Skip to content

fuzz

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

fuzz

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
fuzz_targets
fuzz_targets
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
fuzz-util.sh
fuzz-util.sh
 
 
fuzz.sh
fuzz.sh
 
 
generate-files.sh
generate-files.sh
 
 

README.md

Fuzzing

Run a target

Run a fuzz target indefinitely using the following command:

cargo fuzz run TARGET

You can pass arguments to the fuzzer after the --, such as a maximum length of 50 bytes or a restriction to use only ASCII bytes.

cargo fuzz run TARGET -- -max_len=50 -ascii_only=1

Compute code coverage

Compute the code coverage of the corpus of a given target using the following command:

cargo fuzz coverage TARGET

Generate a human-readable HTML coverage report using a command as below. The exact paths might differ depending on the target architecture.

The demangler rustfilt must be installed.

cargo cov -- show -Xdemangler=rustfilt target/x86_64-unknown-linux-gnu/coverage/x86_64-unknown-linux-gnu/release/TARGET -instr-profile=fuzz/coverage/TARGET/coverage.profdata -show-line-counts-or-regions -show-instantiations --format html --output-dir=OUTPUT_DIR -ignore-filename-regex="\.cargo"

More information is available in the rustc book.