Thank you, this was extremely informative and well written!
The verdict is that libFuzzer definitely does not work here, at least in the way I am using it. I checked by using the merge command on a corpus made out of the complete code of the Julia standard library (chopped in many different ways, not just as complete files). The “reduced” corpus that libFuzzer created based on the available traces was a single one-line file with a boring variable definition statement.
Is there a trivial trick where I just compile Julia with “debug symbols” (I am cargo-culting here, I barely know what debug symbols means) that takes care of the instrumentation automagically?