Merge branch 'googleprojectzero:main' into feature/array-spread

googleprojectzero · Sep 22, 2024 · 18b3c9f · 18b3c9f
2 parents 563dd60 + fb79747
commit 18b3c9f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/Docs/HowFuzzilliWorks.md b/Docs/HowFuzzilliWorks.md
@@ -79,7 +79,7 @@ FuzzIL has a notion of "guarded" operations, which are operations that guard aga
 ```javascript
 try { v3(v5, v6); } catch {};
 ```
-As the try-catch blocks generated for guarded opetations can negatively influence the program's behavior (as described above), they should be used sparingly. Furthermore, Fuzzilli tries to convert guarded operations into unguarded ones during Minimization and through the FixupMutator, both of which are discussed further later on in this document.
+As the try-catch blocks generated for guarded operations can negatively influence the program's behavior (as described above), they should be used sparingly. Furthermore, Fuzzilli tries to convert guarded operations into unguarded ones during Minimization and through the FixupMutator, both of which are discussed further later on in this document.
 
 FuzzIL has a number of properties:
 * A FuzzIL program is simply a list of instructions.

diff --git a/Sources/Fuzzilli/Fuzzer.swift b/Sources/Fuzzilli/Fuzzer.swift
@@ -262,6 +262,20 @@ public class Fuzzer {
             }
         }
 
+        // Install a timer to monitor for faulty code generators and program templates.
+        timers.scheduleTask(every: 5 * Minutes) {
+            for generator in self.codeGenerators {
+                if generator.totalSamples >= 100 && generator.correctnessRate < 0.05 {
+                    self.logger.warning("Code generator \(generator.name) might be broken. Correctness rate is only \(generator.correctnessRate * 100)% after \(generator.totalSamples) generated samples")
+                }
+            }
+            for template in self.programTemplates {
+                if template.totalSamples >= 100 && template.correctnessRate < 0.05 {
+                    self.logger.warning("Program template \(template.name) might be broken. Correctness rate is only \(template.correctnessRate * 100)% after \(template.totalSamples) generated samples")
+                }
+            }
+        }
+
         // Determine our initial state if necessary.
         assert(state == .uninitialized || state == .corpusImport)
         if state == .uninitialized {