fuzzilli
fuzzilli copied to clipboard
googleprojectzero
A JavaScript Engine Fuzzer
I'm following the README and Dockerfile, still can't build success. ... ➜ Compiler git:(main) opam pin add -y flow_parser https://github.com/facebook/flow.git [flow_parser.0.80.0] synchronised from git+https://github.com/facebook/flow.git flow_parser is now pinned to git+https://github.com/facebook/flow.git...
As noted [here](https://github.com/googleprojectzero/fuzzilli/issues/235#issuecomment-888965906), a lot of test cases generated by Fuzzilli contain empty blocks. This probably happens for a number of reasons, but in any case it's likely detrimental to...
Since commit 1408aab353b3a7f54b5a4e1b4471e054d615adcf, Fuzzilli computes and displays the "fuzzer overhead", i.e. the fraction of time that is *not* spent executing JavaScript code in the target engine. Normal values seem to...
Currently Object creation ops (i.e. `CreateObject` and `CreateObjectWithSpread`) only allows generating objects with data properties and spread elements. I would like to enhance these object creation that will allow generation...
Update HowFuzzilliWorks.md to fix broken link
Hi, i am working on compile JS to Fuzzil IR. There is no operator in IR direct representing destructuring assignment, so i think there might be two ways to do...
There are areas where the minimiser could use improvement: **Example 1:** ``` for (const v375 in v374) { } function v376(v377) { } function v378(v379,v380) { for (let v384 =...
It would be great to have a way to write tests for the [Minimizer](https://github.com/googleprojectzero/fuzzilli/tree/main/Sources/Fuzzilli/Minimization) to catch issues such as the one fixed with https://github.com/googleprojectzero/fuzzilli/commit/555021d1b9f73d0201ca1629b8be482d0422cd2d earlier.
If Fuzzilli's `--resume` is interrupted, whether it by a crash, or CTRL-C, it seems to wipe the corpus that has not yet been imported. Example: * Initial coverage before stopping...
