-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Idea list #11
Comments
+1 for gathering statistics on the mutators!
|
+1 for gathering statistics on the mutators I also listed some enhancements in TODO.md
@eqv A follow-up question to your second bullet point: do you mean to add support of scripting language while specifying the grammar? Like the python-based grammar in nautilus? |
No, that stuff is ok and useful in some cases (e.g. to generate XML ), but I was thinking more like:
in which case we would have a special generator that generates |
I see. Thanks for your explanation! This looks pretty useful. |
Basically grammar MOpt. |
We can try to take a testcase and replace terminal nodes with the dictionary tokens when they are compatible (regex needed). |
yes. we need a way to hand over the dictionary to the mutator though. but that is a minor thing, @domenukk thought about passing afl structure in a stable way to mutators already. |
Passing afl structure to the mutators will enhance the capability of the custom mutator a lot. |
Or, alternatively, we could expose functions to the custom mutators. This could be a bit more overhead during development, but would mean the mutators can easily be plugged into other fuzzers, like libafl? Else the state struct virtually becomes the api. |
Let's collect some ideas on how to improve the grammar mutator.
I am not an expert on this, so some ideas might be not possible, no sense or even makes things worse.
Also:
document for a mutation which mutation strategies were used, and if it results in a new path, crash or hang, document these away somewhere (fopen("a")... fwrite() ... fclose() would be fine enough), and learn which types are more effective than others, and then try to improve them. maybe weighting, maybe changing how unsuccessful techniques work, etc. (and of course this feature with an #ifdef TESTING or something like that.
pinging @h1994st @andreafioraldi @eqv for more ideas
The text was updated successfully, but these errors were encountered: