LibFuzzer.rst - OpenGrok cross reference for /external/llvm/docs/LibFuzzer.rst

Lines Matching refs:fuzzing
11 LibFuzzer is a library for in-process, coverage-guided, evolutionary fuzzing
15 all of its fuzzing inside a single process.  This in-process fuzzing can be more
20 library via a specific fuzzing entrypoint (aka "target function"); the fuzzer
67 The first step for using libFuzzer on a library is to implement a fuzzing
89 Then build the fuzzing target function and the library under test using
91 can retrieve code coverage information (to guide the fuzzing).  Linking with
127 fuzzing entrypoint still works and that all of the sample inputs run through
130 If you have a large corpus (either generated by fuzzing or acquired by other means)
168 By default, the fuzzing process will continue indefinitely – at least until
170 stopping the fuzzing process, and the particular input that triggered the bug
185 that `N` fuzzing jobs should be run to completion (i.e. until a bug is found or
206 then it will re-run those files as test inputs but will not perform any fuzzing.
244   by other fuzzing processes.
246   Number of fuzzing jobs to run to completion. Default value is 0, which runs a
247   single fuzzing process until completion.  If the value is >= 1, then this
248   number of jobs performing fuzzing are run, in a collection of parallel
252   Number of simultaneous worker processes to run the fuzzing jobs to completion
260   Use instruction traces (experimental, defaults to 0); see `Data-flow-guided fuzzing`_.
264   Provide a prefix to use when saving fuzzing artifacts (crash, timeout, or
275   try to detect memory leaks during fuzzing (i.e. not only at shut down).
411   # Build the fuzzing target function that does something interesting with PCRE2.
502 fuzzing with AddressSanitizer_ can find Heartbleed. Indeed, here are the step-by-step instructions
591 Data-flow-guided fuzzing
596 and extra run-time flag ``-use_traces=1`` the fuzzer will try to apply *data-flow-guided fuzzing*.
605 Sometimes the code under test is not fuzzing-friendly. Examples:
615 In many cases it makes sense to build a special fuzzing-friendly build
616 with certain fuzzing-unfriendly features disabled. We propose to use a common build macro
623     // In fuzzing mode the behavior of the code should be deterministic.
644 Currently, there is no simple way to run both fuzzing engines in parallel while sharing the same co…
661 This will run all tests in the CORPUS_DIR but will not perform any fuzzing.
706 For in-process fuzzing this is inconvenient
823   asserts/crashes on invalid inputs, in-process fuzzing is not applicable.
838   execution of one test) the fuzzing results will be unreliable.