| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of relying on a fuzzer-internal priority queue, utilize
stackable layers of request-generating steps.
Move the functionality to a separate pkg/fuzzer/queue package.
The pkg/fuzzer/queue package can be reused to add extra processing
layers on top of the fuzzing and to combine machine checking and fuzzing
execution pipelines.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The fuzzer may become too busy doing potentially very long hint jobs,
while we want it to also keep exploring other parts of the input space.
If there are only smash and hint jobs left, ignore them for 33% of
executions.
Reduce the number of smash iterations:
1) If new coverage is found, we will likely repeat the smash job with a
similar program.
2) We mostly do the same during exec fuzz anyway.
|
| |
|
|
| |
We don't need them.
|
|
|
This is the first step for #1541.
Move the fuzzing engine that used to be interleaved with other syz-fuzzer
code into a separate package.
For now, the algorithm is more or less the same as it was, the only
difference is that a pkg/fuzzer instance scales to the available
computing power.
Add an executor-based test that performs real fuzzing.
|
