That would be amazing. It's easy to turn CrossHair into an absurdly slow fuzz tester (imagine hashing or printing your inputs early in the process). I think the ideal product would be good at both symbolic and concrete tactics, and the minimization logic of hypothesis would be really nice to have too.
I will be in touch!
Portfolio of a slow but precise fuzzer + fast imprecise fuzzer is the easiest integration. Start both together and return the one which fails first. SMT solvers are often complementary with samplers.
However, it would be very interesting to see if a closer integration of symbolic and sampling methodologies is possible.
pschanely|6 years ago
zzz95|6 years ago
However, it would be very interesting to see if a closer integration of symbolic and sampling methodologies is possible.