Glossary

Reproducer

A minimal input (and the command to run it) that reliably triggers a specific crash or bug found by the fuzzer.

A reproducer is the smallest input that reliably causes a target program to exhibit a specific bug — a crash, a hang, or an incorrect output. Fuzzers record the crash-triggering input, but the raw crash file is often hundreds of kilobytes of mutation history; minimization tools like `afl-tmin`, `afl-cmin`, and libFuzzer's `-minimize_crash` mode iteratively reduce the input while confirming the crash persists, often producing a file of tens of bytes. A good reproducer is valuable for three reasons: it enables developers to confirm and understand the bug without running a full fuzzer; it becomes a regression test to verify that a patch actually fixes the issue; and it is the artifact shared in a vulnerability disclosure or CVE report. Reproducer quality — minimal, well-commented, deterministic — is a proxy for the overall maturity of a fuzzing program.

Triage

The workflow of reviewing, prioritizing, and reproducing crashes found by a fuzzer to determine exploitability and root cause.

Crash Deduplication

The process of grouping distinct crash inputs that trigger the same underlying bug into a single unique report.

Fuzz Testing

Automated software testing that generates many semi-random inputs to find crashes, hangs, and security vulnerabilities.

AddressSanitizer (ASan)

A fast memory-error detector that catches heap/stack buffer overflows, use-after-free, and similar bugs at runtime.

AFL++

A community-maintained, highly optimised fork of American Fuzzy Lop that is the most widely deployed coverage-guided fuzzer.

Reproducer

Related