fuzzilli
fuzzilli copied to clipboard
googleprojectzero
A JavaScript Engine Fuzzer
On v8, the following error occurs somewhat frequently: `Script execution failed: Child in weird state after execution. Retrying in 1 second...` This could be caused by a short read [here](https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/libreprl/libreprl.c#L363),...
Many operations don't have any parameters, and so two instances of them will always be semantically equal. For example, two `LoadUndefined` operations are always interchangeable, independent of the context. As...
Similar to the [NetworkSync module](https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Modules/NetworkSync.swift) but over some IPC channel instead of TCP sockets.
This should be able to deduplicate based on (debug) assertions triggered and the current stack trace. This should ideally also produce a nice overview of all the unique crashes in...
It would be nice to have a simple web UI to display the current fuzzing statistics, list the (unique) crashes found in the current run, and allow downloading crashing samples....
Warning ahead: this PR is not yet complete as it modifies the reprl interface and only v8, spidermonkey and jsc are updated accordingly. Alas, the PR adds differential testing to...
Per se to https://github.com/googleprojectzero/fuzzilli/blob/7ac136b3ba6fccae03fe754425c7f475fcbb64c4/Sources/Fuzzilli/Core/ProgramTemplates.swift#L156 It was already a TODO to check whether they was actually different well it came to my attention after checking multiple corpuses that it doesn't such...
https://github.com/WebKit/WebKit/commit/e6717cdeb6a841f4b1f6b9d8d3b0dec947850abe
I have preposition of adding a new feature *though it isn't nothing great* or mind blowing just another aspect to go even further with fuzzying. There were two ways of...
Running commands : swift run -c debug FuzzilliCli --profile=jsc --jobs=4 --consecutiveMutations=2 --engine=multi --corpus=markov --storagePath=/Users/bootywarrior/Desktop/Aggyfuzz --collectRuntimeTypes --importCorpusMerge=/Users/bootywarrior/Desktop/mergeddcorpus --overwrite /Users/bootywarrior/Downloads/Webkit/latest/WebKit/FuzzBuild/Debug/bin/jsc Yields... ----------------- Fuzzer phase: Fuzzing (with MultiEngine) Uptime: 0d 0h 28m 1s...