PMFuzz is a testcase generation tool to generate high-value tests cases for PM testing tools (XFDetector, PMDebugger, PMTest and Pmemcheck)
If you find PMFuzz useful in your research, please cite:
Sihang Liu, Suyash Mahar, Baishakhi Ray, and Samira Khan
PMFuzz: Test Case Generation for Persistent Memory Programs
The International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2021
Valgrind is an instrumentation framework for building dynamic analysis tools. There are Valgrind tools that can automatically detect many memory management and threading bugs, and profile your programs in detail. You can also use Valgrind to build new tools. The Valgrind distribution currently includes seven production-quality tools: a memory. Discover how to setup and test Redis, the famous open source key-value in-memory database in less than 30 seconds!
BibTex
Tsung is an open-source, multi-protocol distributed load testing tool. Can monitor a client's CPU, memory, and network traffic; It has an HTTP recorder; Includes HTML reports and graphs; Support protocols like HTTP, XMPP, LDAP, etc. It currently has 2.1k stars on GitHub. Siege is a command-line HTTP load testing and benchmarking. Description: Zabbix is an open source monitoring tool suite that includes network monitoring. The network monitoring capabilties of Zabbix includes performance metric analysis, such as bandwidth usage, packet loss, and CPU/memory utilization. It can also detect network node and connection health problems by checking for devices in critical.
Dependencies
PMFuzz was tested using the following environment configuration, other versions may work:
- Ubuntu 18.04
- NDCTL v64 or higher
- libunwind (
libunwind-dev
) - libini-config (
libini-config-dev
) - Python 3.8
- GNUMake >= 3.82
- Kernel version 5.4
- Anaconda or virtualenv (recommended)
For compiling documentation:
- doxygen
- pdflatex
- doxypypy
Compiling PMFuzz
Build PMFuzz and AFL
Install PMFuzz
Now, pmfuzz-fuzz should be available as an executable:
The following man pages are also installed:
To uninstall PMFuzz, run the following command:
Compiling PMFuzz Docker image
PMFuzz also comes with a docker file to automatically configure and install pmfuzz. To build the image, run the following command from the root of the repository:
docker build -t pmfuzz-v0.9 .
The raw dockerfile is also available here: /Dockerfile.
Using PMFuzz
After installing PMFuzz, use annotations by including the PMFuzz header file:
#include 'pmfuzz/pmfuzz.h' int main() { printf('PMFuzz version: %sn', pmfuzz_version_str); }
The program would then have to be linked with either libpmfuzz or libfakepmfuzz. e.g.,
example: example.o $(CXX) -o [email protected] $< -lfakepmfuzz # or -lpmfuzz
To compile a program linked with libpmfuzz
, you'd need to use PMFuzz's AFL++ version of gcc/clang. Check build/bin
after building PMFuzz.
For debugging, libfakepmfuzz
exports the same interface but no actual tracking mechanism, allowing it to compile with any C/C++ compiler.
An example program is available in src/example. The original ASPLOS 2021 artifact is available at https://github.com/Systems-ShiftLab/pmfuzz_asplos21_ae.
libpmfuzz
API is available at docs/libpmfuzz.7.md
Compiling Documentation
Run make docs
from the root, and all the documentation will be linked in the docs/
directory.
Some man pages are available as markdown formatted files:
Running custom configuration
PMFuzz uses a YML based configuration to set different parameters for fuzzing, to write a custom configuration, please follow one of the existing examples in src/pmfuzz/configs/examples/ directory.
More information on PMFuzz's syntax is here.
Modifying PMFuzz
PMFuzz was written in a modular way allowing part of PMFuzz's components to be swapped with something that has the same interface. If you have a question please open a new issue or a discussion.
Other useful information
Env variables
NOTE: If a variable doesn't have a possible value next to it, that variable would be enabled by setting it to any non-empty value (including 0
).
USE_FAKE_MMAP
=(0,1): Enables fake mmap which mounts an image in the volaile memory.PMEM_MMAP_HINT
=: Address of the mount point of the pool.
ENABLE_CNST_IMG
=(0,1): Disables default PMDK's behaviour that generates non-identical images for same input.FI_MODE
=(|IMG_GEN|IMG_REP)
: See libpmfuzz.cFAILURE_LIST
=: See libpmfuzz.c
PMFUZZ_DEBUG
=(0,1): Enables debug output from libpmfuzzENABLE_PM_PATH
: Enables deep paths in PMFuzzGEN_ALL_CS
: Partially disables the probabilistic generation of crash sites and more of them are generated fromlibpmfuzz.c
IMG_CREAT_FINJ
: Disables the probabilistic generation of crash sites and all of them are generated fromlibpmfuzz.c
PMFUZZ_SKIP_TC_CHECK
: Disable testcase size check in AFL++PRIMITIVE_BASELINE_MODE
: Makes workload delete image on start if the pool exists
Adding git hook for development
Memory Test Open Source Download
Following command adds a pre-commit hook to check if the tests pass:
git config --local core.hooksPath .githooks/
Reasons for Common errors
1. FileNotFoundError for instance's pid file
Raised when AFL cannot bind to a free core or no core is free.
2. Random tar command failed
Check if no free disk space is left on the device
3. shmget (2): No space left on device
Run:
Warning: This removes all user owned shared memory segments, don't run with superuser privilege or on a machine with other critical applications running.
Licensing
Open Source Memory Test
PMFuzz is licensed under BSD-3-clause except noted otherwise.
Memory Test Open Source Games
PMFuzz uses of the following open-source software:
- Preeny (license)
Preeny was modified to fix a bug in desock. All changes are contained in vendor/pathes/preeny_path - AFL++ (license)
AFL++ was modified to include support for persistent memory tracking for PMFuzz.