Bug: 172670888

Clone this repo:
  1. 4e031b3 Refresh Android.bp, cargo2android.json, TEST_MAPPING. am: 054bf812d3 am: f31e000ab7 am: abe372e658 am: 3f409855fe by Joel Galenson · 12 months ago android13-dev android13-frc-adbd-release android13-frc-art-release android13-frc-cellbroadcast-release android13-frc-conscrypt-release android13-mainline-adservices-release android13-mainline-appsearch-release android13-mainline-go-adbd-release android13-mainline-go-adservices-release android13-mainline-go-appsearch-release android13-mainline-go-media-swcodec-release android13-mainline-go-mediaprovider-release android13-mainline-go-networking-release android13-mainline-go-neuralnetworks-release android13-mainline-go-odp-release android13-mainline-go-os-statsd-release android13-mainline-go-permission-release android13-mainline-go-resolv-release android13-mainline-go-scheduling-release android13-mainline-go-sdkext-release android13-mainline-go-tethering-release android13-mainline-go-tzdata4-release android13-mainline-go-uwb-release android13-mainline-go-wifi-release android13-mainline-tzdata4-release android13-mainline-uwb-release main-16k master aml_ads_331131000 aml_ase_331011020 aml_go_adb_330913000 aml_go_ads_330913000 aml_go_ase_330913000 aml_go_mpr_330912000 aml_go_net_330913000 aml_go_neu_330912000 aml_go_odp_330912000 aml_go_per_330912000 aml_go_res_330912000 aml_go_sch_330911000 aml_go_sdk_330810000 aml_go_sta_330911000 aml_go_swc_330913000 aml_go_tet_330914010 aml_go_tz4_330912000 aml_go_uwb_330912000 aml_go_wif_330911000 aml_tz4_331012000 aml_tz4_331012040 aml_tz4_331012050 aml_uwb_330810010 aml_uwb_331015040 t_frc_adb_330444000 t_frc_art_330443060 t_frc_ase_330444010 t_frc_cbr_330443000 t_frc_con_330443020
  2. 3f40985 Refresh Android.bp, cargo2android.json, TEST_MAPPING. am: 054bf812d3 am: f31e000ab7 am: abe372e658 by Joel Galenson · 12 months ago
  3. abe372e Refresh Android.bp, cargo2android.json, TEST_MAPPING. am: 054bf812d3 am: f31e000ab7 by Joel Galenson · 12 months ago
  4. f31e000 Refresh Android.bp, cargo2android.json, TEST_MAPPING. am: 054bf812d3 by Joel Galenson · 12 months ago
  5. 054bf81 Refresh Android.bp, cargo2android.json, TEST_MAPPING. by Joel Galenson · 12 months ago android-s-qpr3-beta-1 android-s-v2-beta-3 android-t-preview-1 android-s-qpr3-beta-1 android-s-v2-beta-3 android-t-beta-3 android-t-preview-1 android-t-preview-2

The libfuzzer-sys Crate

Barebones wrapper around LLVM's libFuzzer runtime library.

The CPP parts are extracted from compiler-rt git repository with git filter-branch.

libFuzzer relies on LLVM sanitizer support. The Rust compiler has built-in support for LLVM sanitizer support, for now, it's limited to Linux. As a result, libfuzzer-sys only works on Linux.


Use cargo fuzz!

The recommended way to use this crate with cargo fuzz!.

Manual Usage

This crate can also be used manually as following:

First create a new cargo project:

$ cargo new --bin fuzzed
$ cd fuzzed

Then add a dependency on the fuzzer-sys crate and your own crate:

libfuzzer-sys = "0.4.0"
your_crate = { path = "../path/to/your/crate" }

Change the fuzzed/src/main.rs to fuzz your code:


use libfuzzer_sys::fuzz_target;

fuzz_target!(|data: &[u8]| {
    // code to fuzz goes here

Build by running the following command:

$ cargo rustc -- \
    -C passes='sancov' \
    -C llvm-args='-sanitizer-coverage-level=3' \
    -C llvm-args='-sanitizer-coverage-inline-8bit-counters' \
    -Z sanitizer=address

And finally, run the fuzzer:

$ ./target/debug/fuzzed

Updating libfuzzer from upstream

./update-libfuzzer.sh <github.com/llvm-mirror/llvm-project SHA1>


All files in libfuzzer directory are licensed NCSA.

Everything else is dual-licensed Apache 2.0 and MIT.