Update Readme.md

Readme.md

@@ -36,13 +36,13 @@ cd llvm_mode
 make clean all
 popd
 ```
-4) Download subject (<a href="http://www.darwinsys.com/file/" target="_blank">file</a>-utility)
+4) Download subject (e.g., <a href="http://xmlsoft.org/" target="_blank">libxml2</a>)
 ```bash
 # Clone subject repository
-git clone https://github.com/file/file.git
-export SUBJECT=$PWD/file
+git clone git://git.gnome.org/libxml2
+export SUBJECT=$PWD/libxml2
 ```
-5) Set targets (changed statements in commit <a href="https://github.com/file/file/commit/69928a2" target="_blank">69928a2</a>). Writes BBtargets.txt.
+5) Set targets (e.g., changed statements in commit <a href="https://git.gnome.org/browse/libxml2/commit/?id=ef709ce2" target="_blank">ef709ce2</a>). Writes BBtargets.txt.
 ```bash
 # Setup directory containing all temporary files
 mkdir temp
@@ -53,9 +53,9 @@ wget https://raw.githubusercontent.com/jay/showlinenum/develop/showlinenum.awk
 chmod +x showlinenum.awk
 mv showlinenum.awk $TMP_DIR
 
-# Generate BBtargets from commit 69928a2
+# Generate BBtargets from commit ef709ce2
 pushd $SUBJECT
-  git checkout 69928a2
+  git checkout ef709ce2
   git diff -U0 HEAD^ HEAD > $TMP_DIR/commit.diff
 popd
 cat $TMP_DIR/commit.diff |  $TMP_DIR/showlinenum.awk show_header=0 path=1 | grep -e "\.[ch]:[0-9]*:+" -e "\.cpp:[0-9]*:+" -e "\.cc:[0-9]*:+" | cut -d+ -f1 | rev | cut -c2- | rev > $TMP_DIR/BBtargets.txt
@@ -65,7 +65,7 @@ echo "Targets:"
 cat $TMP_DIR/BBtargets.txt
 ```
 6) **Note**: If there are no targets, there is nothing to instrument!
-7) Generate CG and intra-procedural CFGs from subject (file-utility).
+7) Generate CG and intra-procedural CFGs from subject (i.e., libxml2).
 ```bash
 # Set aflgo-instrumenter
 export CC=$AFLGO/afl-clang-fast
@@ -78,16 +78,14 @@ export ADDITIONAL="-targets=$TMP_DIR/BBtargets.txt -outdir=$TMP_DIR -flto -fuse-
 export CFLAGS="$CFLAGS $ADDITIONAL"
 export CXXFLAGS="$CXXFLAGS $ADDITIONAL"
 
-# Build file-utility (in order to generate CG and CFGs)
+# Build libxml2 (in order to generate CG and CFGs)
 pushd $SUBJECT
-  autoreconf -i
-  ./configure --enable-static
-  make V=1 all -j$(nproc)
+  ./autogen.sh
+  ./configure 
+  make -j$(nproc) clean
+  make -j$(nproc) all
 popd
 
-# Test whether build was successful 
-$SUBJECT/src/file -m $SUBJECT/magic/magic.mgc $SUBJECT/src/file
-
 # Test whether CG/CFG extraction was successful
 ls $TMP_DIR/dot-files
 echo "Function targets"
@@ -104,25 +102,20 @@ $AFLGO/scripts/genDistance.sh $SUBJECT/src $TMP_DIR file
 tail $TMP_DIR/distance.cfg.txt
 ```
 8) Note: If `distance.cfg.txt` is empty, there was some problem computing the CG-level and BB-level target distance. See `$TMP_DIR/step*`.
-9) Instrument subject (file-utility)
+9) Instrument subject (i.e., libxml2)
 ```bash
 export CFLAGS="$COPY_CFLAGS -distance=$TMP_DIR/distance.cfg.txt"
 export CXXFLAGS="$COPY_CXXFLAGS -distance=$TMP_DIR/distance.cfg.txt"
 pushd $SUBJECT
-  make clean all -j$(nproc)
+  make -j$(nproc) clean
+  make -j$(nproc) all
 popd
 ```
 
 # How to fuzz the instrumented binary
 * We set the exponential annealing-based power schedule (-z exp).
 * We set the time-to-exploitation to 45min (-c 45m), assuming the fuzzer is run for about an hour.
 ```bash
-# Prepare seed corpus for file-utility
-mkdir in
-find $AFLGO/testcases/ -type f -exec cp {} in \;
-
-# Start fuzzer
-$AFLGO/afl-fuzz -d -i in -o out -m none -z exp -c 45m \
-       $SUBJECT/src/file -m $SUBJECT/magic.mgc @@
+To be continued ..
 ```