1# The `libfuzzer-sys` Crate 2 3Barebones wrapper around LLVM's libFuzzer runtime library. 4 5The CPP parts are extracted from compiler-rt git repository with `git filter-branch`. 6 7libFuzzer relies on LLVM sanitizer support. The Rust compiler has built-in support for LLVM sanitizer support, for now, it's limited to Linux. As a result, `libfuzzer-sys` only works on Linux. 8 9## Usage 10 11### Use `cargo fuzz`! 12 13[The recommended way to use this crate with `cargo fuzz`!][cargo-fuzz]. 14 15[cargo-fuzz]: https://github.com/rust-fuzz/cargo-fuzz 16 17### Manual Usage 18 19This crate can also be used manually as following: 20 21First create a new cargo project: 22 23``` 24$ cargo new --bin fuzzed 25$ cd fuzzed 26``` 27 28Then add a dependency on the `fuzzer-sys` crate and your own crate: 29 30```toml 31[dependencies] 32libfuzzer-sys = "0.3.0" 33your_crate = { path = "../path/to/your/crate" } 34``` 35 36Change the `fuzzed/src/main.rs` to fuzz your code: 37 38```rust 39#![no_main] 40 41use libfuzzer_sys::fuzz_target; 42 43fuzz_target!(|data: &[u8]| { 44 // code to fuzz goes here 45}); 46``` 47 48Build by running the following command: 49 50```sh 51$ cargo rustc -- \ 52 -C passes='sancov' \ 53 -C llvm-args='-sanitizer-coverage-level=3' \ 54 -C llvm-args='-sanitizer-coverage-inline-8bit-counters' \ 55 -Z sanitizer=address 56``` 57 58And finally, run the fuzzer: 59 60```sh 61$ ./target/debug/fuzzed 62``` 63 64## Updating libfuzzer from upstream 65 66``` 67./update-libfuzzer.sh <github.com/llvm-mirror/llvm-project SHA1> 68``` 69 70## License 71 72All files in `libfuzzer` directory are licensed NCSA. 73 74Everything else is dual-licensed Apache 2.0 and MIT. 75