Changed

• Update to PHP-Parser 5.

Fixed

• Fixed overzealous common path stripping when generating coverage report.
• Minor fixes to instrumentation.

Fixed

Fixed undefined method error when using --dict option.

Changed

• Fuzzing targets are now passed a PHPFuzzer\Config class in the $config variable, which has a more limited interface than the Fuzzer class. This class is exposed from php-fuzzer.phar. For backwards compatibility, it is also available using the $fuzzer variable.

Added

• Add support for instrumenting match.
• Add support for configuring the allowed exceptions using Config::setAllowedExceptions().

Fixed

• Fix instrumentation of coalesce assign (??=).
• Avoid triggering the shutdown handler for errors outside fuzzing.
• Gracefully handle invalid arguments.

• Print correct entry during crash minimization
• Support mutation depth during minimization

• Upgrade to the 4.x release of ulrichsg/getopt-php to fix PHP 8.1 compatibility
• Fix instrumentation of arrow functions
• Generate coverage overview

• Fixed unlink errors that would occasionally abort fuzzing (#5).
• Added shutdown handler to catch fatal errors during fuzzing.

• Make pcntl optional, allowing PHP-Fuzzer to be used on Windows.
• Update include-interceptor dependency for Windows fixes.
• Disable interception of phar to avoid a PHP bug.

• Remove stray var_dump().
• Add mutator for binary integers.
• Make corpus argument optional. A temporary directory will be used if not provided.
• Switch to nikic/include-interceptor to fix include interception bugs.

• Handle timeouts as crashes using pcntl.
• Handle notices/warnings as crashes with a custom error handler.
• Make instrumentation line-number preserving.
• Fix instrumentation in the phar version.

Initial release and a place to put the phar.