This crate contains support for fuzzing Libra targets. This support
includes:
* corpus generation with proptest
* automatically running failing examples with cargo test
Install cargo-fuzz if not already available: cargo install cargo-fuzz.
To list out known fuzz targets, run cargo run list.
To be effective, fuzzing requires a corpus of existing inputs. This
crate contains support for generating corpuses with proptest. Generate
a corpus with cargo run generate <target>.
Once a corpus has been generated, the fuzzer is ready to use: run
cargo run fuzz <target>.
For more options, run cargo run -- --help.
Fuzz targets go in src/fuzz_targets/. Adding a new target involves
creating a new type and implementing FuzzTargetImpl for it.
For examples, see the existing implementations in src/fuzz_targets/.
Remember to add your target to ALL_TARGETS in src/fuzz_targets.rs.
Once that has been done, cargo run list should list your new target.
If the fuzzer finds a failing artifact, it will save the artifact to a
file inside the fuzz directory and print its path. To add this
artifact to the test suite, copy it to a file inside
artifacts/<target>/.
cargo test will now test the deserializer against the new artifact.
The test will likely fail at first use.
Note that cargo test runs each test in a separate process by default
to isolate failures and memory usage; if you're attaching a debugger and
are running a single test, set NO_FORK=1 to disable forking.
Once the deserializer has been fixed, check the artifact into the
artifacts/<target>/ directory. The artifact will then act as a
regression test in cargo test runs.