Conversation
oetr
force-pushed
the
afl
branch
5 times, most recently
from
93c2710 to
8bcaa3f
Compare
Move the pre-existing option model and merge logic into a leaf workspace package so core and jest-runner share one configuration contract without owning duplicate state. Keep backend-specific LibAFL wiring out of this first extraction step.
Wire LibAFL through the addon and option layer so CLI and Jest can run against either native backend. Make CLI fuzzing default to LibAFL and pin the legacy libFuzzer-only tests to keep the old behaviors covered where they still matter.
Exercise CLI and Jest runs through both engines so backend selection breaks where users would notice it first.
Feed observed string and integer comparisons into LibAFL so it can mutate toward guarded code paths instead of treating those checks as opaque control flow.
Pass string-containment operands in the order the backend expects so tracing and mutation guidance agree on the same relationship.
Switch LibAFL onto queue and mutation settings that work with the new guidance model and keep campaign progress moving.
Report startup, corpus loading, heartbeats, and shutdown in a stable format so users can understand a run without reading backend internals.
Keep late-loaded ESM modules on the shared edge map so LibAFL sees the real coverage they produce instead of falling back to synthetic edges.
Pull findings, option parsing, regression replay, and ABI definitions out of the main runtime file so backend work can change in smaller pieces. Keep the Rust build wiring and shared ABI local to the LibAFL backend instead of spreading those details through the addon.
Settle findings, signals, and promise results in one order so shutdown cannot race the native runtime guard or leave stale execution state behind. Skip the SIGINT restoration check on Windows, where Node turns process.kill(..., "SIGINT") into termination instead of recovery.
Benchmark both engines against the same target and keep a few anomaly checks close by so backend changes can be compared empirically.
Limit root Jest parallelism so native-heavy test runs stay usable on developer machines and shared CI hosts.
Teach release and test workflows about the Rust-backed backend so the native addon is built, cached, and exercised the way it is shipped.
Explain how to select LibAFL or libFuzzer and call out the places where their supported options still differ.
Guard the native coverage registration boundary so malformed JS numbers cannot become pointer arithmetic in C++. This turns a silent memory-safety footgun into an explicit addon error and locks the behavior in with regression tests.
Normalize the mode option at merge time so invalid values fail before they leak into backend-specific code paths. This keeps CLI, config, env, and Jest inputs consistent instead of silently treating junk as fuzzing.
Reject stop callback failures on the JS promise instead of letting them unwind through the Rust execution callback. The new child-process regression reproduces the pre-fix Rust panic triggered by a SIGINT stop callback that throws.
Make the standalone CLI keep its existing libFuzzer compatibility unless users explicitly opt into LibAFL. This avoids surprising failures for established libFuzzer flag combinations while the LibAFL backend continues to harden.
Finish the options split by moving engine and mode checks into the leaf package and sharing the LibAFL backend DTO with the fuzzer package. This leaves one generic extraction commit at the start of the branch and one LibAFL-specific follow-up later in the stack.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.