(Question) Other than validated bugs reported in LAVA-M

[kburova]

Hello. We've been using LAVA-M corpora for testing some bug finding software. In case with base64, the list of validated bugs has 44 codes but we had 48 reported when test our software (274, 521, 526 and 527 are another four). Also, many inputs to base64 that we've discovered report more than 1 bug at the time. Is that something normal? Thanks.

[moyix]

Yes, prior work has found some cases where it's possible to trigger LAVA bugs that our original test cases were not able to trigger. For example you can see this in the Angora paper. In addition, it's possible to create triggering inputs that do not crash the program; this means you may "trigger" multiple bugs at once.