75f12bd0eb
* Tackling UB * PtrMut -> MutPtr, moved mapobservers to non-UB * QEMU fixes * test fixes * qemu * Change all interfaces, fix all fuzzers * fixes * fix more fixes * fmt * fix qemu sugar * fix some qemus * atheris * fmt * more fmt * most fmt * more fix * nyx fyx * fix qemu * clippy, fixes * more fixes * no unfix, only fix * fix * fix * more clippy * fixes * ListObserver * fmt, clippy * fix qemu on arm * update zlib target * fix? * fix * added migration guide * ignore doc * fix symcc * fix new win fuzzer * Fixes, rename PTR_SIZE to PTR_NUM * Try fix linking on win * Trying to fix win linking * more cov * trying to fix win some more * trying to fix mac * trying to fix mac * Fix tests * Fix tests * trying to fix win * more mac * giving up for windows * fmt * python3 * mac? * undo windows tests
Fuzzbench Harness
This folder contains an example fuzzer tailored for fuzzbench. It uses the best possible setting, with the exception of a SimpleRestartingEventManager instead of an LlmpEventManager - since fuzzbench is single threaded. Real fuzz campaigns should consider using multithreaded LlmpEventManager, see the other examples.
Build
To build this example, run cargo build --release.
This will build the fuzzer compilers (libafl_cc and libafl_cpp) with src/lib.rs as fuzzer.
The fuzzer uses the libfuzzer compatibility layer and the SanitizerCoverage runtime functions for coverage feedback.
These can then be used to build libfuzzer harnesses in the software project of your choice.
Finally, just run the resulting binary with out_dir, in_dir.
In any real-world scenario, you should use taskset to pin each client to an empty CPU core, the lib does not pick an empty core automatically (yet).