DavidKorczynski
commented
3 months ago An example OSS-Fuzz project that has low coverage (5% at the time of writing https://introspector.oss-fuzz.com/project-profile?project=neomutt and https://storage.googleapis.com/oss-fuzz-coverage/neomutt/reports/20240716/linux/report.html) but a wealth of tests that can be converted: https://github.com/neomutt/neomutt/tree/main/test
Test-to-harness conversion by way of LLM sounds like an interesting avenue and is very commonly an approach taken by security engineers when first approaching a given project.
I see multiple steps:
1) Enable in experimental without use of FI 2) Enable in core without use of FI 3) Assess quality overall 4) See if improvements can be made using more program analysis data by way of FI