Incorrect valid basic blocks PLC #2
Comments
|
Hi @cboyce376, Thanks for reaching out. Indeed, the stm-plc sample had some issue regarding naming conventions, it may be that we generated the valid bb files for the wrong binary. We will investigate this and, if required, revalidate the according queues. Thank you so much for making us aware of this potential issue! |
|
Hi again @cboyce376, We followed up on your observation and indeed, we used a wrong valid_bb files. We updated the bb_files and experiments, and regenerated the according .data files. The new coverage plot for p2im_plc looks as follows: While your expectation for fuzzware is matched, this seems not the case for HALucinator. Can you tell us how you estimate ~700 bbs in coverage for HALucinator? Either way, we plan to update the paper and include the new data before final publication at USENIX Security'23. Is there any preferred way we can acknowledge you in the paper for making us aware of the issue (e.g., nickname, github handle, or real name)? Thank you again! |
|
Hi @mariusmue, I was looking at the HALucinator & Fuzzware papers to get an estimate of coverage, but I misread the HALucinator paper as running the P2IM PLC, not the STM PLC binary. Im happy for you to acknowledge me as Chris Boyce. Thanks, |
Hi,
It appears that the valid basic block list for the P2IM_PLC binary isn't correct as it missed many functions in the binary. I would expect the blocks reached to be ~500 blocks for fuzzware and ~700 for HALucinator. I believe that this will also effect figure 3 in the paper.
Thanks,
Chris
The text was updated successfully, but these errors were encountered: