@@ -24,6 +24,13 @@ cargo update
2424cargo install --force honggfuzz
2525```
2626
27+ In some environments, you may want to pin the honggfuzz version to ` 0.5.52 ` :
28+
29+ ``` shell
30+ cargo update -p honggfuzz --precise " 0.5.52"
31+ cargo install --force honggfuzz --version " 0.5.52"
32+ ```
33+
2734### Execution
2835
2936To run the Hongg fuzzer, do
@@ -34,9 +41,11 @@ export HFUZZ_BUILD_ARGS="--features honggfuzz_fuzz"
3441export HFUZZ_RUN_ARGS=" -n $CPU_COUNT --exit_upon_crash"
3542
3643export TARGET=" msg_ping_target" # replace with the target to be fuzzed
37- cargo hfuzz run $TARGET
44+ cargo hfuzz run $TARGET
3845```
3946
47+ (Or, for a prettier output, replace the last line with ` cargo --color always hfuzz run $TARGET ` .)
48+
4049To see a list of available fuzzing targets, run:
4150
4251``` shell
@@ -84,4 +93,38 @@ export RUSTFLAGS="--cfg=fuzzing"
8493cargo test
8594```
8695
96+ Note that if the fuzz test failed locally, moving the offending run's trace
97+ to the ` test_cases ` folder should also do the trick; simply replace the ` echo $HEX | ` line above
98+ with (the trace file name is of course a bit longer than in the example):
99+
100+ ``` shell
101+ mv hfuzz_workspace/fuzz_target/SIGABRT.PC.7ffff7e21ce1.STACK.[…].fuzz ./test_cases/$TARGET /
102+ ```
103+
87104This will reproduce the failing fuzz input and yield a usable stack trace.
105+
106+
107+ ## How do I add a new fuzz test?
108+
109+ 1 . The easiest approach is to take one of the files in ` fuzz/src/ ` , such as
110+ ` process_network_graph.rs ` , and duplicate it, renaming the new file to something more
111+ suitable. For the sake of example, let's call the new fuzz target we're creating
112+ ` my_fuzzy_experiment ` .
113+
114+ 2 . In the newly created file ` fuzz/src/my_fuzzy_experiment.rs ` , run a string substitution
115+ of ` process_network_graph ` to ` my_fuzzy_experiment ` , such that the three methods in the
116+ file are ` do_test ` , ` my_fuzzy_experiment_test ` , and ` my_fuzzy_experiment_run ` .
117+
118+ 3 . Adjust the body (not the signature!) of ` do_test ` as necessary for the new fuzz test.
119+
120+ 4 . In ` fuzz/src/bin/gen_target.sh ` , add a line reading ` GEN_TEST my_fuzzy_experiment ` to the
121+ first group of ` GEN_TEST ` lines (starting in line 9).
122+
123+ 5 . If your test relies on a new local crate, add that crate to ` fuzz/Cargo.toml ` .
124+
125+ 6 . In ` fuzz/src/lib.rs ` , add the line ` pub mod my_fuzzy_experiment ` . Additionally, if
126+ you added a new crate dependency, add the ` extern crate […] ` import line.
127+
128+ 7 . Run ` fuzz/src/bin/gen_target.sh ` .
129+
130+ 8 . There is no step eight: happy fuzzing!
0 commit comments