Skip to content

Commit b70b2da

Browse files
G8XSUG8XSU
committed
Update fuzzing instructions for libFuzzer/cargo-fuzz
1 parent 9de51f0 commit b70b2da

File tree

1 file changed

+31
-3
lines changed

1 file changed

+31
-3
lines changed

fuzz/README.md

Lines changed: 31 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,11 @@ runtime constraints, the crash is caused relatively easily.
1212

1313
## How do I run fuzz tests locally?
1414

15-
You typically won't need to run the entire combination of different fuzzing tools. For local execution, `honggfuzz`
15+
We support multiple fuzzing engines such as `honggfuzz`, `libFuzzer` and `AFL`. You typically won't need to run the entire suite of different fuzzing tools. For local execution, `honggfuzz`
1616
should be more than sufficient.
1717

1818
### Setup
19-
19+
#### Honggfuzz
2020
To install `honggfuzz`, simply run
2121

2222
```shell
@@ -31,9 +31,18 @@ cargo update -p honggfuzz --precise "0.5.52"
3131
cargo install --force honggfuzz --version "0.5.52"
3232
```
3333

34+
#### cargo-fuzz / libFuzzer
35+
To install `cargo-fuzz`, simply run
36+
37+
```shell
38+
cargo update
39+
cargo install --force cargo-fuzz
40+
```
41+
3442
### Execution
3543

36-
To run the Hongg fuzzer, do
44+
#### Honggfuzz
45+
To run fuzzing using `honggfuzz`, do
3746

3847
```shell
3948
export CPU_COUNT=1 # replace as needed
@@ -46,6 +55,25 @@ cargo hfuzz run $TARGET
4655

4756
(Or, for a prettier output, replace the last line with `cargo --color always hfuzz run $TARGET`.)
4857

58+
#### cargo-fuzz / libFuzzer
59+
To run fuzzing using `cargo-fuzz / libFuzzer`, run
60+
61+
```shell
62+
rustup install nightly # Note: libFuzzer requires a nightly version of rust.
63+
cargo +nightly fuzz run --features "libfuzzer_fuzz" msg_ping_target
64+
```
65+
Note: If you encounter a `SIGKILL` during run/build check for OOM in kernel logs and consider increasing
66+
RAM size for VM.
67+
68+
If you wish to just generate fuzzing binary executables for `libFuzzer` and not run them:
69+
```shell
70+
cargo +nightly fuzz build --features "libfuzzer_fuzz" msg_ping_target
71+
# Generates binary artifact in path ./target/aarch64-unknown-linux-gnu/release/msg_ping_target
72+
# Exact path depends on your system architecture.
73+
```
74+
You can upload the build artifact generated above to `ClusterFuzz` for distributed fuzzing.
75+
76+
### List Fuzzing Targets
4977
To see a list of available fuzzing targets, run:
5078

5179
```shell

0 commit comments

Comments
 (0)