4387 shaares
afl = american fuzzy lop
cf. http://lcamtuf.coredump.cx/afl/
"Luckily, afl-fuzz can leverage lightweight assembly-level instrumentation to its advantage - and within a millisecond or so, it notices that although setting the first byte to 0xff does not change the externally observable output, it triggers a slightly different internal code path in the tested app."