Closed gilescope closed 3 years ago
Manishearth
commented
3 years ago You'd basically want to do some kind of round robin and run tests with a limited set of runs using the -runs parameter. You can use corpus generation to make it possible for the tests to start off where they last stopped.
fitzgen
commented
3 years ago I want to fuzz a function across a range of types
Maybe I am misunderstanding what you're trying to do, but I would define multiple fuzz targets, one for each different input type, and then fuzz them all concurrently.
gilescope
commented
3 years ago Fuzz them all concurrently by running several cargo fuzz processes at once? There's only 12 of them so I could certainly do that in this case with a bash script.
fitzgen
commented
3 years ago Yes, exactly.
gilescope
commented
3 years ago I guess I could have a switch and mod 12 the first byte and match to a specific generic type that I want to test (u8, u16 etc). In my head I was approching fuzzing from a test perspective - conceptually I define a set of things to fuzz and the fuzzer gets to it. But this should work and not annoy the refining process.
Manishearth
commented
3 years ago I don't think it's good to have such a switch, if you want to round robin you should cap the number of runs and use a corpus
Hi, I'm new to fuzzing so sorry if I don't understand. It seems like fuzz_target will fuzz one thing, but say for example I want to fuzz a function across a range of types (in my case all integer types) and then set it going for a few days. At the moment it seems like I have to set one running and then after that set up another target running.
I could have a switch inside the fuzz target but that would annoy the input reduction that the fuzzer tries to do.
I would imagine it would just round robin from one fuzz test to the next.
Maybe I misunderstood the book and this is possible?