test-fuzz 0.1.0-alpha.12

To make fuzzing Rust easy
docs.rs failed to build test-fuzz-0.1.0-alpha.12
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Visit the last successful build: test-fuzz-5.0.0

test-fuzz

Installation

$ cargo install cargo-test-fuzz --version '>=0.1.0-alpha'

Usage

  1. Identify a fuzz target:

    • Add the following dependencies to the target crate's Cargo.toml file: 
      serde = "1.0"
test-fuzz = "0.1.0-alpha"
    • Precede the target function with the test_fuzz attribute: 
      #[test_fuzz::test_fuzz]
fn foo(...) {
    ...
}

  2. Generate a corpus by running cargo test:

    $ cargo test

  3. Fuzz your target by running cargo test-fuzz:

    $ cargo test-fuzz --target foo

Components

test_fuzz attribute

TODO

Options

  • include_in_production - TODO

  • rename = "name" - TODO

  • skip - TODO

  • specialize = "arguments" - TODO

  • specialize_impl = "arguments" - TODO

test_fuzz_impl attribute

TODO

test_fuzz_impl currently has no options.

cargo test-fuzz command

TODO

Options

  • -- <args>... - Arguments for the fuzzer

  • --backtrace - Display backtraces

  • --consolidate - Move one target's crashes and work queue to its corpus; to consolidate all targets, use --consolidate-all

  • --display-corpus - Display corpus using uninstrumented fuzz target; to display with instrumentation, use --display-corpus-instrumented

  • --display-crashes - Display crashes

  • --display-queue - Display work queue

  • --exact - Target name is an exact name rather than a substring

  • --list - List fuzz targets

  • --no-instrumentation - Compile without instrumentation (for testing build process)

  • --no-run - Compile, but don't fuzz

  • --no-ui - Disable user interface

  • --persistent - Enable persistent mode fuzzing

  • --pretty-print - Pretty-print debug output when displaying/replaying

  • --replay-corpus - Replay corpus using uninstrumented fuzz target; to replay with instrumentation, use --replay-corpus-instrumented

  • --replay-crashes - Replay crashes

  • --replay-queue - Replay work queue

  • --reset - Clear fuzzing data for one target, but leave corpus intact; to reset all targets, use --reset-all

  • --resume - Resume target's last fuzzing session

  • --run-until-crash - Stop fuzzing once a crash is found

  • -p, --package = <package> - Package containing fuzz target

  • --target = <target> - String that fuzz target's name must contain

test_fuzz crate

TODO

Features

  • persistent - TODO

Environment Variables

  • TEST_FUZZ_LOG - TODO

  • TEST_FUZZ_MANIFEST_PATH - TODO

  • TEST_FUZZ_WRITE - TODO

TODO

Limitations

  • Clonable arguments - TODO

  • Serializable arguments - TODO

  • Global variables - TODO