Dmitry Vyukov

Can you briefly describe the idea of shrinking and parallel API calls here?

> It finds the smallest example that also produces the error. go-fuzz does this for crashes and also for inputs in corpus. I.e. when it discovers an input that gives...

How can such look like (of how does it look in QuickCheck)? I am working on something similar for syscalls (an input is a sequence of random syscalls with their...

FWIW, go-fuzz already does input shrinking (it is called minimization throughout the code).

I think the current minimization is good enough. Minimization is generally NP-hard, because there can be arbitrary dependencies between bytes and length. So to do complete minimization one would need...

@tv42 @mschoch Interesting I don't see that it passes fuzz `data []byte` to actions. I guess they also want some randomness. This somewhat related to what we do in syzkaller...

@flyingmutant what exactly do you mean by "stateful state machine based tests"? Is it calling a sequence of methods on an object? If yes, then this works with upfront data...

> How do you generate method N+1 with valid arguments upfront in this case, without executing the N methods before? Just randomly and then rely on feedback and mutations. The...

> > And all ranges, min/max, ascii, etc are mostly not necessary with good guided fuzzing. > > There are several counter-arguments to this. > > 1. A lot of...

I don't question that all else being equal faster is better.