Samuel Groß
Samuel Groß
This issue appears to happen elsewhere, too, not just during tests. During a fuzzing session with a debug build, I got this assertion failure: `Fuzzilli/ProgramBuilder.swift:520: Assertion failed: Unexpected type encountered...
I think you'll also need to make sure that the edges from the 2nd, 3rd etc. module start at the right position. I.e. you'll need to set `N` here: https://github.com/googleprojectzero/fuzzilli/blob/5422ea441ed37e14152de8db532947f5c5178548/Targets/coverage.c#L27...
So for FuzzIL output to work, your patch for the target engine needs to be able to do this: 1. Fuzzilli executes some code like this: `fuzzilli('FUZZILLI_PRINT', str);`, where `str`...
You can check whether the corpus is growing, and you could check (using https://clang.llvm.org/docs/SourceBasedCodeCoverage.html) if relevant parts of the engine are covered by the .js files in corpus/. You could...
Cool idea! So I'm a bit worried about two things: - "there will be some effort to suspend scope checks when we evaluate global identifiers". Currently, the logic for variable...
Great idea! Some more initial thoughts: * Besides the weights of the mutators, it would also be nice to automatically determine a somewhat optimal "aggressivity" for each mutator, i.e. [how...
Hey! Sure, feel free to open a WIP PR for early feedback if you think it helps :)
For the CodeGenerators, the weights mostly just depending on how "relevant" the generated features are. For example, binary operations are probably more interesting on average than `instanceof`. For mutators, the...
Yeah it's a tricky question, see e.g. https://github.com/googleprojectzero/fuzzilli/blob/main/Docs/HowFuzzilliWorks.md#limitations-of-the-mutation-engine Ideally, the metric would be newly found crashes. However, in practice that doesn't really work as fuzzing is just too unpredictable and...
You'd probably need to use some kind of profiler (e.g. [perf](https://man7.org/linux/man-pages/man1/perf.1.html) on Linux) to figure out where the CPU time is spent, and if there's a bug there that we...