azhou
azhou
I put the POC in the attached file, it is something like: ``` // check removed from the code process =!(int :>int), float, float(hslider("cos", 0, 0, 10, 1)); ``` It...
It is produced by the fuzzing technique, the most popular tool implementing such technique is [AFL](https://github.com/google/AFL).
I use my own tool, and it is not currently public available. But my tool shares similar mutation operations with AFL, you can just read the code of AFL if...
Actually, I am performing fuzzing on the compiler. I'm not sure if you think it is necessary to generate random data to test the compiler.
It seems that when I do coverage instrumentations with ASAN like in AFL, it will crash, but when there are no instrumentations or only coverage instrumentations without ASAN, it works...
I think there are several directions to be considered: 1. Obviously, a more precise pointer analysis helps by using certain level of field-sensitivity, context-sensitivity, and flow-sensitivity. 2. We need to...
Let me have a try.
Can we add a heuristic to `collectGlobals` such that it does not process `malloc` site when collecting globals? Although it will lose some soundness, it can prevent nodes that point...
> Why not modify `accessGlobal`? In `accessGlobal`, many nodes related to `malloc` have already been added to `globs`, so it is hard to know whether a node comes from `malloc`...
The `collectGlobals` only collects three kinds of nodes: global variable node, base object inside global variables' points to set, and all fields of the base object. If we want to...