FuzzFactory
FuzzFactory copied to clipboard
rohanpadhye
Domain-Specific Fuzzing with Waypoints
To allow diff to work properly on on persistent mode targets/libfuzzer-style targets, we added a hack to the diff domain which only started counting diff coverage when the top of...
Hi, I can't fully understand your algorithm for the selection of favored testcases. In cull_queue I read: ```c if (dsf_enabled) { for (i = 0; i < dsf_len_actual; i++) {...
I would like to point out that an identifier like “[`__fuzzfactory_dsf_max`](https://github.com/rohanpadhye/FuzzFactory/blob/f5e72b71aa8f5e4b702e98699c9df7dba0a8ba8b/include/waypoints.h#L48 "Update candidate")” [does eventually not fit](https://www.securecoding.cert.org/confluence/display/c/DCL37-C.+Do+not+declare+or+define+a+reserved+identifier "Do not use identifiers which are reserved for the compiler implementation.") to the...
Adding `regexp.dict` Reference: https://twitter.com/RandomDhiraj/status/1204089908131979264
-p is required for fuzzfactory to work but this is not explicitly documented. instead users get a mysterious forkserver error. 1. make explicit in README 2. discuss in command line...