6810e6085b
* builder for CommandExecutor * tokens api cleanup, clippy * fix doctest * cleanup * added testcase, remodelled * command executor builder fix * fix fuzzer(?) * implemented From for configurator * nits * clippy * unused * autotokens * cleanup * nits * Err instead of empty tokens * fix tokens fn * fix err * more error fixing * tokens remodelling * typo * recoverable fail on missing autotokens * clippy, nostd * asslice, into_iter, etc. for tokens * adapt fuzzers * iter * fixes, clippy * fix * more clippy * no_std * more fix * fixed typo * cmd_executor builds again * bring back ASAN stuff to Command Executor * forkserver speedup * no need to static * back to earlier
Fuzzbench Harness
This folder contains an example fuzzer tailored for fuzzbench. It uses the best possible setting, with the exception of a SimpleRestartingEventManager instead of an LlmpEventManager - since fuzzbench is single threaded. Real fuzz campaigns should consider using multithreaded LlmpEventManager, see the other examples.
Build
To build this example, run cargo build --release.
This will build the fuzzer compilers (libafl_cc and libafl_cpp) with src/lib.rs as fuzzer.
The fuzzer uses the libfuzzer compatibility layer and the SanitizerCoverage runtime functions for coverage feedback.
These can then be used to build libfuzzer harnesses in the software project of your choice.
Finally, just run the resulting binary with out_dir, in_dir.
In any real-world scenario, you should use taskset to pin each client to an empty CPU core, the lib does not pick an empty core automatically (yet).