From 78e1c152c52e9d3266006a11b81d9d1a69348d90 Mon Sep 17 00:00:00 2001
From: Kelly Kaoudis <kelly.kaoudis@trailofbits.com>
Date: Wed, 21 Aug 2024 16:41:10 -0400
Subject: [PATCH 1/8] adds currently known publications and public use cases to
 the README

---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
index 988acd9d..53732ff7 100644
--- a/README.md
+++ b/README.md
@@ -324,6 +324,24 @@ source file. This is most common when instrumenting compression and
 cryptographic algorithms that have large block sizes. There are a number of
 mitigations for this behavior currently being researched and developed.
 
+## Publications and Current Use Cases
+Here are some of the publicly available things we've done with PolyTracker. If you know of anything else you'd like to see listed here, please let us know!
+
+- The [Format Analysis Workbench](https://github.com/galoisinc/faw) integrates several key PolyTracker features, namely grammar extraction and blind spot detection.
+- Harmon, Carson, Bradford Larsen, and Evan A. Sultanik. "[Toward automated grammar extraction via semantic labeling of parser implementations.](https://bradfordlarsen.com/files/publications/semantic-labeling-langsec-2020.pdf)" 
+2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
+We used PolyTracker traces to automatically extract grammars from instrumented programs.
+- Brodin, Henrik, Marek Surovič, and Evan Sultanik. "[Blind spots: Identifying exploitable program inputs.](https://langsec.org/spw23/papers/Brodin_LangSec23.pdf)"
+2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
+- Henrik used PolyTracker's blind spots (`mapping` and `cavities` more precisely) trace analysis functionality to pinpoint a CVE and [wrote about it on the Trail of Bits blog](https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/).
+We then added a focus on provenance relationships between information flow tracking (taint) labels, and used these relationships to find unused input bytes, or "blind spots".
+- Kaoudis, Kelly, Henrik Brodin, and Evan Sultanik. "[Automatically Detecting Variability Bugs Through Hybrid Control and Data Flow Analysis.](https://langsec.org/spw23/papers/Kaoudis_LangSec23.pdf)" 
+2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023. 
+We started building a new kind of differential trace analysis that focuses on helping debug unexpected behavior in programs and compare the effects of bugs across program versions.
+- Evan Sultanik, Marek Surovič, Henrik Brodin, Kelly Kaoudis, Facundo Tuesca, Carson Harmon, Lisa Overall, Joseph Sweeney, and Bradford Larsen.
+"PolyTracker: Whole-Input Dynamic Information Flow Tracing." In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 
+We brought PolyTracker to ISSTA and talked about the novelty we introduce with the Tainted Directed Acyclic Graph (TDAG) trace format there.
+
 ## License and Acknowledgements
 
 This research was developed by [Trail of Bits](https://www.trailofbits.com/)

From 01fc4ae32b0f2e59d91d75c69cbb9846dd0d85cd Mon Sep 17 00:00:00 2001
From: Kelly Kaoudis <kelly.kaoudis@trailofbits.com>
Date: Wed, 21 Aug 2024 17:05:19 -0400
Subject: [PATCH 2/8] add ISSTA link

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 53732ff7..e54e80f5 100644
--- a/README.md
+++ b/README.md
@@ -339,7 +339,7 @@ We then added a focus on provenance relationships between information flow track
 2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023. 
 We started building a new kind of differential trace analysis that focuses on helping debug unexpected behavior in programs and compare the effects of bugs across program versions.
 - Evan Sultanik, Marek Surovič, Henrik Brodin, Kelly Kaoudis, Facundo Tuesca, Carson Harmon, Lisa Overall, Joseph Sweeney, and Bradford Larsen.
-"PolyTracker: Whole-Input Dynamic Information Flow Tracing." In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 
+"[PolyTracker: Whole-Input Dynamic Information Flow Tracing.](https://github.com/trailofbits/publications/blob/master/papers/issta24-polytracker.pdf)" In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 
 We brought PolyTracker to ISSTA and talked about the novelty we introduce with the Tainted Directed Acyclic Graph (TDAG) trace format there.
 
 ## License and Acknowledgements

From 9a616c0a41efcacdab62842f03c8a3317c293eb7 Mon Sep 17 00:00:00 2001
From: Kelly Kaoudis <kelly.kaoudis@trailofbits.com>
Date: Thu, 22 Aug 2024 15:47:16 -0400
Subject: [PATCH 3/8] fix trunk lint issues

---
 README.md | 39 +++++++++++++++++++++------------------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index e54e80f5..ac5e0c3c 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ runtime traces produced from instrumented code,
 PolyTracker is controlled via a Python script called `polytracker`. You can
 install it by running
 
-```
+```bash
 pip3 install polytracker
 ```
 
@@ -57,13 +57,13 @@ users are likely to run it in a containerized environment. Luckily,
 `polytracker` makes this easy. All you need to do is have `docker` installed,
 then run:
 
-```
+```bash
 polytracker docker pull
 ```
 
 and
 
-```
+```bash
 polytracker docker run
 ```
 
@@ -78,7 +78,7 @@ instrumented program's control flow graph, and even extract a context free
 grammar matching the inputs accepted by the program. You can explore these
 commands by running
 
-```
+```bash
 polytracker --help
 ```
 
@@ -128,7 +128,7 @@ polytracker build make
 Then run `instrument-targets` on any targets of the build:
 
 ```bash
-$ polytracker instrument-targets a.bin b.so
+polytracker instrument-targets a.bin b.so
 ```
 
 Then `a.instrumented.bin` and `b.instrumented.so` will be the instrumented
@@ -202,7 +202,7 @@ PolyTracker accepts configuration parameters in the form of environment
 variables to avoid recompiling target programs. The current environment
 variables PolyTracker supports is:
 
-```
+```bash
 POLYDB: A path to which to save the output database (default is polytracker.tdag)
 
 WLLVM_ARTIFACT_STORE: Provides a path to an existing directory to store artifact/manifest for all build targets
@@ -251,20 +251,20 @@ focuses on ignoring system libraries. The original script can be found in
 Check out this Git repository. From the root, either build the base PolyTracker
 Docker image:
 
-```commandline
+```bash
 pip3 install -e ".[dev]" && polytracker docker rebuild
 ```
 
 or pull the latest prebuilt version from DockerHub:
 
-```commandline
+```bash
 docker pull trailofbits/polytracker:latest
 ```
 
 For a demo of PolyTracker running on the [MuPDF](https://mupdf.com/) parser run
 this command:
 
-```commandline
+```bash
 docker build -t trailofbits/polytracker-demo-mupdf -f examples/pdf/Dockerfile-mupdf.demo .
 ```
 
@@ -275,16 +275,16 @@ information provided by the taint analysis.
 For a demo of PolyTracker running on Poppler utils version 0.84.0 run this
 command:
 
-```commandline
+```bash
 docker build -t trailofbits/polytracker-demo-poppler -f examples/pdf/Dockerfile-poppler.demo .
 ```
 
 All the poppler utils will be located in
 `/polytracker/the_klondike/poppler-0.84.0/build/utils`.
 
-```commandline
-$ cd /polytracker/the_klondike/poppler-0.84.0/build/utils
-$ ./pdfinfo_track some_pdf.pdf
+```bash
+cd /polytracker/the_klondike/poppler-0.84.0/build/utils
+./pdfinfo_track some_pdf.pdf
 ```
 
 ## Building PolyTracker from Source
@@ -328,18 +328,18 @@ mitigations for this behavior currently being researched and developed.
 Here are some of the publicly available things we've done with PolyTracker. If you know of anything else you'd like to see listed here, please let us know!
 
 - The [Format Analysis Workbench](https://github.com/galoisinc/faw) integrates several key PolyTracker features, namely grammar extraction and blind spot detection.
-- Harmon, Carson, Bradford Larsen, and Evan A. Sultanik. "[Toward automated grammar extraction via semantic labeling of parser implementations.](https://bradfordlarsen.com/files/publications/semantic-labeling-langsec-2020.pdf)" 
+- Harmon, Carson, Bradford Larsen, and Evan A. Sultanik. "[Toward automated grammar extraction via semantic labeling of parser implementations.](https://bradfordlarsen.com/files/publications/semantic-labeling-langsec-2020.pdf)"
 2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
 We used PolyTracker traces to automatically extract grammars from instrumented programs.
 - Brodin, Henrik, Marek Surovič, and Evan Sultanik. "[Blind spots: Identifying exploitable program inputs.](https://langsec.org/spw23/papers/Brodin_LangSec23.pdf)"
 2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
 - Henrik used PolyTracker's blind spots (`mapping` and `cavities` more precisely) trace analysis functionality to pinpoint a CVE and [wrote about it on the Trail of Bits blog](https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/).
 We then added a focus on provenance relationships between information flow tracking (taint) labels, and used these relationships to find unused input bytes, or "blind spots".
-- Kaoudis, Kelly, Henrik Brodin, and Evan Sultanik. "[Automatically Detecting Variability Bugs Through Hybrid Control and Data Flow Analysis.](https://langsec.org/spw23/papers/Kaoudis_LangSec23.pdf)" 
-2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023. 
+- Kaoudis, Kelly, Henrik Brodin, and Evan Sultanik. "[Automatically Detecting Variability Bugs Through Hybrid Control and Data Flow Analysis.](https://langsec.org/spw23/papers/Kaoudis_LangSec23.pdf)"
+2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
 We started building a new kind of differential trace analysis that focuses on helping debug unexpected behavior in programs and compare the effects of bugs across program versions.
 - Evan Sultanik, Marek Surovič, Henrik Brodin, Kelly Kaoudis, Facundo Tuesca, Carson Harmon, Lisa Overall, Joseph Sweeney, and Bradford Larsen.
-"[PolyTracker: Whole-Input Dynamic Information Flow Tracing.](https://github.com/trailofbits/publications/blob/master/papers/issta24-polytracker.pdf)" In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 
+"[PolyTracker: Whole-Input Dynamic Information Flow Tracing.](https://github.com/trailofbits/publications/blob/master/papers/issta24-polytracker.pdf)" In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).
 We brought PolyTracker to ISSTA and talked about the novelty we introduce with the Tainted Directed Acyclic Graph (TDAG) trace format there.
 
 ## License and Acknowledgements
@@ -351,8 +351,11 @@ licensed under the [Apache 2.0 license](LICENSE). © 2019, Trail of Bits.
 
 ## Maintainers
 
+Please contact us using `firstname.lastname@trailofbits.com`.
+
 [Evan Sultanik](https://github.com/ESultanik)<br />
 [Henrik Brodin](https://github.com/hbrodin)<br />
+
+## Past Maintainers
 [Marek Surovič](https://github.com/surovic)<br />
 [Facundo Tuesca](https://github.com/facutuesca)<br /> <br />
-`firstname.lastname@trailofbits.com`

From d035d96bfb1724f62b3c16063295f02b2cfd605e Mon Sep 17 00:00:00 2001
From: Kelly Kaoudis <kelly.kaoudis@trailofbits.com>
Date: Thu, 22 Aug 2024 15:49:38 -0400
Subject: [PATCH 4/8] trunk fmt

---
 README.md | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index ac5e0c3c..36f0b4f4 100644
--- a/README.md
+++ b/README.md
@@ -325,22 +325,23 @@ cryptographic algorithms that have large block sizes. There are a number of
 mitigations for this behavior currently being researched and developed.
 
 ## Publications and Current Use Cases
+
 Here are some of the publicly available things we've done with PolyTracker. If you know of anything else you'd like to see listed here, please let us know!
 
 - The [Format Analysis Workbench](https://github.com/galoisinc/faw) integrates several key PolyTracker features, namely grammar extraction and blind spot detection.
 - Harmon, Carson, Bradford Larsen, and Evan A. Sultanik. "[Toward automated grammar extraction via semantic labeling of parser implementations.](https://bradfordlarsen.com/files/publications/semantic-labeling-langsec-2020.pdf)"
-2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
-We used PolyTracker traces to automatically extract grammars from instrumented programs.
+  2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
+  We used PolyTracker traces to automatically extract grammars from instrumented programs.
 - Brodin, Henrik, Marek Surovič, and Evan Sultanik. "[Blind spots: Identifying exploitable program inputs.](https://langsec.org/spw23/papers/Brodin_LangSec23.pdf)"
-2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
+  2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
 - Henrik used PolyTracker's blind spots (`mapping` and `cavities` more precisely) trace analysis functionality to pinpoint a CVE and [wrote about it on the Trail of Bits blog](https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/).
-We then added a focus on provenance relationships between information flow tracking (taint) labels, and used these relationships to find unused input bytes, or "blind spots".
+  We then added a focus on provenance relationships between information flow tracking (taint) labels, and used these relationships to find unused input bytes, or "blind spots".
 - Kaoudis, Kelly, Henrik Brodin, and Evan Sultanik. "[Automatically Detecting Variability Bugs Through Hybrid Control and Data Flow Analysis.](https://langsec.org/spw23/papers/Kaoudis_LangSec23.pdf)"
-2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
-We started building a new kind of differential trace analysis that focuses on helping debug unexpected behavior in programs and compare the effects of bugs across program versions.
+  2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
+  We started building a new kind of differential trace analysis that focuses on helping debug unexpected behavior in programs and compare the effects of bugs across program versions.
 - Evan Sultanik, Marek Surovič, Henrik Brodin, Kelly Kaoudis, Facundo Tuesca, Carson Harmon, Lisa Overall, Joseph Sweeney, and Bradford Larsen.
-"[PolyTracker: Whole-Input Dynamic Information Flow Tracing.](https://github.com/trailofbits/publications/blob/master/papers/issta24-polytracker.pdf)" In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).
-We brought PolyTracker to ISSTA and talked about the novelty we introduce with the Tainted Directed Acyclic Graph (TDAG) trace format there.
+  "[PolyTracker: Whole-Input Dynamic Information Flow Tracing.](https://github.com/trailofbits/publications/blob/master/papers/issta24-polytracker.pdf)" In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).
+  We brought PolyTracker to ISSTA and talked about the novelty we introduce with the Tainted Directed Acyclic Graph (TDAG) trace format there.
 
 ## License and Acknowledgements
 
@@ -357,5 +358,6 @@ Please contact us using `firstname.lastname@trailofbits.com`.
 [Henrik Brodin](https://github.com/hbrodin)<br />
 
 ## Past Maintainers
+
 [Marek Surovič](https://github.com/surovic)<br />
 [Facundo Tuesca](https://github.com/facutuesca)<br /> <br />

From d68ad6ecbc33e09225e96a22f8685c0e22f638f4 Mon Sep 17 00:00:00 2001
From: kaoudis <kelly.kaoudis@trailofbits.com>
Date: Wed, 20 Nov 2024 22:33:43 +0000
Subject: [PATCH 5/8] corrects minor typos

---
 README.md | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 36f0b4f4..fb94a6d1 100644
--- a/README.md
+++ b/README.md
@@ -199,8 +199,8 @@ instrumentation parameters without needing to recompile the binary.
 ### Environment Variables
 
 PolyTracker accepts configuration parameters in the form of environment
-variables to avoid recompiling target programs. The current environment
-variables PolyTracker supports is:
+variables to avoid recompiling target programs. The current set of environment
+variables that PolyTracker supports is:
 
 ```bash
 POLYDB: A path to which to save the output database (default is polytracker.tdag)
@@ -329,19 +329,14 @@ mitigations for this behavior currently being researched and developed.
 Here are some of the publicly available things we've done with PolyTracker. If you know of anything else you'd like to see listed here, please let us know!
 
 - The [Format Analysis Workbench](https://github.com/galoisinc/faw) integrates several key PolyTracker features, namely grammar extraction and blind spot detection.
-- Harmon, Carson, Bradford Larsen, and Evan A. Sultanik. "[Toward automated grammar extraction via semantic labeling of parser implementations.](https://bradfordlarsen.com/files/publications/semantic-labeling-langsec-2020.pdf)"
-  2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
-  We used PolyTracker traces to automatically extract grammars from instrumented programs.
+- Harmon, Carson, Bradford Larsen, and Evan A. Sultanik. "[Toward automated grammar extraction via semantic labeling of parser implementations.](https://bradfordlarsen.com/files/publications/semantic-labeling-langsec-2020.pdf)" 2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
 - Brodin, Henrik, Marek Surovič, and Evan Sultanik. "[Blind spots: Identifying exploitable program inputs.](https://langsec.org/spw23/papers/Brodin_LangSec23.pdf)"
   2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
 - Henrik used PolyTracker's blind spots (`mapping` and `cavities` more precisely) trace analysis functionality to pinpoint a CVE and [wrote about it on the Trail of Bits blog](https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/).
-  We then added a focus on provenance relationships between information flow tracking (taint) labels, and used these relationships to find unused input bytes, or "blind spots".
 - Kaoudis, Kelly, Henrik Brodin, and Evan Sultanik. "[Automatically Detecting Variability Bugs Through Hybrid Control and Data Flow Analysis.](https://langsec.org/spw23/papers/Kaoudis_LangSec23.pdf)"
   2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
-  We started building a new kind of differential trace analysis that focuses on helping debug unexpected behavior in programs and compare the effects of bugs across program versions.
 - Evan Sultanik, Marek Surovič, Henrik Brodin, Kelly Kaoudis, Facundo Tuesca, Carson Harmon, Lisa Overall, Joseph Sweeney, and Bradford Larsen.
   "[PolyTracker: Whole-Input Dynamic Information Flow Tracing.](https://github.com/trailofbits/publications/blob/master/papers/issta24-polytracker.pdf)" In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).
-  We brought PolyTracker to ISSTA and talked about the novelty we introduce with the Tainted Directed Acyclic Graph (TDAG) trace format there.
 
 ## License and Acknowledgements
 
@@ -356,6 +351,7 @@ Please contact us using `firstname.lastname@trailofbits.com`.
 
 [Evan Sultanik](https://github.com/ESultanik)<br />
 [Henrik Brodin](https://github.com/hbrodin)<br />
+[Kelly Kaoudis](https://github.com/kaoudis)<br />
 
 ## Past Maintainers
 

From 4dffdcf84282ef7396a4bf1536dd029c68f998a3 Mon Sep 17 00:00:00 2001
From: kaoudis <kelly.kaoudis@trailofbits.com>
Date: Wed, 20 Nov 2024 22:39:04 +0000
Subject: [PATCH 6/8] adds year

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fb94a6d1..c8b66906 100644
--- a/README.md
+++ b/README.md
@@ -336,7 +336,7 @@ Here are some of the publicly available things we've done with PolyTracker. If y
 - Kaoudis, Kelly, Henrik Brodin, and Evan Sultanik. "[Automatically Detecting Variability Bugs Through Hybrid Control and Data Flow Analysis.](https://langsec.org/spw23/papers/Kaoudis_LangSec23.pdf)"
   2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.
 - Evan Sultanik, Marek Surovič, Henrik Brodin, Kelly Kaoudis, Facundo Tuesca, Carson Harmon, Lisa Overall, Joseph Sweeney, and Bradford Larsen.
-  "[PolyTracker: Whole-Input Dynamic Information Flow Tracing.](https://github.com/trailofbits/publications/blob/master/papers/issta24-polytracker.pdf)" In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).
+  "[PolyTracker: Whole-Input Dynamic Information Flow Tracing.](https://github.com/trailofbits/publications/blob/master/papers/issta24-polytracker.pdf)" In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2024.
 
 ## License and Acknowledgements
 

From f86f92c78093b2cb783618c384058b3422a1d64f Mon Sep 17 00:00:00 2001
From: kaoudis <kelly.kaoudis@trailofbits.com>
Date: Wed, 20 Nov 2024 22:40:24 +0000
Subject: [PATCH 7/8] reword FAW description slightly

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c8b66906..9ca36cbd 100644
--- a/README.md
+++ b/README.md
@@ -328,7 +328,7 @@ mitigations for this behavior currently being researched and developed.
 
 Here are some of the publicly available things we've done with PolyTracker. If you know of anything else you'd like to see listed here, please let us know!
 
-- The [Format Analysis Workbench](https://github.com/galoisinc/faw) integrates several key PolyTracker features, namely grammar extraction and blind spot detection.
+- The [Format Analysis Workbench](https://github.com/galoisinc/faw) integrates several PolyTracker features from different versions of the codebase, namely grammar extraction and blind spot detection.
 - Harmon, Carson, Bradford Larsen, and Evan A. Sultanik. "[Toward automated grammar extraction via semantic labeling of parser implementations.](https://bradfordlarsen.com/files/publications/semantic-labeling-langsec-2020.pdf)" 2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
 - Brodin, Henrik, Marek Surovič, and Evan Sultanik. "[Blind spots: Identifying exploitable program inputs.](https://langsec.org/spw23/papers/Brodin_LangSec23.pdf)"
   2023 IEEE Security and Privacy Workshops (SPW). IEEE, 2023.

From 8022da3395f1603e5e70bd67c700c4242ff08983 Mon Sep 17 00:00:00 2001
From: kaoudis <kelly.kaoudis@trailofbits.com>
Date: Wed, 27 Nov 2024 02:58:03 +0000
Subject: [PATCH 8/8] replace markdown syntax block lang in the readme with
 shell-script, which is more apropos

---
 README.md | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 9ca36cbd..b2ca69c1 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ runtime traces produced from instrumented code,
 PolyTracker is controlled via a Python script called `polytracker`. You can
 install it by running
 
-```bash
+```shell-script
 pip3 install polytracker
 ```
 
@@ -57,13 +57,13 @@ users are likely to run it in a containerized environment. Luckily,
 `polytracker` makes this easy. All you need to do is have `docker` installed,
 then run:
 
-```bash
+```shell-script
 polytracker docker pull
 ```
 
 and
 
-```bash
+```shell-script
 polytracker docker run
 ```
 
@@ -78,7 +78,7 @@ instrumented program's control flow graph, and even extract a context free
 grammar matching the inputs accepted by the program. You can explore these
 commands by running
 
-```bash
+```shell-script
 polytracker --help
 ```
 
@@ -100,7 +100,7 @@ instrumented environment. This will produce a `blight_journal.jsonl` file that
 records all commands run during the build. If you have a C/C++ target, you can
 instrument it by invoking `polytracker build` and passing your build command:
 
-```bash
+```shell-script
 polytracker build gcc -g -o my_binary my_source.c
 ```
 
@@ -110,14 +110,14 @@ directory to build an instrumented version of your build target. The
 instrumented build target will be built using the same flags as the original
 build target.
 
-```bash
+```shell-script
 polytracker instrument-targets my_binary
 ```
 
 `build` also supports more complex programs that use a build system like
 autotiools or CMake:
 
-```bash
+```shell-script
 polytracker build cmake .. -DCMAKE_BUILD_TYPE=Release
 polytracker build ninja
 # or
@@ -127,7 +127,7 @@ polytracker build make
 
 Then run `instrument-targets` on any targets of the build:
 
-```bash
+```shell-script
 polytracker instrument-targets a.bin b.so
 ```
 
@@ -202,7 +202,7 @@ PolyTracker accepts configuration parameters in the form of environment
 variables to avoid recompiling target programs. The current set of environment
 variables that PolyTracker supports is:
 
-```bash
+```shell-script
 POLYDB: A path to which to save the output database (default is polytracker.tdag)
 
 WLLVM_ARTIFACT_STORE: Provides a path to an existing directory to store artifact/manifest for all build targets
@@ -251,20 +251,20 @@ focuses on ignoring system libraries. The original script can be found in
 Check out this Git repository. From the root, either build the base PolyTracker
 Docker image:
 
-```bash
+```shell-script
 pip3 install -e ".[dev]" && polytracker docker rebuild
 ```
 
 or pull the latest prebuilt version from DockerHub:
 
-```bash
+```shell-script
 docker pull trailofbits/polytracker:latest
 ```
 
 For a demo of PolyTracker running on the [MuPDF](https://mupdf.com/) parser run
 this command:
 
-```bash
+```shell-script
 docker build -t trailofbits/polytracker-demo-mupdf -f examples/pdf/Dockerfile-mupdf.demo .
 ```
 
@@ -275,14 +275,14 @@ information provided by the taint analysis.
 For a demo of PolyTracker running on Poppler utils version 0.84.0 run this
 command:
 
-```bash
+```shell-script
 docker build -t trailofbits/polytracker-demo-poppler -f examples/pdf/Dockerfile-poppler.demo .
 ```
 
 All the poppler utils will be located in
 `/polytracker/the_klondike/poppler-0.84.0/build/utils`.
 
-```bash
+```shell-script
 cd /polytracker/the_klondike/poppler-0.84.0/build/utils
 ./pdfinfo_track some_pdf.pdf
 ```