The dashboard app doesn't have much documentation - it took me a while to figure out I needed to install the Google Cloud SDK to do anything with it. It would be nice to have some basic setup instructions documented.

The --maxtime CLI flag should control the total execution time. However, the timer is reset for each new job added to the list by recursion detection that gets enabled by --recursion.

Additionally, add a new CLI flag --maxtime-job that counts towards the maximum execution time for each job, and if it hits, cancel the job and move forward to the next one.

This was reported OOB by @damia

Section 3.4 of the paper describes using gradient descent with a 2-point method for computing the gradient vector. This basically involves doing O(d) function calls to find the approximate gradient then doing a small number of calls to move in that direction. There is a long history of Derivative free Optimization Methods, that try to make each function evaluation do some of both. For example so

Now that we use pathlib/Paths throughout, we should refactor the ICU .dll section of inspect_shell into using list(p.glob("*.dll")) or list(p.glob("icu*.dll")).

When configuring echidna with balanceContract, but fuzzing a non-payable contract, echidna prints a Haskell exception instead of a meaningful error.

$ cat balance.yaml
balanceContract: 100
format: text

$ cat balance.sol
contract C {
  function f() public {}
  function echidna_true() public returns (bool) {return true;}
}

$ echidna-test balance.sol --config balance.yaml
Analy

grep unknown opentitan.fasm  | wc
    557    6127   52651

557 bits isn't too many. Most of these are likely related to the DSP, as 1 DSP is being used:

DSP_L_X66Y110.DSP48.DSP_0.AREG_0
DSP_L_X66Y110.DSP48.DSP_0.BREG_0
DSP_L_X66Y110.DSP48.DSP_0.MASK[45:0] = 46'b1111111111111111111111111111111111111111111111
DSP_L_X66Y110.DSP48.DSP_0.ZADREG[0]
DSP_L_X66Y110.DSP48.DSP_0.ZAL

Hi,

When configurating the the PyJFuzz library for generating messages you can specify a specific fuzzing level 1 to 6. I was not able to find in the documentation what these levels mean exactly and what the difference is when picking another level. Can you make that more clear in the README or something?

Best regards,
Ivar Derksen

New test script idea

What TLS message this idea relates to?

ClientHello

What TLS extension this idea relates to?

signature_algorithms

What is the behaviour the test script should test?

RFC 8446, section B.3.1.3 and B.3.1.4 describe values, marked as obsolete_RESERVED that MUST NOT be offered or negotiated by TLS 1.3 implementations.

Check that presence of those

Would be nice to add a switch to tune HTTP engine like how much to sleep between each request , this would prevent/bypass rate limit.

GRR uses GRANARY_ASSERT, which is kind of a weird holdover from writing DBTs that can't depend on system libraries, and it's also very C-like. Now that we've made GRR start using cxx-common, we could easily upgrade it to use Google Log's CHECK macro.