This repository contains the artifact for the ASPLOS’25 paper:
Sishuai Gong, Rui Wang, Deniz Altınbüken, Pedro Fonseca, Petros Maniatis, “Snowplow: Effective Kernel Fuzzing with a Learned White-box Test Mutator”.
The following instructions have been tested on an Ubuntu 20.04 virtual machine.
Getting started
Compile the fuzzer
The syzkaller/ directory contains Snowplow’s fuzzer implementation, which is based on Syzkaller.
To compile the fuzzer, follow these steps:
$ cd syzkaller/
$ go version
# go version go1.21.3 linux/amd64
$ make
Once compiled, the fuzzer binaries will be available in syzkaller/bin/.
Compile the target kernel
Follow the instructions in the official Syzkaller repo to compile the target kernel.
For convenience, we provide an example configuration as a reference.
Once the kernel is compiled, set the environment variable BZIMAGE_PATH to the path of the kernel bzImage.
Perform static analysis on the compiled kernel
Follow the instructions under ./scripts/kernel-analysis/ to perform static analysis on the compiled kernel binary.
Copy the output files and the file ./prerequisite/kernel/asm-token-dict to a designated folder.
Set the environment variable KERNEL_ANALYSIS_PATH to point to that folder.
Prepare the VM image
Follow the instructions to prepare a VM image.
Then, configure the following environment variables:
VM_IMAGE_PATH: Path to the VM image
VM_KEY_PATH: Path to the VM SSH key
Set up the inference environment
Please refer to the conda configuration file to set up the inference environment.
Start the model inference service
On the inference machine, follow these steps to start the inference service:
This repository contains the artifact for the ASPLOS’25 paper:
Sishuai Gong, Rui Wang, Deniz Altınbüken, Pedro Fonseca, Petros Maniatis, “Snowplow: Effective Kernel Fuzzing with a Learned White-box Test Mutator”.
The following instructions have been tested on an Ubuntu 20.04 virtual machine.
Getting started
Compile the fuzzer
The
syzkaller/directory contains Snowplow’s fuzzer implementation, which is based on Syzkaller. To compile the fuzzer, follow these steps:Once compiled, the fuzzer binaries will be available in
syzkaller/bin/.Compile the target kernel
Follow the instructions in the official Syzkaller repo to compile the target kernel.
For convenience, we provide an example configuration as a reference. Once the kernel is compiled, set the environment variable
BZIMAGE_PATHto the path of the kernel bzImage.Perform static analysis on the compiled kernel
./scripts/kernel-analysis/to perform static analysis on the compiled kernel binary../prerequisite/kernel/asm-token-dictto a designated folder.KERNEL_ANALYSIS_PATHto point to that folder.Prepare the VM image
Follow the instructions to prepare a VM image. Then, configure the following environment variables:
Set up the inference environment
Please refer to the conda configuration file to set up the inference environment.
Start the model inference service
On the inference machine, follow these steps to start the inference service:
Set the environment variable
INFERENCE_SERVER_IPto the internal IP of the inference machine.Run the fuzzer
On the fuzzer machine, follow these steps to start testing the kernel.
Create the fuzzer configuration file
The fuzzer requires a JSON configuration file, which should follow the structure below:
Start the fuzzer
Execute the following command to start the fuzzer: