> transforming fuzzed programs so that they produce meaningful output, allowing differential testing to be used as a test oracle, and paving the way for fuzzer-generated programs to be integrated into compiler and code analyser regression test suites.
But this ^^ seems particularly novel! Sadly, fuzzers like the protobuf one often produce compiler crashes due to failed assertions that are difficult to prioritize over other compiler features/fixes that are more obviously relevant. But if it can find a miscompile, that's a real big deal IMO.
https://srg.doc.ic.ac.uk/projects/grayc/
SRG is the group that maintains KLEE, the symbolic execution engine https://klee.github.io/