Added HowFuzzilliWorks.md

README.md

@@ -82,6 +82,8 @@ A number of mutations can then be performed on these programs:
 * [OperationMutator](Sources/Fuzzilli/Mutators/OperationMutator.swift): mutates the parameters of operations, for example replacing an integer constant with a different one.
 * and more...
 
+A much more thorough discussion of how Fuzzilli works can be found [here](Docs/HowFuzzilliWorks.md).
+
 ## Implementation
 
 The fuzzer is implemented in [Swift](https://swift.org/), with some parts (e.g. coverage measurements, socket interactions, etc.) implemented in C.

Sources/Fuzzilli/FuzzIL/TypeSystem.swift

@@ -134,7 +134,7 @@ public struct Type: Hashable {
     public static let regexp    = Type(definiteType: .regexp)
 
     /// Type one can iterate over
-    public static let iterable   = Type(definiteType: .iterable)
+    public static let iterable   = Type(definiteType: .iterable)        // TODO rename to .array?
 
     /// A value for which the type is not known.
     public static let unknown   = Type(definiteType: .unknown)

Sources/FuzzilliCli/main.swift

@@ -29,7 +29,8 @@ Options:
     --profile=name              : Select one of several preconfigured profiles.
                                   Available profiles: \(profiles.keys).
     --jobs=n                    : Total number of fuzzing jobs. This will start one master thread and n-1 worker threads. Experimental!
-    --engine=name               : The fuzzing engine to use. Available engines: "mutation" (default), "hybrid", "multi"
+    --engine=name               : The fuzzing engine to use. Available engines: "mutation" (default), "hybrid", "multi".
+                                  Only the mutation engine should be regarded stable at this point.
     --logLevel=level            : The log level to use. Valid values: "verbose", info", "warning", "error", "fatal"
                                   (default: "info").
     --numIterations=n           : Run for the specified number of iterations (default: unlimited).