$ cargo install cargo-fuzz

Note: libFuzzer needs LLVM sanitizer support, so this only works on x86-64 and Aarch64, and only on Unix-like operating systems (not Windows). This also needs a nightly compiler since it uses some unstable command-line flags. You'll also need a C++ compiler with C++11 support.

Initialize a cargo fuzz project for your crate!

fuzz directory can be either a part of an existing workspace (default) or use an independent workspace. If latter is desired, you can use cargo fuzz init --fuzzing-workspace=true.

Create a new fuzzing target!

Run a fuzzing target and find bugs!

Print the std::fmt::Debug output for a test case. Useful when your fuzz target takes an Arbitrary input!

Found a failing input? Minify it to the smallest input that causes that failure for easier debugging!

Minify your corpus of input files!

Generate coverage information on the fuzzed program!

Documentation can be found in the Rust Fuzz Book.

You can also always find the full command-line options that are available with --help:

$ cargo fuzz --help

The trophy case has a list of bugs found by cargo fuzz (and others). Did cargo fuzz and libFuzzer find a bug for you? Add it to the trophy case!

cargo-fuzz is distributed under the terms of both the MIT license and the Apache License (Version 2.0).

See LICENSE-APACHE and LICENSE-MIT for details.