It sort of "works", but ...

- Only the parsing code is fuzzed
- Run-time bugs will not be detected
- Unlikely to find security problems (fuzzing trusted input)
- (Theoretically) high overhead
- High rejection rate due to syntax problems