Questions about ExplorationMutator

[chennbnbnb]

Hello, I am studying ExplorationMutator, and I think it is a good idea to assist mutation through runtime information.
But I found that after detecting the type of the object, the mutation operation of ExplorationMutator is also completed through the js code, and these mutation operations are not diverse enough.

Why does ExplorationMutator need to mutate through js code? What if the type information is detected through runtime and then passed to Fuzzilli, and then Fuzzilli is responsible for mutation?

demo:

let arr = ["xxx", "yyy"];
let obj = {};
obj[arr[0]] = function(a) { ... };

explore(obj);

obj[arr[0]] will set an compute property, so Typer in Fuzzilli cannot infer that obj contains the property "xxx". Later, explore(obj) will detect the "xxx" attribute, and then pass the attribute name and the type of the attribute value to Fuzzilli, and Fuzzilli can perform more mutation operations on the attribute.