Been playing around with afl to fuzz yxml[1], but even after supplying a useful dictionary, I don't get the impression that its tests are covering much of the codebase. :blobunsure:


More fuzzing. I was worried about afl not finding more paths, but then I gave afl-cov a try and now I'm much less worried. afl managed to cover the entire state machine and almost all of the branches (there's a few sub-branches that it missed, but those aren't important).

Turns out a simple codebase like yxml can be fuzzed pretty quickly, after all.

