Can't fuzz multiple things with one target?
gilescope opened this issue · 6 comments
Hi, I'm new to fuzzing so sorry if I don't understand. It seems like fuzz_target will fuzz one thing, but say for example I want to fuzz a function across a range of types (in my case all integer types) and then set it going for a few days. At the moment it seems like I have to set one running and then after that set up another target running.
I could have a switch inside the fuzz target but that would annoy the input reduction that the fuzzer tries to do.
I would imagine it would just round robin from one fuzz test to the next.
Maybe I misunderstood the book and this is possible?
You'd basically want to do some kind of round robin and run tests with a limited set of runs using the -runs parameter. You can use corpus generation to make it possible for the tests to start off where they last stopped.
I want to fuzz a function across a range of types
Maybe I am misunderstanding what you're trying to do, but I would define multiple fuzz targets, one for each different input type, and then fuzz them all concurrently.
Fuzz them all concurrently by running several cargo fuzz processes at once? There's only 12 of them so I could certainly do that in this case with a bash script.
Yes, exactly.
I guess I could have a switch and mod 12 the first byte and match to a specific generic type that I want to test (u8, u16 etc). In my head I was approching fuzzing from a test perspective - conceptually I define a set of things to fuzz and the fuzzer gets to it. But this should work and not annoy the refining process.
I don't think it's good to have such a switch, if you want to round robin you should cap the number of runs and use a corpus