Souce and data

1. Seed corpus for comparison

To be fair, all tools are compared with the SAME seed corpus(js-vuln-db) , which is a part of DIE corpus(https://github.com/sslab-gatech/DIE-corpus). And js-vuln-db is the vulnerability set that could ensure fairness for DIE.

Why do we use js-vul-db for comparison?

1. js-vul-db is a collection of vulnerabilities collected by hackers, which is fairer for DIE.

2. The collection is small. If the seed collection is too large:

• CodeAlchemist and DIE take a long time for pre-processes which is unfair for comparison.

• Similarly, from the initial coverage shown in the DIE paper, it also uses a small collection.

2 . Seed corpus for long-time running

We use the seeds(web link) collected by ourselves to conduct long-time fuzzing tests. Our seed corpus contains important seeds from DIE(including js-vuln-db and Test262). What's more, other seeds are from a large number of web pages.

3. Analysis results

We record some analysis results (including type analysis, reflection analysis and so on) during the fuzzing.

4. Source code to record all generated test cases.

1. Modified CodeAlchemist(source code link) to record all generated test cases. The generated test cases are located in the gendir directory, which can be configured in the configuration file.

2. Modified Superion(source code link) to record all generated test cases. The generated test cases are located in the corpus directory under the AFL work directory.

3. Modified DIE(source code link) to record all generated test cases. The generated test cases are located in the corpus directory under the AFL work directory.

5 . Source code

This is the core code of SoFi . When I have time, I will add documents. After I fully test the js engines, I will release the complete code.