Fuzzing unit

These tests are generally advised to run only on GNU/Linux.

Build fuzzers using libFuzzer.

Running sh fuzzing/build-fuzz.sh can build all the fuzzers with standard ASan and UBSan.

More comprehensive How-to Guide.

Export flags that are to be used by Unit for fuzzing.

Note that in CFLAGS and CXXFLAGS, any type of sanitizers can be added.

• AddressSanitizer, ThreadSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, LeakSanitizer.

$ export CC=clang
$ export CXX=clang++
$ export CFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=fuzzer-no-link"
$ export CXXFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION  -fsanitize=fuzzer-no-link"
$ export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"

Build Unit for Fuzzing.

$ ./configure --no-regex --no-pcre2 --fuzz=$LIB_FUZZING_ENGINE
$ make fuzz -j$(nproc)

Running fuzzers.

$ mkdir -p build/fuzz_basic_seed
$ mkdir -p build/fuzz_http_controller_seed
$ mkdir -p build/fuzz_http_h1p_seed
$ mkdir -p build/fuzz_http_h1p_peer_seed
$ mkdir -p build/fuzz_json_seed

$ ./build/fuzz_basic            build/fuzz_basic_seed            fuzzing/fuzz_basic_seed_corpus
$ ./build/fuzz_http_controller  build/fuzz_http_controller_seed  fuzzing/fuzz_http_seed_corpus
$ ./build/fuzz_http_h1p         build/fuzz_http_h1p_seed         fuzzing/fuzz_http_seed_corpus
$ ./build/fuzz_http_h1p_peer    build/fuzz_http_h1p_peer_seed    fuzzing/fuzz_http_seed_corpus
$ ./build/fuzz_json             build/fuzz_json_seed             fuzzing/fuzz_json_seed_corpus

Here is more information about LibFuzzer.

Build fuzzers using other fuzzing engines.

• Honggfuzz.
• AFLplusplus.

Requirements.

You will likely need at least the following packages installed (package names may vary).

clang, llvm & compiler-rt