|
|
|
|
|
|
by pascal_cuoq
4210 days ago
|
|
|
I agree that it would be completely possible in principle to make an AFL-style fuzzer for binary, and that then it would risk being either brittle or slow (depending on the instrumentation technique used to measure coverage), two properties that AFL explicitly set out to avoid. So a hypothetical AFL for binaries is not really AFL any longer until someone proves it's possible to make one with the same good behavior. A modified hypervisor that would use the features initially intended for “replay debugging” for measuring coverage instead could be cool, though. |
|
|