| Hasnain Lakhani | 7ac79ab | 2025-08-25 14:40:43 -0700 | [diff] [blame] | 1 | # Rust fuzzing README |
| 2 | |
| 3 | To build the fuzz targets, simply run `make check` in this directory |
| 4 | |
| 5 | These are standard cargo fuzz targets, so you can use the [standard cargo fuzz commands](https://rust-fuzz.github.io/book/introduction.html) to build and run them. You can also build with cargo fuzz directly after the initial build with `make check`, e.g. run `cargo fuzz run $fuzzer_name` |
| 6 | |
| 7 | We currently have six fuzz targets: |
| 8 | |
| 9 | * parse_compact -- fuzzes the deserialization of the Compact protocol |
| 10 | * parse_binary -- fuzzes the deserialization of the Binary protocol |
| 11 | * roundtrip_compact -- fuzzes the roundtrip of the Compact protocol (i.e. serializes and then deserializes and compares the result to the original) |
| 12 | * roundtrip_binary -- fuzzes the roundtrip of the Binary protocol |
| 13 | * structured_roundtrip_compact -- roundtrip, but starts from a valid compact thrift structure |
| 14 | * structured_roundtrip_binary -- roundtrip, but starts from a valid binary thrift structure |
| 15 | |
| 16 | Some of the roundtrip fuzzers are structure aware, i.e. they generate mostly valid thrift structures, so we can also test serialization in addition to deserialization. We do have non structure aware roundtrip fuzzers as well, to match what's present in other languages (and also handle some corner cases). |
| 17 | |
| 18 | We also have a corpus generator script that can be used to generate a corpus of fuzz inputs. It can be run with `cargo run --bin corpus_generator -- --output-dir <output_dir> --protocol <binary|compact> --buffer-size <buffer_size> --random-size <random_size>`. |
| 19 | |
| 20 | This is useful for generating corpora for the parsing fuzzers, and can be used across all languages (for cases where the other languages don't have good native structure aware fuzzing support). |