently improved the performance of generating atom to support large >> code bases like v8. It is possible to produce the usages slice in around 18 >> minutes using the below commands. >> >> ## Prerequisites >> >> Ensure java >= 17 is installed >> Download atom from https://github.com/AppThreat/atom/releases >> >> ```shell >> >> unzip atom.zip >> cd atom-1.0.0/bin >> >> ./atom -J-Xms40g -J-Xmx40g usages --slice-outfile usages.json -o app.atom >> --language c <path to v8>/src >> ``` >> >> ## Proposal >> >> The information in the usages slice, such as locations, signature, and type >> can be used to improve testing and fuzzing of projects like v8. > > Can you be a bit more specific? How exactly can this information be used for > better testing or fuzzing? > >> I am unsure if this is an area actively explored here, > > It certainly is. > >> but we would love to discuss further if this is useful. > > Note that a lot of the "interesting" things that V8 does have to do with JIT > code generation and custom heap management, so usually tools that rely on C++ > code analysis can only gain very limited insight into everything that's > happening. > If you believe that your analysis tool does provide useful input for fuzzers, > then one thing you could do is run your own fuzzer over V8, and submit any > relevant issues it discovers to the Chrome VRP > <https://bughunters.google.com/about/rules/5745167867576320/chrome-vulnerability-reward-program-rules> > to make it worth your while. > >> The link below is a gzipped version of the usages slice json generated today >> for convenience. >> >> https://github.com/AppThreat/atom/files/12568103/usages.json.tar.gz >> >> Best, >> Prabhu >> >> >> -- > > > -- > -- > v8-dev mailing list > v8-dev@googlegroups.com <mailto:v8-dev@googlegroups.com> > http://groups.google.com/group/v8-dev > --- > You received this message because you are subscribed to a topic in the Google > Groups "v8-dev" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/v8-dev/R6K9I5yEiYc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > v8-dev+unsubscr...@googlegroups.com > <mailto:v8-dev+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/v8-dev/CAKSzg3SMce0ocOT5H5AqKwqQ7ybh6hnt89e95o08z%2BY8hNji%2BA%40mail.gmail.com > > <https://groups.google.com/d/msgid/v8-dev/CAKSzg3SMce0ocOT5H5AqKwqQ7ybh6hnt89e95o08z%2BY8hNji%2BA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/B93265D7-4D0B-4669-895F-7B73135D6FF0%40appthreat.dev.
