fuzzilli

fuzzilli copied to clipboard

Why "Coverage instrumentation is only supported for a single module"?

1

I am trying to use fuzzilli with custom js engine which use a few shared libraries, And it looks like this configuration is not currently supported by fuzzilli because of...

capgelka

This PR drops an assert statement since object destruct and reassign operations can support empty patterns. Eg: ```js [] = {foo:10, bar:20} ```

amarekano

`generateVariable` unable to handle type unions

1

The following test intermittently fails with the following error: ``` Test Case 'ProgramBuilderTests.testTypeInstantiation' started at 2021-11-03 09:00:22.498 Fuzzilli/ProgramBuilder.swift:520: Assertion failed: Unexpected type encountered .integer | .object() ``` What follows is...

amarekano

docker usage help

3

Hi Samuel, I followed the construction for docker `docker run -ti fuzzilli ./Fuzzilli --profile=v8 /home/fuzzer/v8/d8`, but I forgot to add `storagePath`. Fuzzilli has found 1 crash, but I didn't see...

We5ter

Setting --storagePath=./fuzz_out/ ending with slash is incorrect

1

Setting `--storagePath=./fuzz_out/` for fuzzilli makes it use a... `./fuzz_out/fuzz_out` path for storage instead of `./fuzz_out`. Seems like an UX bug ;).

disconnect3d

Implement More Intelligent Mutation/Code Generator/Constant Selection Scheduler

7

Fuzzilli current uses hard-coded weights to select between the various [mutators](https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/FuzzilliCli/main.swift#L295), [code generators](https://github.com/googleprojectzero/fuzzilli/blob/1cd76bf9e8f32fa4ce5d350a9122228d20f913a5/Sources/FuzzilliCli/CodeGeneratorWeights.swift), and [constants](https://github.com/googleprojectzero/fuzzilli/blob/ce4738fc571e2ef2aa5a30424f32f7957a70b5f3/Sources/Fuzzilli/Core/ProgramBuilder.swift#L128). These weights are just approximations, and a more intelligent mutator scheduler could help improve performance,...

WilliamParks

Improve loops in FuzzIL

5

FuzzIL's representation of loops is oversimplified and cannot express the fact that more or less arbitrary computations can be performed in the loop header. This might, however, be interesting for...

saelo

Broken Pipe errors on JerryScript

5

On JerryScript, the following error occurs somewhat frequently: Script execution failed: Failed to send command to child process: Broken pipe. Retrying in 1 second...

bzyo

Add LoadNamedVariable, StoreNamedVariable and possibly CreateNamedVariable operations

4

There should be a more generic version of `LoadFromScope` and `StoreToScope` to be able to represent code such as the one shown in https://github.com/googleprojectzero/fuzzilli/issues/221 or in general any code where...

saelo

1. when i finish the lastest Patch for JerryJS , i start it will crash all the time , not real crash , child crash. has anyone do the same?...

Limesss