WorksButNotTested

Thanks for sending that. I think we may be incorrectly transitioning from Thumb mode back into ARM mode when virtualizing the prior `MOV PC, R3` at 0x00009D7C: Can you confirm...

Fairly confident on the cause now. The Thumb2 documentation states that when operating in Thumb mode, the low bit of the target address for a `mov pc, ` instruction should...

Proposed fix in #452

This defect should have been fixed by https://github.com/frida/frida-gum/commit/4a30be7e873bd4c4f97be1d5f61e58502ff0c342. Further testing has identified the following defects which are currently being addressed: https://github.com/frida/frida-gum/issues/455 https://github.com/frida/frida-gum/issues/456

Fixes have now been merged #457 #458 for the remaining defects and testing has shown that the function now runs to completion. Thanks for providing us the information to fix...

Is there a common format for the fuzzers to share how many paths they have discovered over time? How are the current path statistics captured? Could this be extended?

How does it handle the number of paths found over time (which it does graph)? Is this a different means of collecting and a different format for each fuzzer too?

> this is done by analyzing the saved inputs (-o out data) in 15 min intervals. no log/print output of any fuzzer is assessed. So actually, the results are how...

Nonetheless though, the fuzzer is expected to report the coverage itself (effectively marking its own homework) rather than it being independently verified (e.g. by a control)?

Some docs for that would be awesome. It would be cool if fuzzbench could show the same type of graphs for execs as it does for paths. Not sure how...