VOLE is a tool for detecting common bug classes in program binaries. It leverages:
- angr for symbolic execution, control-flow graph (CFG) recovery, and intermediate representation (IR) lifting
- VEXIR2Vec to derive vector embeddings of IR
- Graph Convolutional Networks for classification
- NIST SARD Juliet as training data
- Linux/WSL (macOS and Windows are unsupported)
- Python 3.11+
- pip
Note
If you do not have a CUDA or ROCm compatible GPU, you can skip the NVIDIA/AMD requirements.
- Docker
- CUDA 12.9+ (NVIDIA GPUs)
- ROCm 6.4+ (AMD GPUs) - While ROCm may work, it is not officially supported. Only use if you have ROCm pre-installed.
python -m venv ./venv
source ./venv/bin/activatepython -m ensurepip
python -m pip install -r requirements.txt
python -m pip install -r requirements-nvidia.txt # (Optional) For NVIDIA GPUspython setup.pyNote
For consistency, a Dockerfile has been provided to compile the SARD test cases
From the root directory of the repository:
- (Optional) Build the Docker image with
docker build -t sard-env:latest . - Compile the target CWEs per CWE-ID by running:
a. Bare metal:
python src/make.py CWE<ID> data/SARDb. Docker:docker run -it --rm -v "$PWD":/usr/src/env -w /usr/src/env sard-env python3 src/make.py CWE<ID> data/SARD
- Before starting work, ensure your local repo is up to date!
- When assigned an issue, create a new branch for the issue by:
- Going to the "Development" tab
- Selecting "Create a branch"
- Clicking "Create branch"
- Checking out the new branch locally
- Do what you need to do
- Before pushing changes, run
ruff format .to format them (no ugly code, sorry)