-
node parser.js ../../Protobuf/ast.proto code.js output.ast.proto
`code.js`:
```
x = { "": 0 }
```
Tested on rev d42d6fa0a.
```
/Sources/Fuzzilli/Compiler/Parser/parser.js:393
…
-
| | |
|------------------|-----------------|
|Previous ID | SR-11008 |
|Radar | rdar://problem/52118932 |
|Original Repo…
-
[tags]fuzzing,javascript[/tags]
[short_descr]A JavaScript Engine Fuzzer.[/short_descr]
[link] https://github.com/googleprojectzero/fuzzilli [/link]
[long_descr]
A (coverage-)guided fuzzer for dynamic…
-
Fuzzilli: [`8eec7a7`](https://github.com/googleprojectzero/fuzzilli/commit/8eec7a70fc49ed49f92cec9a29a42cbf17764638)
V8: `92a918e10bd36c1045b2f750b56fdab4b4148ae4`
I've got
```
[Fuzzer] Testcase…
-
node parser.js ../../Protobuf/ast.proto code.js output.ast.proto
`code.js`:
```
for (x in y) {}
```
Tested on rev d386a838.
```
/Sources/Fuzzilli/Compiler/Parser/parser.js:17
…
-
node parser.js ../../Protobuf/ast.proto code.js output.ast.proto
`code.js`:
```
switch (x) {};
```
Switch statements do not yet seem to be supported on rev d386a838.
```
/Sources/Fuzzil…
-
Is there any method provided to generate jsClass? Or maybe I should rewrite the equivalent code of jsClass into jsFunction
-
While applying JIT-Picker to v8 engine, I see that when we use a built-in or native function `fuzzilli_hash` to calculate hash of a variable inside an optimized function, the engine will bailout of op…
-
The FuzzIL compiler is not yet feature complete as it does not support a number of JavaScript features. For most features, it should be enough to add the necessary support in the [parser](https://gith…
saelo updated
1 month ago
-
I have a JavaScript file:
```
let a = function() {
return {}
};
for (let j = 0; j < 999; j++) {
((a = class b3 {[{c: eval()}]}) => {})();
if (j == 8) {
a();
}
}
…