Setup a fuzzer

[schwehr]

I know very little about java fuzzers, but should be a great way yo find test cases for things like #22. Based on a quick search, here are some possibles. I'm most interested in a coverage based pure jvm solution preferably that is easy to setup with maven.

• https://github.com/cretz/javan-warty-pig
• https://github.com/rohanpadhye/jqf
• https://github.com/cphr/javafuzz
• https://sourceforge.net/p/jbrofuzz/
• https://github.com/isstac/kelinci/
• https://github.com/Barro/java-afl
• https://people.csail.mit.edu/akiezun/jfuzz/

See also:

• Java Bugs with and without Fuzzing – AFL-based Java fuzzers and the Java Security Manager
• https://stackoverflow.com/questions/1099124/looking-for-a-java-fuzzing-library-or-fuzzer-tool-with-a-good-api
• https://mvnrepository.com/search?q=fuzz

Asked for suggestions here:

https://twitter.com/kurtschwehr/status/1109871725779378176

[velosol]

In your tweet you mention a corpus from libfuzzer/libais - I didn't see it in the libais test directory; is there somewhere with details on fuzzing corpus buildup you've already done? I'm curious about generating AIS sentences both for fuzzing and more functional testing of AIS parsers.

[schwehr]

My corpus is only inside Google. I will try to release a snapshot sometime soon