Hi,
looking at the quality of the generated testcases using the Ruby grammar, I noticed that my implementation of gramatron in LibAFL was generating invalid testcases with lines like IDENTIFIER SP VAR.
Debugging further, I noticed that the error is in the original Python script that I borrowed from this repo, gnf_converter.py.
Ofc replacing 'return' SP VAR with IDENTIFIER SP VAR is wrong. I fixed it just removing the call to terminal_exist but dunno if it is 100% right so I won't open a PR.
Hi, looking at the quality of the generated testcases using the Ruby grammar, I noticed that my implementation of gramatron in LibAFL was generating invalid testcases with lines like IDENTIFIER SP VAR. Debugging further, I noticed that the error is in the original Python script that I borrowed from this repo, gnf_converter.py.
Here https://github.com/HexHive/Gramatron/blob/02ab42d857ff2d3bc8c872f4756e6af9e3baaf0f/src/gramfuzz-mutator/preprocess/gnf_converter.py#L198 you check if a terminal can be replaced with a nonterminal, but this is wrong in case of a terminal repeated two times in two different nonterminals of the grammar.
For this specific case, I noticed the bug because in the Ruby grammar 'return' is both in IDENTIFIER https://github.com/HexHive/Gramatron/blob/main/grammars/ruby/source.json#L843 and in STATEMENT https://github.com/HexHive/Gramatron/blob/main/grammars/ruby/source.json#L1169
Ofc replacing 'return' SP VAR with IDENTIFIER SP VAR is wrong. I fixed it just removing the call to
terminal_existbut dunno if it is 100% right so I won't open a PR.