jianglk.darker
7ee447c011
|
7 months ago | |
|---|---|---|
| .. | ||
| ci | 7 months ago | |
| libfuzzer | 7 months ago | |
| patches | 7 months ago | |
| src | 7 months ago | |
| .cargo_vcs_info.json | 7 months ago | |
| Android.bp | 7 months ago | |
| CHANGELOG.md | 7 months ago | |
| Cargo.toml | 7 months ago | |
| Cargo.toml.orig | 7 months ago | |
| LICENSE | 7 months ago | |
| METADATA | 7 months ago | |
| MODULE_LICENSE_APACHE2 | 7 months ago | |
| MODULE_LICENSE_MIT | 7 months ago | |
| NOTICE | 7 months ago | |
| OWNERS | 7 months ago | |
| README.md | 7 months ago | |
| build.rs | 7 months ago | |
| rust-toolchain | 7 months ago | |
| update-libfuzzer.sh | 7 months ago | |
README.md
The libfuzzer-sys Crate
Barebones wrapper around LLVM's libFuzzer runtime library.
The CPP parts are extracted from compiler-rt git repository with git filter-branch.
libFuzzer relies on LLVM sanitizer support. The Rust compiler has built-in support for LLVM sanitizer support, for now, it's limited to Linux. As a result, libfuzzer-sys only works on Linux.
Usage
Use cargo fuzz!
The recommended way to use this crate with cargo fuzz!.
Manual Usage
This crate can also be used manually as following:
First create a new cargo project:
$ cargo new --bin fuzzed
$ cd fuzzed
Then add a dependency on the fuzzer-sys crate and your own crate:
[dependencies]
libfuzzer-sys = "0.3.0"
your_crate = { path = "../path/to/your/crate" }
Change the fuzzed/src/main.rs to fuzz your code:
#![no_main]
use libfuzzer_sys::fuzz_target;
fuzz_target!(|data: &[u8]| {
// code to fuzz goes here
});
Build by running the following command:
$ cargo rustc -- \
-C passes='sancov' \
-C llvm-args='-sanitizer-coverage-level=3' \
-C llvm-args='-sanitizer-coverage-inline-8bit-counters' \
-Z sanitizer=address
And finally, run the fuzzer:
$ ./target/debug/fuzzed
Updating libfuzzer from upstream
./update-libfuzzer.sh <github.com/llvm-mirror/llvm-project SHA1>
License
All files in libfuzzer directory are licensed NCSA.
Everything else is dual-licensed Apache 2.0 and MIT.