**4. Evaluation**

MooFuzz is built on top of AFL-2.52b [7]. The implementation adds C/C++ code to the AFL. The instrumentation components are implemented to mark danger edges based on the LLVM framework [63] in static analysis. Through these experiments, the following research questions are tackled:

RQ1: How capable is MooFuzz in crash detection?

RQ2: How effective is the code coverage of MooFuzz?

RQ3: How capable is MooFuzz in identifying real-world vulnerabilities?
