You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
structure-aware operators for crossover / replacement / splicing etc
track provenance information for MOpt-style adjustment of frequencies
validity-aware mutations (Zest/RLCheck), based on structure
Nezha-like differential coverage via dynamic contexts?
Improved prioritization
Typically, fuzzers haven't really been guided towards inputs which improve branch coverage, as they have been good at exploiting them once found at random. We can do that, but we can probably also do better.
use CFG from coverage to tell if new branches are actually available from a given path. If not, we can hit it less often.
Note that branch coverage != available bugs; the control flow graph is not identical to the behaviour partition of the program.
try using a custom trace function, investigate performance and use of alternative coverage metrics (e.g. length-n path segments, callstack-aware coverage, etc.)
fuzz arbitrary scores with hypothesis.target() (see FuzzFactory)
exploit VCS metadata, i.e. target recently-changed parts of the SUT and new / recently changed tests (c.f. pypi-testmon)
The text was updated successfully, but these errors were encountered:
Better mutation operators
Improved prioritization
Typically, fuzzers haven't really been guided towards inputs which improve branch coverage, as they have been good at exploiting them once found at random. We can do that, but we can probably also do better.
coverageto tell if new branches are actually available from a given path. If not, we can hit it less often.Note that branch coverage != available bugs; the control flow graph is not identical to the behaviour partition of the program.
hypothesis.target()(see FuzzFactory)pypi-testmon)The text was updated successfully, but these errors were encountered: