Command-Line Interface
Revizor can run in one of multiple "modes":
- Fuzzing mode is revizor's main form of execution. It's what invokes all components of revizor's architecture to enable hardware fuzzing.
- Analysis mode invokes the analyser to compare existing contract traces and hardware traces.
- Minimize mode accepts a test case and attempts to minimize its size. It acts as a "watered-down" version of fuzzing mode that focuses solely on a single test case.
To select a mode on the command-line, begin your command with:
rvzr MODE # ... arguments go here
# Where MODE can be:
# fuzz for fuzzing mode
# analyse for analysis mode
# minimize for test case minimization mode
Fuzzing Mode
The following command-line arguments are supported in fuzz
mode:
-s
/--instruction-set
- accepts a path to an XML file specifying the instruction set revizor should use.-c
/--config
- accepts a path to a YAML configuration file for revizor.-n
/--num-test-cases
- accepts an integer specifying the number of test cases to create and test during the fuzzing campaign.-i
/--num-inputs
- accepts an integer specifying the number of inputs to generate for each test case (which corresponds to the number of contract traces to collect).-w
/--working-directory
- accepts a path to a directory into which revizor will place its output files during the campaign.-t
/--testcase
- accepts a path to an existing test case for the fuzzer to run. (Revizor will only run this test case if this is specified.)--timeout
- accepts an integer specifying the number of seconds to run the fuzzer. Once the timeout has been reached, fuzzing will cease.--nonstop
- if enabled, this keeps the fuzzer running after it encounters a violation. (Otherwise, if it's not specified, revizor will stop after the first violation is found.)
Analysis Mode
The following command-line arguments are supported in analyse
mode:
--ctraces
- accepts a path to a file containing contract traces.--htraces
- accepts a path to a file containing hardware traces.-c
/--config
- accepts a path to a YAML configuration file for revizor.
Minimize Mode
The following command-line arguments are support in minimize
mode:
-i
/--infile
- accepts a path to the test case revizor will attempt to minimize.-o
/--outfile
- accepts a path specifying where the minimized version of the original test case will be written to.-c
/--config
- accepts a path to a YAML configuration file for revizor.-n
/--num-inputs
- accepts an integer specifying the number of inputs to try for the test case.-f
/--add-fences
- if enabled, revizor will add as manyLFENCE
instructions as possible to the test case's assembly code while still preserving the violation-inducing behavior.-s
/--instruction-set
- accepts a path to an XML file specifying the instruction set revizor should use.