I'm one of the engineers behind Jazzer and happy to answer any questions about it.<p>We also have a blogpost that talks about the most interesting technical aspects of Jazzer: <a href="https://blog.code-intelligence.com/engineering-jazzer" rel="nofollow">https://blog.code-intelligence.com/engineering-jazzer</a>
A little while back I wrote something similar[0]. Basically I applied AFL principles to the JVM by similarly implementing bytecode instrumentation in the lightest way I could and having "passes" of sorts that manipulated inputs using stages like AFL does. The readme explains the implementation details (I don't really maintain it or use it anymore and I never even published it to Maven, so it has old invalid jitpack links, but the code is quite solid).<p>0 - <a href="https://github.com/cretz/javan-warty-pig" rel="nofollow">https://github.com/cretz/javan-warty-pig</a>
Interesting. I had a project that I wanted to use libFuzzer with custom instruction instrumentation. I never quite figured out how to pass back the custom instrumentation data back to libFuzzer.<p>This project seems to do just that by calling __sanitizer_cov_trace_cmp4. In retrospect, this seems like the obvious solution, and quite brilliant of this project to do that!
If you are interested in fuzzing your Java code, you should also have a look at the JQF project which directly integrates with junit tests: <a href="https://github.com/rohanpadhye/JQF" rel="nofollow">https://github.com/rohanpadhye/JQF</a>
I feel the current title "Jazzer brings modern fuzz testing to the JVM" should include "open source" as well, since article title is "Fuzz Testing for JVM is now Open Source"
This talks about mutation testing, how does this compare to pitest?
It would be nice to run Jazzer on core JVM projects such as Graalvm, spring, apache projects, etc