Generalize fuzz macro #119
Comments
|
@PaulGrandperrin, even after seeing https://github.com/rust-fuzz/libfuzzer-sys/pull/33 and rust-fuzz/afl.rs#137, I don't think this should be closed or at least that we can go one step further. If you don't agree, feel free to close it again. Is there any reason to not also put the extern crate and Let's compare the code you write for the three fuzzers right now: /// AFL
extern crate afl;
fn main() {
// … setup …
afl::read_stdio_bytes(|data|{
// … your code …
});
}/// honggfuzz
#[macro_use] extern crate honggfuzz;
fn main() {
// … setup …
loop {
fuzz!(|data|{
// … your code …
})
}
}/// libfuzzer after this https://github.com/rust-fuzz/libfuzzer-sys/pull/33
#[macro_use] extern crate libfuzzer_sys;
fn main() {
// … setup …
fuzz!(|data: &[u8]| {
// … your code …
});
}This looks all very similar to me, except for the extern crate and the way you separate your fuzz code from your setup code. In an ideal world, cargo-fuzz and the code in #[macro_use] extern crate fuzz;
fuzz!(
optional_name_if_you_want_it_to_differ_from_the_binary_name,
setup { /* setup is optional */ },
|data: Type| { /* actual fuzzer code */ }
);and invoking it with |
Currently a fuzz target looks like
Ideally, it would instead look like
where the macro introduces the no_main and the libfuzzer_sys.
This means we could use the same script for a
quickcheck, or for running with seerThe exact code it expands to can be controlled by a cfg that is a part of the macro expansion. This way we can have cargo-fuzz also do things like
cargo fuzz seer name_of_scriptorcargo fuzz quickcheck name_of_script, which will pass different cfg args to the fuzzer script and do a completely different thing.Having a common API would be pretty neat, overall. Also makes it easier to be agnostic over the fuzzer.
cc @nagisa @frewsxcv @dwrensha
The text was updated successfully, but these errors were encountered: