cargo subcommand for fuzzing with
libFuzzer! Easy to use!
$ cargo install cargo-fuzz
libFuzzer needs LLVM sanitizer support, so this only works on x86-64 Linux, x86-64 macOS
and Apple-Silicon (aarch64) macOS for now. This also needs a nightly compiler since it uses some
unstable command-line flags. You'll also need a C++ compiler with C++11 support.
If you have an old version of
cargo fuzz, you can upgrade with this command:
$ cargo install -f cargo-fuzz
cargo fuzz init
cargo fuzz project for your crate!
cargo fuzz add <target>
Create a new fuzzing target!
cargo fuzz run <target>
Run a fuzzing target and find bugs!
cargo fuzz fmt <target> <input>
std::fmt::Debug output for a test case. Useful when your fuzz target
cargo fuzz tmin <target> <input>
Found a failing input? Minify it to the smallest input that causes that failure for easier debugging!
cargo fuzz cmin <target>
Minify your corpus of input files!
cargo fuzz coverage <target>
Generate coverage information on the fuzzed program!
Documentation can be found in the Rust Fuzz Book.
You can also always find the full command-line options that are available with
$ cargo fuzz --help
The trophy case has a list of bugs
cargo fuzz (and others). Did
cargo fuzz and libFuzzer find a bug
for you? Add it to the trophy case!
cargo-fuzz is distributed under the terms of both the MIT license and the
Apache License (Version 2.0).