Skip to main content

FuzzRun

dev_fuzz

Struct FuzzRun 

Source 
pub struct FuzzRun { /* private fields */ }
Expand description

Configuration for a fuzz run.

§Example

use dev_fuzz::{FuzzBudget, FuzzRun, Sanitizer};
use std::time::Duration;

let run = FuzzRun::new("parse_input", "0.1.0")
    .budget(FuzzBudget::time(Duration::from_secs(60)))
    .sanitizer(Sanitizer::Address)
    .timeout_per_iter(Duration::from_secs(5))
    .rss_limit_mb(2048);

let _result = run.execute().unwrap();

Implementations§

Source§

impl FuzzRun

Source

pub fn new(target: impl Into<String>, version: impl Into<String>) -> Self

Begin a new fuzz run against the given fuzz target.

target is the libFuzzer target name (the file under fuzz/fuzz_targets/<target>.rs). version is descriptive and flows into the produced Report.

Source

pub fn budget(self, budget: FuzzBudget) -> Self

Set the run budget. Default: 60 seconds of wall-clock time.

Source

pub fn fuzz_budget(&self) -> FuzzBudget

Selected budget.

Source

pub fn in_dir(self, dir: impl Into<PathBuf>) -> Self

Run cargo fuzz from dir instead of the current directory.

Source

pub fn sanitizer(self, sanitizer: Sanitizer) -> Self

Pick the sanitizer to enable. Default: Sanitizer::Address.

Source

pub fn timeout_per_iter(self, d: Duration) -> Self

Per-iteration timeout. Translates to libFuzzer’s -timeout=<secs>.

Source

pub fn rss_limit_mb(self, mb: u32) -> Self

Per-iteration RSS limit, in megabytes. Translates to libFuzzer’s -rss_limit_mb=<N>.

Source

pub fn allow(self, name: impl Into<String>) -> Self

Suppress a finding whose reproducer-path basename matches name.

Useful for known false positives that have a triaged reproducer already on disk (e.g. crash-deadbeef). The match is on the final path component only.

Source

pub fn allow_all<I, S>(self, names: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Bulk version of allow.

Source

pub fn target_name(&self) -> &str

Target name (the fuzz_targets/<name>.rs file).

Source

pub fn subject_version(&self) -> &str

Descriptive subject version.

Source

pub fn execute(&self) -> Result<FuzzResult, FuzzError>

Execute the fuzz run.

Spawns cargo +nightly fuzz run <target> with the configured budget, sanitizer, and limits. Captures stderr (where libFuzzer writes its findings) and parses out crash / timeout / OOM records with reproducer paths.

Tool / nightly / target-not-found preconditions surface as typed FuzzError variants. No panics.

Trait Implementations§

Source§

impl Clone for FuzzRun

Source§

fn clone(&self) -> FuzzRun

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for FuzzRun

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.