Custom builds of the Swift toolchain (including development snapshots)
have a built-in libFuzzer
integration. In order to use it on a file
myfile.swift
, define an entry point fuzzing function with a
@_cdecl("LLVMFuzzerTestOneInput")
annotation:
@_cdecl("LLVMFuzzerTestOneInput")
public func test(_ start: UnsafeRawPointer, _ count: Int) -> CInt {
let bytes = UnsafeRawBufferPointer(start: start, count: count)
// TODO: Test the code using the provided bytes.
return 0
}
To compile it, use the -sanitize=fuzzer
flag to link libFuzzer
and enable code coverage information; and the -parse-as-library
flag
to omit the main
symbol, so that the fuzzer entry point can be used:
% swiftc -sanitize=fuzzer -parse-as-library myfile.swift
libFuzzer
can be combined with other sanitizers:
% swiftc -sanitize=fuzzer,address -parse-as-library myfile.swift
Finally, launch the fuzzing process:
% ./myfile
Refer to the official libFuzzer
documentation at
https://llvm.org/docs/LibFuzzer.html#options
for a description of the fuzzer's command line options.