
Rapidfuzz:  Experimentation around rapidcheck by combining it with libFuzzer - luu
https://github.com/unapiedra/rapidfuzz
======
wyldfire
Hey, that is really cool. Magic, even? Where does it break down? Meaning --
can I compose even awesomer types in my API and still have it figure out how
to transform the input? Or does it strictly focus on containers and
primitives?

For everyone else: skip to the example [1] to see the magic. "dut()" and
indirectly "some_filter()" is the code under test. libFuzzer synthesizes
Data+Size using your seed + its mutators + coverage-guided cleverness. But
some of the tedium is transforming this into something your API expects. It's
easy when you have something that expects a file as input.

Also, another semi-related approach to get fuzzing past the high level
parse/lex frontend was to define a subset of your input grammar and use a
serializer (e.g. protobuf) to make the small mutations (bitflips) more
meaningful. clang-protobuf-fuzzer [2] .

[1]
[https://github.com/unapiedra/rapidfuzz/blob/master/danluu_ex...](https://github.com/unapiedra/rapidfuzz/blob/master/danluu_example.cc)

[2] [https://2017llvmdevmtg.sched.com/event/CMjT/structure-
aware-...](https://2017llvmdevmtg.sched.com/event/CMjT/structure-aware-
fuzzing-for-clang-and-llvm-with-libprotobuf-mutator)

