The utilities library contains fuzz targets that can be built with LLVM libFuzzer. Fuzzing is enabled when using the Clang compiler and the UTILS_LIBFUZZER CMake option.
Configure CMake with Clang and enable the libFuzzer option:
cmake \ -G Ninja \ -S . -B build \ -DCMAKE_C_COMPILER=clang \ -DCMAKE_CXX_COMPILER=clang++ \ -DENABLE_FUZZING=ON
Build the fuzzer executables:
cmake --build build --parallel --target celix_properties_fuzzer celix_version_fuzzer celix_filter_fuzzer
The corpus directories for the fuzzers contain a few seed inputs, which help guide the initial fuzzing process. More files can be added to these directories to improve coverage. The fuzzer will automatically use all files in the specified corpus directory as starting points for mutation and exploration.
The resulting fuzzers accept standard libFuzzer command line options. For example, to run each fuzzer for 30 seconds using the provided seed corpus and print coverage information:
./build/libs/utils/celix_filter_fuzzer -max_total_time=30 -print_coverage=1 ./build/libs/utils/filter_corpus
Replace celix_filter_fuzzer and filter_corpus with the appropriate fuzzer executable and corpus directory as needed. To see a list of supported command-line flags, run the fuzzer executable with the -help=1 option. For example:
./build/libs/utils/celix_filter_fuzzer -help=1
This will display all available LibFuzzer options.
A GitHub Actions workflow runs the fuzzer periodically. The workflow configuration can be found at .github/workflows/fuzzing.yml.