Eg. here's part of fuzzing engine code, where it tries to produce an input which matches some form of variable check inside the fuzzed code:
https://github.com/google/honggfuzz/blob/1f09e3bfb0785d9b311...
register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ...
Eg. here's part of fuzzing engine code, where it tries to produce an input which matches some form of variable check inside the fuzzed code:
https://github.com/google/honggfuzz/blob/1f09e3bfb0785d9b311...