F1
F1 copied to clipboard
vrthra
Bug in generating fuzz strings from a particular type of grammar.
If a grammar has terminating expansions from <start> non-terminal, then it always produces a single expansion from those terminating expansion.
E.g. for the grammar
{
"<start>" : [[ "<p>", "a"], ["bc"], ["xyz"]],
"<p>" : [["qrp"]]
}
F1 always produces bc and never xyz or qrpa.
This is because the expansion "<start>" : [[ "<p>", "a"] is coded up as gen_start_2, and the expansion "<start>" : [[ "xyz"] is coded up as gen_start_1 while the expansion "<start>" : ["bc"]] is gen_start_0. gen_init always calls on gen_start_0, so it always prints bc and never any alternative.
