[hobls]

> Or in other words, a fuzzer is a program that tries to create source code that finds bugs in a compiler.

This is a very narrow definition of a fuzzer. There are a lot of types of fuzzer that do not generate source code, and are not intended to test compilers.

[seanmcdirmid]

When I was an undergrad in 1997, I created a fuzzer (well, we didn't know to call it that back then) to insert one byte changes into Java classfiles, and then used that to test our bytecode verifier along with Sun and Microsoft's.

Suffice it to say, we found lots of bugs, the most famous one being what my grad advisor called the vacuum bug that could read a web client's environment variables (among other things): https://archive.nytimes.com/www.nytimes.com/library/cyber/un...

[hobls]

Very cool! I think fuzzers are SO interesting. One of my favorite examples is lcamtuf’s post on generating valid JPGs from nothing [1]. Just so awesome.

1: https://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-th...

[kodablah]

Tangentially related, speaking of Java, I wrote a path guided one recently for code running on the JVM: https://github.com/cretz/javan-warty-pig. It's found bugs for me on internal things, but I haven't run it on anything popular to build a trophy case.

[matthewwarren]

Nice! Not many people can say that their university project made it into the New York Times!

[sehugg]

To test a MS-DOS database program I was writing, I replaced the WaitForKey routine with GetRandom. It was fun to watch! And I think it was a fuzzer.

[matthewwarren]

Nice, that's a pretty cool approach! (random user input)

[matthewwarren]

> This is a very narrow definition of a fuzzer. There are a lot of types of fuzzer that do not generate source code, and are not intended to test compilers

Yeah, that's true, I completely missed out other uses for 'fuzzers', thanks for clarifying that