- Shared-memory coverage bitmap
- Forkserver & persistent-mode harness example
- Deterministic & havoc mutations + splicing
- Corpus/queue management and crash triage
- Minimizer stub and testcase triage script
- LLVM instrumentation pass scaffold
- Dockerfile, GitHub Actions CI, and unit-test harness
- Example targets and integration tests
make
# build example target
gcc -O0 -g target_examples/persistent_target.c -o target_examples/persistent_target./build/fuzzer ./target_examples/persistent_targetFor full docs, see docs/.
- Run containers with resource limits:
docker run --rm --memory=1g --cpus=1 ... - Prefer running fuzzers inside isolated VMs or containers to avoid accidental system crashes.
A minimal manifest is included under k8s/ to run a single-worker fuzzing pod (example only).
- Forkserver with a simplified XFL handshake (
src/forkserver_full.c) - LLVM pass scaffold (CMake) in
tools/llvm_passto instrument basic blocks - MOpt-like power schedule and mutation chooser (
src/mopt.c) - Multi-node corpus sync scripts (
scripts/sync_corpus.sh,scripts/coordinator.sh) - Git repo initialized with a minimal commit history
- LLVM pass is a scaffold and needs LLVM dev env to build; it does not yet write to shared memory.
- Forkserver is simplified and demonstrates handshaking; for high-throughput fuzzing tune file descriptors and buffering.