Guide

All available commands available for cargo-fuzz:

cargo fuzz --help

Run a target:

cargo fuzz run <fuzz target name>

Cargo features

It is possible to fuzz crates with different configurations of Cargo features by using the command line options --features, --no-default-features and --all-features. Note that these options control the fuzz_targets crate; you will need to forward them to the crate being fuzzed by e.g. adding the following to fuzz_targets/Cargo.toml:

[features]
unsafe = ["project/unsafe"]

`#[cfg(fuzzing)]`

Every crate instrumented for fuzzing -- the fuzz_targets crate, the project crate, and their entire dependency tree -- is compiled with the --cfg fuzzing rustc option. This makes it possible to disable code paths that prevent fuzzing from working, e.g. verification of cryptographic signatures, with a simple #[cfg(not(fuzzing))], and without the need for an externally visible Cargo feature that must be maintained throughout every dependency.

`#[cfg(fuzzing_repro)]`

When you run cargo fuzz run <fuzz target name> <crash file>, every crate is compiled with the --cfg fuzzing_repro rustc option. This allows you to leave debugging statements in your fuzz targets behind a #[cfg(fuzzing_repro)]:


#![allow(unused)]
fn main() {
#[cfg(fuzzing_repro)]
eprintln!("Input data: {}", expensive_pretty_print(&data));
}

libFuzzer configuration options

See all the libFuzzer options:

cargo fuzz run <fuzz target name> -- -help=1

For example, to generate only ASCII inputs, run:

cargo fuzz run <fuzz target name> -- -only_ascii=1

Rust Fuzz Book

Guide

Cargo features

#[cfg(fuzzing)]

#[cfg(fuzzing_repro)]

libFuzzer configuration options

`#[cfg(fuzzing)]`

`#[cfg(fuzzing_repro)]`