DIE
DIE copied to clipboard
sslab-gatech
Can you explain the fuzzer_stats and the command_line used?
Hello @thdusdl1219 @tarafans .I actually get everything working. But I have some questions to help me understand more about DIE.
Here is my fuzzer_stats file:
cat fuzzer_stats
start_time : 1719463042
last_update : 1719470780
fuzzer_pid : 755288
cycles_done : 0
execs_done : 95763
execs_per_sec : 2.03
paths_total : 0
paths_favored : 0
paths_found : 0
paths_imported : 0
max_depth : 0
cur_path : 957
pending_favs : 0
pending_total : 0
variable_paths : 0
stability : 100.00%
bitmap_cvg : 0.00%
unique_crashes : 0
unique_hangs : 0
last_path : 0
last_crash : 0
last_hang : 0
execs_since_crash : 95763
exec_timeout : 1000
afl_banner : d8
afl_version : 2.52b
target_mode : crash
command_line : ./fuzz/afl/afl-fuzz -C -m none -o output-17 /home/fuzz/v8fuzz/v8/out/fuzzbuild_DIE_2/d8 /home/fuzz/v8fuzz/DIE0626/DIE/DIE-corpus/lib.js /home/fuzz/v8fuzz/DIE0626/DIE/DIE-corpus/jsc.js /home/fuzz/v8fuzz/DIE0626/DIE/DIE-corpus/v8.js /home/fuzz/v8fuzz/DIE0626/DIE/DIE-corpus/ffx.js /home/fuzz/v8fuzz/DIE0626/DIE/DIE-corpus/chakra.js @@
I have two questions.
-
I find that most numbers are 0, I think this is wired. Is this correct? Or is there anything wrong with instrument or coverage collection?
-
The command line is so long and I can't figure out the function of lib.js, v8.js ... Can I just remove them like:
./fuzz/afl/afl-fuzz -C -m none -o output-17 /home/fuzz/v8fuzz/v8/out/fuzzbuild_DIE_2/d8 @@And I can't figure out where to set the flags of v8 such as --allow-natives-syntax, --expose-gc ... Should I add them manually like:./fuzz/afl/afl-fuzz -C -m none -o output-17 /home/fuzz/v8fuzz/v8/out/fuzzbuild_DIE_2/d8 --allow-natives-syntax --expose-gc @@
Thanks veryyy much.
