Fuzzing Python, using Atheris requires a significant amount of time to start, due to their expensive instrumentation stage. Are there any tips recommended to improve this time. It affects payout, as targets are limited to 10 minutes, but instrumentation can easily take 5 minutes to start. Both tests/s and test count are affected.
We don’t currently have a great solution for this at the moment. One option you can try is to heavily limit the scope of your instrumentation. That is, instead of something like atheris.instrument_all() or even instrumenting general imports, try selectively instrumenting imports. Something like:
with atheris.instrument_imports():
from largeLibrary.smallerSection import specificFunction
This should at the very least reduce the time taken for reinstrumentation. Take care with this approach as you can also be too selective and end up missing real findings.
I’ll follow up on this if we come up with a better solution.