DeepState provides a unified interface for C/C++ developers to leverage multiple fuzzing and symbolic execution engines. It allows users to write a single test harness with a Google Test-like API and execute it across various backends (e.g., AFL++, Manticore, angr, libFuzzer) without learning each engine's specifics, thereby simplifying and enhancing software testing and vulnerability discovery.

How It Works

DeepState acts as an abstraction layer over diverse fuzzing and symbolic execution tools. It enables parameterized unit testing where test data is generated by these backends. Its core advantage lies in its "write once, run anywhere" approach for test harnesses, allowing seamless switching between engines for benchmarking or bug finding. Novel features like "pumping" for selecting concrete values and automatic decomposition of integer comparisons aim to improve fuzzing effectiveness.

Quick Start & Requirements

• Install/Run: docker pull agroce/deepstate_examples_aflpp then docker run -it agroce/deepstate_examples_aflpp. Inside the container, navigate to an example directory (e.g., cd ~/examples/fuzz_tcas) and run deepstate-afl ./TCAS_AFL -o fuzz_afl --fuzzer_out --timeout 120.
• Prerequisites: Docker, GCC/G++ with multilib support (Linux), CMake, Python 3.6+, Z3 (for Manticore backend), Yices2 (Ubuntu). macOS support is in progress, with fuzzing working but symbolic execution requiring cross-compilation. ARM64 (Apple Silicon) is not supported due to lack of multilib compiler support.
• Setup: Docker build can take ~40 minutes.
• Docs: docs folder

Highlighted Details

• Supports multiple backends: Manticore, Angr, libFuzzer, AFL/AFL++, Eclipser, and file-based fuzzing.
• Enables API sequence testing and automatic test generation.
• Features automatic test case reduction for debugging.
• Includes "pumping" and integer compare decomposition for improved fuzzing efficiency.

Maintenance & Community

• Developed by Trail of Bits.
• Bounties offered for accepted PRs.
• Community discussion via #deepstate on Empire Hacking Slack.

Licensing & Compatibility

• Apache License 2.0.
• Permissive license suitable for commercial use and closed-source linking.

Limitations & Caveats

macOS symbolic execution requires painful cross-compilation. ARM64 architecture, including Apple Silicon, is not supported due to the absence of multilib compiler support.