[tptacek]

Can you talk a bit about what you're fuzzing for in Python programs? I feel like I have a good understanding of what cluster fuzzing is accomplishing for C/C++ libraries, but less clarity about the goals for managed languages.

[evmunro]

Sure! Some of the classes of bugs that remain low-hanging fruit for languages like Python include slowness, hangs, panics, race conditions, assert failures, excessive resource consumption and other Denial of Service attacks.

Other use cases include using fuzzing to compare implementations of libs that require the same functionality, detecting invariant violations, testing implementations that are meant to work together (i.e. serialize(deserialize(x)) == x).

In general fuzzing C/C++ libraries for memory bugs is the most commonly described use-case, but I think there are tons of fuzzing use cases that haven't been thoroughly explored yet.

[Metalnem]

I recently wrote a tool called SharpFuzz that enables fuzzing .NET programs with AFL (https://github.com/metalnem/sharpfuzz#trophies). It has found over 70 issues so far in various libraries (including the .NET standard library). The most common ones are unexpected exceptions (for example, method that should not throw anything throws IndexOutOfRangeException or NullReferenceException), but there are also many serious ones, such as temporary/permanent hangs, stack overflows, and process crashes.

[js2]

As an example, I had a python function that needed to strip the front of a string and went into an infinte loop on an empty string due to a boneheaded mistake on my part. I failed to have a unit test for that particular input and didn't catch it till months after it went into production when empty strings started showing up occassionaly in the wild, and my program would get restarted by a watchdog which noticed it not making progress. A fuzzer would hopefully have caught that sooner.