1*61c4878aSAndroid Build Coastguard Worker.. _module-pw_fuzzer-guides-using_libfuzzer: 2*61c4878aSAndroid Build Coastguard Worker 3*61c4878aSAndroid Build Coastguard Worker========================================= 4*61c4878aSAndroid Build Coastguard Workerpw_fuzzer: Adding Fuzzers Using LibFuzzer 5*61c4878aSAndroid Build Coastguard Worker========================================= 6*61c4878aSAndroid Build Coastguard Worker.. pigweed-module-subpage:: 7*61c4878aSAndroid Build Coastguard Worker :name: pw_fuzzer 8*61c4878aSAndroid Build Coastguard Worker 9*61c4878aSAndroid Build Coastguard Worker.. note:: 10*61c4878aSAndroid Build Coastguard Worker 11*61c4878aSAndroid Build Coastguard Worker `libFuzzer`_ is currently only supported on Linux and MacOS using clang. 12*61c4878aSAndroid Build Coastguard Worker 13*61c4878aSAndroid Build Coastguard Worker.. _module-pw_fuzzer-guides-using_libfuzzer-toolchain: 14*61c4878aSAndroid Build Coastguard Worker 15*61c4878aSAndroid Build Coastguard Worker----------------------------------------- 16*61c4878aSAndroid Build Coastguard WorkerStep 0: Set up libFuzzer for your project 17*61c4878aSAndroid Build Coastguard Worker----------------------------------------- 18*61c4878aSAndroid Build Coastguard Worker.. note:: 19*61c4878aSAndroid Build Coastguard Worker 20*61c4878aSAndroid Build Coastguard Worker This workflow only needs to be done once for a project. 21*61c4878aSAndroid Build Coastguard Worker 22*61c4878aSAndroid Build Coastguard Worker`libFuzzer`_ is a LLVM compiler runtime and should included with your ``clang`` 23*61c4878aSAndroid Build Coastguard Workerinstallation. In order to use it, you only need to define a suitable toolchain. 24*61c4878aSAndroid Build Coastguard Worker 25*61c4878aSAndroid Build Coastguard Worker.. tab-set:: 26*61c4878aSAndroid Build Coastguard Worker 27*61c4878aSAndroid Build Coastguard Worker .. tab-item:: GN 28*61c4878aSAndroid Build Coastguard Worker :sync: gn 29*61c4878aSAndroid Build Coastguard Worker 30*61c4878aSAndroid Build Coastguard Worker Use ``pw_toolchain_host_clang``, or derive a new toolchain from it. 31*61c4878aSAndroid Build Coastguard Worker For example: 32*61c4878aSAndroid Build Coastguard Worker 33*61c4878aSAndroid Build Coastguard Worker .. code-block:: 34*61c4878aSAndroid Build Coastguard Worker 35*61c4878aSAndroid Build Coastguard Worker import("$dir_pw_toolchain/host/target_toolchains.gni") 36*61c4878aSAndroid Build Coastguard Worker 37*61c4878aSAndroid Build Coastguard Worker my_toolchains = { 38*61c4878aSAndroid Build Coastguard Worker ... 39*61c4878aSAndroid Build Coastguard Worker clang_fuzz = { 40*61c4878aSAndroid Build Coastguard Worker name = "my_clang_fuzz" 41*61c4878aSAndroid Build Coastguard Worker forward_variables_from(pw_toolchain_host.clang_fuzz, "*", ["name"]) 42*61c4878aSAndroid Build Coastguard Worker } 43*61c4878aSAndroid Build Coastguard Worker ... 44*61c4878aSAndroid Build Coastguard Worker } 45*61c4878aSAndroid Build Coastguard Worker 46*61c4878aSAndroid Build Coastguard Worker .. tab-item:: CMake 47*61c4878aSAndroid Build Coastguard Worker :sync: cmake 48*61c4878aSAndroid Build Coastguard Worker 49*61c4878aSAndroid Build Coastguard Worker LibFuzzer-style fuzzers are not currently supported by Pigweed when using 50*61c4878aSAndroid Build Coastguard Worker CMake. 51*61c4878aSAndroid Build Coastguard Worker 52*61c4878aSAndroid Build Coastguard Worker .. tab-item:: Bazel 53*61c4878aSAndroid Build Coastguard Worker :sync: bazel 54*61c4878aSAndroid Build Coastguard Worker 55*61c4878aSAndroid Build Coastguard Worker Include ``rules_fuzzing`` in your ``MODULE.bazel`` file. For example: 56*61c4878aSAndroid Build Coastguard Worker 57*61c4878aSAndroid Build Coastguard Worker .. code-block:: 58*61c4878aSAndroid Build Coastguard Worker 59*61c4878aSAndroid Build Coastguard Worker bazel_dep(name = "rules_fuzzing", version = "0.5.2") 60*61c4878aSAndroid Build Coastguard Worker 61*61c4878aSAndroid Build Coastguard Worker Then, import the libFuzzer build configurations in your ``.bazelrc`` file 62*61c4878aSAndroid Build Coastguard Worker by adding and adapting the following: 63*61c4878aSAndroid Build Coastguard Worker 64*61c4878aSAndroid Build Coastguard Worker .. code-block:: 65*61c4878aSAndroid Build Coastguard Worker 66*61c4878aSAndroid Build Coastguard Worker # Include FuzzTest build configurations. 67*61c4878aSAndroid Build Coastguard Worker import %workspace%/path/to/pigweed/pw_fuzzer/libfuzzer.bazelrc 68*61c4878aSAndroid Build Coastguard Worker 69*61c4878aSAndroid Build Coastguard Worker------------------------------------ 70*61c4878aSAndroid Build Coastguard WorkerStep 1: Write a fuzz target function 71*61c4878aSAndroid Build Coastguard Worker------------------------------------ 72*61c4878aSAndroid Build Coastguard WorkerTo write a fuzzer, a developer needs to write a `fuzz target function`_ 73*61c4878aSAndroid Build Coastguard Workerfollowing the guidelines given by libFuzzer: 74*61c4878aSAndroid Build Coastguard Worker 75*61c4878aSAndroid Build Coastguard Worker.. code-block:: cpp 76*61c4878aSAndroid Build Coastguard Worker 77*61c4878aSAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 78*61c4878aSAndroid Build Coastguard Worker DoSomethingInterestingWithMyAPI(data, size); 79*61c4878aSAndroid Build Coastguard Worker return 0; // Non-zero return values are reserved for future use. 80*61c4878aSAndroid Build Coastguard Worker } 81*61c4878aSAndroid Build Coastguard Worker 82*61c4878aSAndroid Build Coastguard WorkerWhen writing your fuzz target function, you may want to consider: 83*61c4878aSAndroid Build Coastguard Worker 84*61c4878aSAndroid Build Coastguard Worker- It is acceptable to return early if the input doesn't meet some constraints, 85*61c4878aSAndroid Build Coastguard Worker e.g. it is too short. 86*61c4878aSAndroid Build Coastguard Worker- If your fuzzer accepts data with a well-defined format, you can bootstrap 87*61c4878aSAndroid Build Coastguard Worker coverage by crafting examples and adding them to a `corpus`_. 88*61c4878aSAndroid Build Coastguard Worker- There are tools to `split a fuzzing input`_ into multiple fields if needed; 89*61c4878aSAndroid Build Coastguard Worker the `FuzzedDataProvider`_ is particularly easy to use. 90*61c4878aSAndroid Build Coastguard Worker- If your code acts on "transformed" inputs, such as encoded or compressed 91*61c4878aSAndroid Build Coastguard Worker inputs, you may want to try `structure aware fuzzing`. 92*61c4878aSAndroid Build Coastguard Worker- You can do `startup initialization`_ if you need to. 93*61c4878aSAndroid Build Coastguard Worker- If your code is non-deterministic or uses checksums, you may want to disable 94*61c4878aSAndroid Build Coastguard Worker those **only** when fuzzing by using LLVM's 95*61c4878aSAndroid Build Coastguard Worker `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`_ 96*61c4878aSAndroid Build Coastguard Worker 97*61c4878aSAndroid Build Coastguard Worker------------------------------------ 98*61c4878aSAndroid Build Coastguard WorkerStep 2: Add the fuzzer to your build 99*61c4878aSAndroid Build Coastguard Worker------------------------------------ 100*61c4878aSAndroid Build Coastguard WorkerTo build a fuzzer, do the following: 101*61c4878aSAndroid Build Coastguard Worker 102*61c4878aSAndroid Build Coastguard Worker.. tab-set:: 103*61c4878aSAndroid Build Coastguard Worker 104*61c4878aSAndroid Build Coastguard Worker .. tab-item:: GN 105*61c4878aSAndroid Build Coastguard Worker :sync: gn 106*61c4878aSAndroid Build Coastguard Worker 107*61c4878aSAndroid Build Coastguard Worker Add the GN target to the module using ``pw_fuzzer`` GN template. If you 108*61c4878aSAndroid Build Coastguard Worker wish to limit when the generated unit test is run, you can set 109*61c4878aSAndroid Build Coastguard Worker ``enable_test_if`` in the same manner as ``enable_if`` for `pw_test`: 110*61c4878aSAndroid Build Coastguard Worker 111*61c4878aSAndroid Build Coastguard Worker .. code-block:: 112*61c4878aSAndroid Build Coastguard Worker 113*61c4878aSAndroid Build Coastguard Worker # In $dir_my_module/BUILD.gn 114*61c4878aSAndroid Build Coastguard Worker import("$dir_pw_fuzzer/fuzzer.gni") 115*61c4878aSAndroid Build Coastguard Worker 116*61c4878aSAndroid Build Coastguard Worker pw_fuzzer("my_fuzzer") { 117*61c4878aSAndroid Build Coastguard Worker sources = [ "my_fuzzer.cc" ] 118*61c4878aSAndroid Build Coastguard Worker deps = [ ":my_lib" ] 119*61c4878aSAndroid Build Coastguard Worker enable_test_if = device_has_1m_flash 120*61c4878aSAndroid Build Coastguard Worker } 121*61c4878aSAndroid Build Coastguard Worker 122*61c4878aSAndroid Build Coastguard Worker Add the fuzzer GN target to the module's group of fuzzers. Create this 123*61c4878aSAndroid Build Coastguard Worker group if it does not exist. 124*61c4878aSAndroid Build Coastguard Worker 125*61c4878aSAndroid Build Coastguard Worker .. code-block:: 126*61c4878aSAndroid Build Coastguard Worker 127*61c4878aSAndroid Build Coastguard Worker # In $dir_my_module/BUILD.gn 128*61c4878aSAndroid Build Coastguard Worker group("fuzzers") { 129*61c4878aSAndroid Build Coastguard Worker deps = [ 130*61c4878aSAndroid Build Coastguard Worker ... 131*61c4878aSAndroid Build Coastguard Worker ":my_fuzzer", 132*61c4878aSAndroid Build Coastguard Worker ] 133*61c4878aSAndroid Build Coastguard Worker } 134*61c4878aSAndroid Build Coastguard Worker 135*61c4878aSAndroid Build Coastguard Worker Make sure this group is referenced from a top-level ``fuzzers`` target in 136*61c4878aSAndroid Build Coastguard Worker your project, with the appropriate 137*61c4878aSAndroid Build Coastguard Worker :ref:`fuzzing toolchain<module-pw_fuzzer-guides-using_libfuzzer-toolchain>`. 138*61c4878aSAndroid Build Coastguard Worker For example: 139*61c4878aSAndroid Build Coastguard Worker 140*61c4878aSAndroid Build Coastguard Worker .. code-block:: 141*61c4878aSAndroid Build Coastguard Worker 142*61c4878aSAndroid Build Coastguard Worker # In //BUILD.gn 143*61c4878aSAndroid Build Coastguard Worker group("fuzzers") { 144*61c4878aSAndroid Build Coastguard Worker deps = [ 145*61c4878aSAndroid Build Coastguard Worker ... 146*61c4878aSAndroid Build Coastguard Worker "$dir_my_module:fuzzers(//my_toolchains:host_clang_fuzz)", 147*61c4878aSAndroid Build Coastguard Worker ] 148*61c4878aSAndroid Build Coastguard Worker } 149*61c4878aSAndroid Build Coastguard Worker 150*61c4878aSAndroid Build Coastguard Worker .. tab-item:: CMake 151*61c4878aSAndroid Build Coastguard Worker :sync: cmake 152*61c4878aSAndroid Build Coastguard Worker 153*61c4878aSAndroid Build Coastguard Worker LibFuzzer-style fuzzers are not currently supported by Pigweed when using 154*61c4878aSAndroid Build Coastguard Worker CMake. 155*61c4878aSAndroid Build Coastguard Worker 156*61c4878aSAndroid Build Coastguard Worker .. tab-item:: Bazel 157*61c4878aSAndroid Build Coastguard Worker :sync: bazel 158*61c4878aSAndroid Build Coastguard Worker 159*61c4878aSAndroid Build Coastguard Worker Add a Bazel target to the module using the ``pw_cc_fuzz_test`` rule. For 160*61c4878aSAndroid Build Coastguard Worker example: 161*61c4878aSAndroid Build Coastguard Worker 162*61c4878aSAndroid Build Coastguard Worker .. code-block:: 163*61c4878aSAndroid Build Coastguard Worker 164*61c4878aSAndroid Build Coastguard Worker # In $dir_my_module/BUILD.bazel 165*61c4878aSAndroid Build Coastguard Worker pw_cc_fuzz_test( 166*61c4878aSAndroid Build Coastguard Worker name = "my_fuzzer", 167*61c4878aSAndroid Build Coastguard Worker srcs = ["my_fuzzer.cc"], 168*61c4878aSAndroid Build Coastguard Worker deps = [":my_lib"] 169*61c4878aSAndroid Build Coastguard Worker ) 170*61c4878aSAndroid Build Coastguard Worker 171*61c4878aSAndroid Build Coastguard Worker---------------------------------------------- 172*61c4878aSAndroid Build Coastguard WorkerStep 3: Add the fuzzer unit test to your build 173*61c4878aSAndroid Build Coastguard Worker---------------------------------------------- 174*61c4878aSAndroid Build Coastguard WorkerPigweed automatically generates unit tests for libFuzzer-based fuzzers in some 175*61c4878aSAndroid Build Coastguard Workerbuild systems. 176*61c4878aSAndroid Build Coastguard Worker 177*61c4878aSAndroid Build Coastguard Worker.. tab-set:: 178*61c4878aSAndroid Build Coastguard Worker 179*61c4878aSAndroid Build Coastguard Worker .. tab-item:: GN 180*61c4878aSAndroid Build Coastguard Worker :sync: gn 181*61c4878aSAndroid Build Coastguard Worker 182*61c4878aSAndroid Build Coastguard Worker The generated unit test will be suffixed by ``_test`` and needs to be 183*61c4878aSAndroid Build Coastguard Worker added to the module's test group. This test verifies the fuzzer can build 184*61c4878aSAndroid Build Coastguard Worker and run, even when not being built in a 185*61c4878aSAndroid Build Coastguard Worker :ref:`fuzzing toolchain<module-pw_fuzzer-guides-using_libfuzzer-toolchain>`. 186*61c4878aSAndroid Build Coastguard Worker For example, for a fuzzer called ``my_fuzzer``, add the following: 187*61c4878aSAndroid Build Coastguard Worker 188*61c4878aSAndroid Build Coastguard Worker .. code-block:: 189*61c4878aSAndroid Build Coastguard Worker 190*61c4878aSAndroid Build Coastguard Worker # In $dir_my_module/BUILD.gn 191*61c4878aSAndroid Build Coastguard Worker pw_test_group("tests") { 192*61c4878aSAndroid Build Coastguard Worker tests = [ 193*61c4878aSAndroid Build Coastguard Worker ... 194*61c4878aSAndroid Build Coastguard Worker ":my_fuzzer_test", 195*61c4878aSAndroid Build Coastguard Worker ] 196*61c4878aSAndroid Build Coastguard Worker } 197*61c4878aSAndroid Build Coastguard Worker 198*61c4878aSAndroid Build Coastguard Worker .. tab-item:: CMake 199*61c4878aSAndroid Build Coastguard Worker :sync: cmake 200*61c4878aSAndroid Build Coastguard Worker 201*61c4878aSAndroid Build Coastguard Worker LibFuzzer-style fuzzers are not currently supported by Pigweed when using 202*61c4878aSAndroid Build Coastguard Worker CMake. 203*61c4878aSAndroid Build Coastguard Worker 204*61c4878aSAndroid Build Coastguard Worker .. tab-item:: Bazel 205*61c4878aSAndroid Build Coastguard Worker :sync: bazel 206*61c4878aSAndroid Build Coastguard Worker 207*61c4878aSAndroid Build Coastguard Worker Fuzzer unit tests are included automatically in Pigweed's Bazel build. 208*61c4878aSAndroid Build Coastguard Worker 209*61c4878aSAndroid Build Coastguard Worker------------------------ 210*61c4878aSAndroid Build Coastguard WorkerStep 4: Build the fuzzer 211*61c4878aSAndroid Build Coastguard Worker------------------------ 212*61c4878aSAndroid Build Coastguard WorkerLibFuzzer-style fuzzers require the compiler to add instrumentation and 213*61c4878aSAndroid Build Coastguard Workerruntimes when building. 214*61c4878aSAndroid Build Coastguard Worker 215*61c4878aSAndroid Build Coastguard Worker.. tab-set:: 216*61c4878aSAndroid Build Coastguard Worker 217*61c4878aSAndroid Build Coastguard Worker .. tab-item:: GN 218*61c4878aSAndroid Build Coastguard Worker :sync: gn 219*61c4878aSAndroid Build Coastguard Worker 220*61c4878aSAndroid Build Coastguard Worker Select a sanitizer runtime. See LLVM for `valid options`_. 221*61c4878aSAndroid Build Coastguard Worker 222*61c4878aSAndroid Build Coastguard Worker .. code-block:: sh 223*61c4878aSAndroid Build Coastguard Worker 224*61c4878aSAndroid Build Coastguard Worker $ gn gen out --args='pw_toolchain_SANITIZERS=["address"]' 225*61c4878aSAndroid Build Coastguard Worker 226*61c4878aSAndroid Build Coastguard Worker Some toolchains may set a default for fuzzers if none is specified. For 227*61c4878aSAndroid Build Coastguard Worker example, `//targets/host:host_clang_fuzz` defaults to "address". 228*61c4878aSAndroid Build Coastguard Worker 229*61c4878aSAndroid Build Coastguard Worker Build the fuzzers using ``ninja`` directly. 230*61c4878aSAndroid Build Coastguard Worker 231*61c4878aSAndroid Build Coastguard Worker .. code-block:: sh 232*61c4878aSAndroid Build Coastguard Worker 233*61c4878aSAndroid Build Coastguard Worker $ ninja -C out fuzzers 234*61c4878aSAndroid Build Coastguard Worker 235*61c4878aSAndroid Build Coastguard Worker .. tab-item:: CMake 236*61c4878aSAndroid Build Coastguard Worker :sync: cmake 237*61c4878aSAndroid Build Coastguard Worker 238*61c4878aSAndroid Build Coastguard Worker LibFuzzer-style fuzzers are not currently supported by Pigweed when using 239*61c4878aSAndroid Build Coastguard Worker CMake. 240*61c4878aSAndroid Build Coastguard Worker 241*61c4878aSAndroid Build Coastguard Worker .. tab-item:: Bazel 242*61c4878aSAndroid Build Coastguard Worker :sync: bazel 243*61c4878aSAndroid Build Coastguard Worker 244*61c4878aSAndroid Build Coastguard Worker Specify the libFuzzer config and a sanitizer config when building fuzzers. 245*61c4878aSAndroid Build Coastguard Worker 246*61c4878aSAndroid Build Coastguard Worker .. code-block:: sh 247*61c4878aSAndroid Build Coastguard Worker 248*61c4878aSAndroid Build Coastguard Worker $ bazel build //my_module:my_fuzzer --config=asan --config=libfuzzer 249*61c4878aSAndroid Build Coastguard Worker 250*61c4878aSAndroid Build Coastguard Worker---------------------------------- 251*61c4878aSAndroid Build Coastguard WorkerStep 5: Running the fuzzer locally 252*61c4878aSAndroid Build Coastguard Worker---------------------------------- 253*61c4878aSAndroid Build Coastguard Worker.. tab-set:: 254*61c4878aSAndroid Build Coastguard Worker 255*61c4878aSAndroid Build Coastguard Worker .. tab-item:: GN 256*61c4878aSAndroid Build Coastguard Worker :sync: gn 257*61c4878aSAndroid Build Coastguard Worker 258*61c4878aSAndroid Build Coastguard Worker The fuzzer binary will be in a subdirectory related to the toolchain. 259*61c4878aSAndroid Build Coastguard Worker Additional `libFuzzer options`_ and `corpus`_ arguments can be passed on 260*61c4878aSAndroid Build Coastguard Worker the command line. For example: 261*61c4878aSAndroid Build Coastguard Worker 262*61c4878aSAndroid Build Coastguard Worker .. code-block:: sh 263*61c4878aSAndroid Build Coastguard Worker 264*61c4878aSAndroid Build Coastguard Worker $ out/host_clang_fuzz/obj/my_module/bin/my_fuzzer -seed=1 path/to/corpus 265*61c4878aSAndroid Build Coastguard Worker 266*61c4878aSAndroid Build Coastguard Worker Additional `sanitizer flags`_ may be passed uisng environment variables. 267*61c4878aSAndroid Build Coastguard Worker 268*61c4878aSAndroid Build Coastguard Worker .. tab-item:: CMake 269*61c4878aSAndroid Build Coastguard Worker :sync: cmake 270*61c4878aSAndroid Build Coastguard Worker 271*61c4878aSAndroid Build Coastguard Worker LibFuzzer-style fuzzers are not currently supported by Pigweed when using 272*61c4878aSAndroid Build Coastguard Worker CMake. 273*61c4878aSAndroid Build Coastguard Worker 274*61c4878aSAndroid Build Coastguard Worker .. tab-item:: Bazel 275*61c4878aSAndroid Build Coastguard Worker :sync: bazel 276*61c4878aSAndroid Build Coastguard Worker 277*61c4878aSAndroid Build Coastguard Worker Specify the libFuzzer config and a sanitizer config when building and 278*61c4878aSAndroid Build Coastguard Worker running fuzzers. For each fuzzer build rule with a given name, 279*61c4878aSAndroid Build Coastguard Worker `rules_fuzzing`_ produces a ``<name>_run`` target. For example: 280*61c4878aSAndroid Build Coastguard Worker 281*61c4878aSAndroid Build Coastguard Worker .. code-block:: sh 282*61c4878aSAndroid Build Coastguard Worker 283*61c4878aSAndroid Build Coastguard Worker $ bazel run //my_module:my_fuzzer_run --config=asan --config=libfuzzer\ 284*61c4878aSAndroid Build Coastguard Worker -- --timeout_secs=60 285*61c4878aSAndroid Build Coastguard Worker 286*61c4878aSAndroid Build Coastguard WorkerRunning the fuzzer should produce output similar to the following: 287*61c4878aSAndroid Build Coastguard Worker 288*61c4878aSAndroid Build Coastguard Worker.. code-block:: 289*61c4878aSAndroid Build Coastguard Worker 290*61c4878aSAndroid Build Coastguard Worker INFO: Seed: 305325345 291*61c4878aSAndroid Build Coastguard Worker INFO: Loaded 1 modules (46 inline 8-bit counters): 46 [0x38dfc0, 0x38dfee), 292*61c4878aSAndroid Build Coastguard Worker INFO: Loaded 1 PC tables (46 PCs): 46 [0x23aaf0,0x23add0), 293*61c4878aSAndroid Build Coastguard Worker INFO: 0 files found in corpus 294*61c4878aSAndroid Build Coastguard Worker INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes 295*61c4878aSAndroid Build Coastguard Worker INFO: A corpus is not provided, starting from an empty corpus 296*61c4878aSAndroid Build Coastguard Worker #2 INITED cov: 2 ft: 3 corp: 1/1b exec/s: 0 rss: 27Mb 297*61c4878aSAndroid Build Coastguard Worker #4 NEW cov: 3 ft: 4 corp: 2/3b lim: 4 exec/s: 0 rss: 27Mb L: 2/2 MS: 2 ShuffleBytes-InsertByte- 298*61c4878aSAndroid Build Coastguard Worker #11 NEW cov: 7 ft: 8 corp: 3/7b lim: 4 exec/s: 0 rss: 27Mb L: 4/4 MS: 2 EraseBytes-CrossOver- 299*61c4878aSAndroid Build Coastguard Worker #27 REDUCE cov: 7 ft: 8 corp: 3/6b lim: 4 exec/s: 0 rss: 27Mb L: 3/3 MS: 1 EraseBytes- 300*61c4878aSAndroid Build Coastguard Worker #29 REDUCE cov: 7 ft: 8 corp: 3/5b lim: 4 exec/s: 0 rss: 27Mb L: 2/2 MS: 2 ChangeBit-EraseBytes- 301*61c4878aSAndroid Build Coastguard Worker #445 REDUCE cov: 9 ft: 10 corp: 4/13b lim: 8 exec/s: 0 rss: 27Mb L: 8/8 MS: 1 InsertRepeatedBytes- 302*61c4878aSAndroid Build Coastguard Worker ... 303*61c4878aSAndroid Build Coastguard Worker 304*61c4878aSAndroid Build Coastguard Worker.. TODO: b/282560789 - Add guides/improve_fuzzers.rst 305*61c4878aSAndroid Build Coastguard Worker.. TODO: b/281139237 - Add guides/continuous_fuzzing.rst 306*61c4878aSAndroid Build Coastguard Worker.. ---------- 307*61c4878aSAndroid Build Coastguard Worker.. Next steps 308*61c4878aSAndroid Build Coastguard Worker.. ---------- 309*61c4878aSAndroid Build Coastguard Worker.. Once you have created a fuzzer, you may want to: 310*61c4878aSAndroid Build Coastguard Worker 311*61c4878aSAndroid Build Coastguard Worker.. * `Run it continuously on a fuzzing infrastructure <continuous_fuzzing>`_. 312*61c4878aSAndroid Build Coastguard Worker.. * `Measure its code coverage and improve it <improve_a_fuzzer>`_. 313*61c4878aSAndroid Build Coastguard Worker 314*61c4878aSAndroid Build Coastguard Worker.. inclusive-language: disable 315*61c4878aSAndroid Build Coastguard Worker 316*61c4878aSAndroid Build Coastguard Worker.. _AddressSanitizer: https://github.com/google/sanitizers/wiki/AddressSanitizer 317*61c4878aSAndroid Build Coastguard Worker.. _continuous_fuzzing: :ref:`module-pw_fuzzer-guides-continuous_fuzzing` 318*61c4878aSAndroid Build Coastguard Worker.. _corpus: https://llvm.org/docs/LibFuzzer.html#corpus 319*61c4878aSAndroid Build Coastguard Worker.. _fuzz target function: https://llvm.org/docs/LibFuzzer.html#fuzz-target 320*61c4878aSAndroid Build Coastguard Worker.. _FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION: https://llvm.org/docs/LibFuzzer.html#fuzzer-friendly-build-mode 321*61c4878aSAndroid Build Coastguard Worker.. _FuzzedDataProvider: https://github.com/llvm/llvm-project/blob/HEAD/compiler-rt/include/fuzzer/FuzzedDataProvider.h 322*61c4878aSAndroid Build Coastguard Worker.. _improve_fuzzers: :ref:`module-pw_fuzzer-guides-improve_fuzzers 323*61c4878aSAndroid Build Coastguard Worker.. _libFuzzer: https://llvm.org/docs/LibFuzzer.html 324*61c4878aSAndroid Build Coastguard Worker.. _libFuzzer options: https://llvm.org/docs/LibFuzzer.html#options 325*61c4878aSAndroid Build Coastguard Worker.. _rules_fuzzing: https://github.com/bazel-contrib/rules_fuzzing/blob/master/docs/guide.md#building-and-running 326*61c4878aSAndroid Build Coastguard Worker.. _sanitizer flags: https://github.com/google/sanitizers/wiki/SanitizerCommonFlags 327*61c4878aSAndroid Build Coastguard Worker.. _split a fuzzing input: https://github.com/google/fuzzing/blob/HEAD/docs/split-inputs.md 328*61c4878aSAndroid Build Coastguard Worker.. _startup initialization: https://llvm.org/docs/LibFuzzer.html#startup-initialization 329*61c4878aSAndroid Build Coastguard Worker.. _structure aware fuzzing: https://github.com/google/fuzzing/blob/HEAD/docs/structure-aware-fuzzing.md 330*61c4878aSAndroid Build Coastguard Worker.. _valid options: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html 331*61c4878aSAndroid Build Coastguard Worker 332*61c4878aSAndroid Build Coastguard Worker.. inclusive-language: enable 333