Swift compiler comes with a built-in libFuzzer
integration.
In order to use it on a file myfile.swift
, we define an entry point fuzzing function
with a @_cdecl("LLVMFuzzerTestOneInput")
annotation:
@_cdecl("LLVMFuzzerTestOneInput") public func fuzzMe(Data: UnsafePointer<CChar>, Size: CInt) -> CInt{
// Test our code using provided Data.
}
}
To compile it, we use -sanitize=fuzzer
flag to link libFuzzer
and enable coverage annotation, and -parse-as-library
flag not to insert
the main
symbol, such that the fuzzer entry point can be used:
% swiftc -sanitize=fuzzer -parse-as-library myfile.swift
libFuzzer
can be also combined with other sanitizers:
% swiftc -sanitize=fuzzer,address -parse-as-library myfile.swift
Finally, we launch the fuzzing process:
% ./a.out
Refer to the official libFuzzer
documentation at http://llvm.org/docs/LibFuzzer.html
for the description of flags the resulting binary has.