Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / thrift / refs/heads/master / . / lib / cpp / test / fuzz
tree: b52a157e8ff76fa4cc29f0f81d66fe1c4c920acb [path history] [tgz]
  1. CMakeLists.txt
  2. FuzzCommon.tcc
  3. FuzzParseBinary.cpp
  4. FuzzParseCompact.cpp
  5. FuzzParseJson.cpp
  6. FuzzRoundtripBinary.cpp
  7. FuzzRoundtripCompact.cpp
  8. FuzzRoundtripJson.cpp
  9. Makefile.am
  10. README.md
lib/cpp/test/fuzz/README.md

C++ Fuzzing README

To build the fuzz targets, run make check in this directory. The build system uses LLVM's libFuzzer for fuzzing the C++ Thrift implementation.

These are standard libFuzzer targets, so you can run them using the standard libFuzzer interface. After building, you can run a fuzzer using:

./<fuzzer_name>

We currently have six fuzz targets:

  • FuzzParseBinary -- fuzzes the deserialization of the Binary protocol
  • FuzzParseCompact -- fuzzes the deserialization of the Compact protocol
  • FuzzParseJson -- fuzzes the deserialization of the JSON protocol
  • FuzzRoundtripBinary -- fuzzes the roundtrip of the Binary protocol (i.e. serializes then deserializes and compares the result)
  • FuzzRoundtripCompact -- fuzzes the roundtrip of the Compact protocol
  • FuzzRoundtripJson -- fuzzes the roundtrip of the JSON protocol

The fuzzers use libFuzzer's built-in mutation engine to generate test cases. Each fuzzer implements the standard LLVMFuzzerTestOneInput interface and uses common testing code from FuzzCommon.tcc.

For more information about libFuzzer and its options, see the libFuzzer documentation.

You can also use the corpus generator from the Rust implementation to generate initial corpus files that can be used with these C++ fuzzers, since the wire formats are identical between implementations.