top | item 41755775

(no title)

The interesting thing to me is the stark difference between this and golang's approach.

With golang, you can run fuzzing as simply as you run tests, which means that it's trivial to target specific parts of your application or library. It obsoletes so much of those techniques.

I'm quite curious of techniques to guide more the fuzzing. It seems like the best you can do is provide a seed corpus and hope for the best.

discuss

greybox|1 year ago

some fuzzing tools (libFuzzer for example) leverage LLVM's intermediate representation to provide code-coverage metrics that they feed back into their fuzzing algorithms, increasing test coverage

michaelmure|1 year ago

Golang does that natively ;-)

ackbar03|1 year ago

I proposed using reinforcement learning to guide coverage as a potential phd topic, but didn't really go down that path, no idea if it could work

lolsowrong|1 year ago

Did you try making small changes to your phd proposal to see if it opened up new paths?

</fuzzingjoke>

carom|1 year ago

I think it would go the other way where you use coverage to guide reinforcement. Crank the temperature up to increase variation and you would probably produce a model that could approximate the file format you were targeting.

daghamm|1 year ago

Please tell us more!

Fuzzing is often a special case of genetic algorithms, so there is already a tiny connection to RL. I'm curious to hear what your proposal was.