Releases: googleprojectzero/fuzzilli
Releases · googleprojectzero/fuzzilli
Fuzzilli Version 0.9.3
Besides various bug fixes and stability/performance improvements, notable new features of this release include:
- The new ProbingMutator
- An improved lifting algorithm that can inline expression and results in more readable samples
- A new static corpus mode useful for example to search for variants of bugs or when attempting to reproduce flaky crashes
- Full support for object literals and class definitions in FuzzIL
- Detailed statistics about the performance of CodeGenerators and Mutators with --logLevel=verbose
- Misc. new code generators and language features for things like web workers, forcing JIT compilation, global/hoisted variables, or for creating simple arrays
- A refactored code building algorithm and JavaScript environment model
Fuzzilli Version 0.9.2
Besides various bug fixes and stability/performance improvements, notable new features of this release include:
- The new ExplorationMutator
- A new and improved splicing algorithm
- The swarm testing mode for distributed fuzzing
- A new argument randomization mode to run the targeted JavaScript engines with randomized arguments
- Various new JavaScript language features in FuzzIL such as support for spreading and destructuring
- Better documentation about how Fuzzilli works
- A new, simple GenerativeEngine used to generate an initial corpus if starting without one
- A new corpus synchronization mode for distributed fuzzing
Fuzzilli Version 0.9.1
Besides various stability and performance improvements, notable new features of this release include:
- Support for distributed fuzzing with Docker and on GCE
- Many new JavaScript language features in FuzzIL, such as BigInts and RegExes, thanks to @carl-smith and @amarekano
- Support for the Duktape and JerryScript JavaScript engines (as well as numerous bugs fixed in them) thanks to @WilliamParks and @nszetei respectively
- A new minifying mode for the JavaScriptLifter to reduce the size of scripts during fuzzing thanks to @samo98: c90914d
- The ability to capture stdout and stderr during fuzzing, which is used to include the failure message of a crash (e.g. from a failed assertion or a sanitizer) as comment in the reproducer JS file: a24e205
- Support for fuzzing v8 without additional patches thanks to @peter-ralbovsky: v8/v8@70eb089
- Protobufs as serialization format for FuzzIL and as message format for network synchronization: 8b119db
- A refactored code generation algorithm and CodeGenerator interface: 43d4d9d
Initial public release
v0.9 Fuzzilli is now open source!