As per offline discussion with @inferno-chromium and @jonathanmetzman

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#prerequisites

1. there are unnecessarily many examples, we can remove some of them

2. we should add project using libprotobuf-mutator and FuzzedDataProvider to the lis (e.g. one project using each of these) with a comment like `(note how this project

Current docs here.

When reading the SciPy docs on structured arrays. I discovered that array dtypes / record dtypes / structured dtypes (we should probably mention those other terms in the docs...) can have a title as well as a fie

Requested by @asudhak and @acatinahat

Topics that need to be covered:

• how to write good Fuzz functions (checking for logical bugs, cross checking different implementations, examining as much code as possible, testing functions that require more complex inputs and not just []byte)
• how to use several Fuzz functions in a single package
• corpus collection

similar to how https://docs.rs/ndarray/0.12.1/ndarray/doc/index.html has a documentation module, I think this is a nice place to keep the docs in a more properly version-controlled place.

Consider auto-formatting docs/*.md with markdownfmt as part of make presubmit:

go get -u github.com/shurcooL/markdownfmt
markdownfmt -w docs

#994 is the current diff it creates. It seems to break syzbot.md, but it all should be fixable.
Need to figure out how to vendor it.

I spent an hour right now trying to debug error connecting to pipe on test run without afl-fuzz. It occured that I forgot the -debug option. While the whole thing is kinda obvious, if you need test run then you shouldn't forget the -debug, a suggestion about it on pipe error would've been very helpful.

What I propose is to edit error message so it would be `error connecting to pipe (did y

fast-check is a very nice library. It would be even better if we could use it with Facebook's ReasonML instead of Typescript!

It might be possible to use https://github.com/rrdelaney/ReasonablyTyped to make the conversion easier.

As we've found in rust-lang/rust#36705, jemalloc has abysmal fork performance in some kernel configurations, notably on recent Ubuntu versions.

Even on good configurations system default allocator has about 20% better fork performance than jemalloc.

This can be done in documentation, by adding the 2 lines described in https://doc.rust-lang.org/nightly/book/custom-alloc

So while I was debugging another issue, I came along the enormous list of parameters in the Session class. I feel that some of them should be moved to more appropriate locations, and I'd argue that this should be a breaking change. Benefits: better documentation, easier to understand.

In particular:

• ignore_connection_reset, ignore_connection_aborted, `ignore_connection_issues_when_sendin

I've created some example code and scripts in the wiki, they could be in the repo and either useful documentation or tests for the testsuite.

https://github.com/googleprojectzero/halfempty/wiki/Examples

Most timeouts in afl are implemented using signals.
The future goal is to make afl++ properly multi threaded, or at least support different use cases like embedding it into other processes.
One part, refactoring it without globals, is handled by pr #220 however a big problem still remains: afl uses unix signals in many places.
Instead, timeouts at least, could instead be replaced by select w

In common/src/config.rs

https://github.com/AngoraFuzzer/Angora/blob/1940eb560201f3705afcdde5f3a720addb1df528/common/src/config.rs#L41

This value is used to ignore those seed files larger than 15000 bytes. https://github.com/AngoraFuzzer/Angora/blob/1940eb560201f3705afcdde5f3a720addb1df528/fuzzer/src/depot/sync.rs

This is something that hasn't been super clear to me, and I haven't really seen it discussed anywhere ever.

The corpus

• can end up getting sizable (see also #163)
• often isn't human readable

Committing it to the project-being-fuzzed's repo seems like it could add a bunch of git overhead and even make merges difficult.

But, it is needed to "pick up where you left off" when doing time

Each fuzzer executor (frontend) implements populate_stats method that changes fuzzer-specific output information to the uniform one. That is, it's populate self.stats dictionary.

Currently only AFL provides reasonable amount of runtime informations that are easily accessible and therefore used by the deepstate. Also we scan CRASH_DIR and count amount of crashes found. But other tools ne

Missing numpy, wheel, and flask_restplus in requirements.txt, for the web interface.

Also, version of werkzeug is outdated. Need to upgrade to at least version Werkzeug==0.14.1.