{"id":13408789,"url":"https://github.com/rust-fuzz/honggfuzz-rs","last_synced_at":"2025-05-14T02:04:49.709Z","repository":{"id":29198647,"uuid":"120511966","full_name":"rust-fuzz/honggfuzz-rs","owner":"rust-fuzz","description":"Fuzz your Rust code with Google-developed Honggfuzz !","archived":false,"fork":false,"pushed_at":"2025-05-01T05:03:14.000Z","size":276,"stargazers_count":480,"open_issues_count":15,"forks_count":43,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-10T15:44:31.294Z","etag":null,"topics":["crates","fuzz","fuzz-testing","fuzzer","fuzzing","honggfuzz","rust","rust-fuzz","sanitizer","security","security-testing","security-tools"],"latest_commit_sha":null,"homepage":"https://crates.io/crates/honggfuzz","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rust-fuzz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-02-06T19:23:16.000Z","updated_at":"2025-05-05T14:35:04.000Z","dependencies_parsed_at":"2024-01-14T10:59:40.907Z","dependency_job_id":"f6064100-7690-419f-bbcb-218fdd96c8c5","html_url":"https://github.com/rust-fuzz/honggfuzz-rs","commit_stats":{"total_commits":357,"total_committers":20,"mean_commits":17.85,"dds":0.08403361344537819,"last_synced_commit":"c5805fab363531e76c1ddc72245581158794874d"},"previous_names":[],"tags_count":64,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-fuzz%2Fhonggfuzz-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-fuzz%2Fhonggfuzz-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-fuzz%2Fhonggfuzz-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-fuzz%2Fhonggfuzz-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rust-fuzz","download_url":"https://codeload.github.com/rust-fuzz/honggfuzz-rs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253441656,"owners_count":21909194,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crates","fuzz","fuzz-testing","fuzzer","fuzzing","honggfuzz","rust","rust-fuzz","sanitizer","security","security-testing","security-tools"],"created_at":"2024-07-30T20:00:55.266Z","updated_at":"2025-05-14T02:04:49.688Z","avatar_url":"https://github.com/rust-fuzz.png","language":"Rust","funding_links":[],"categories":["Rust","🧑🏻‍💻 Developer","Fuzzing"],"sub_categories":["Tools"],"readme":"# honggfuzz-rs [![Build Status][build-img]][build] [![Crates.io][crates-img]][crates] [![Documentation][docs-img]][docs]\n\n[build-img]:   https://github.com/rust-fuzz/honggfuzz-rs/actions/workflows/rust.yml/badge.svg\n[build]:       https://github.com/rust-fuzz/honggfuzz-rs/actions/workflows/rust.yml\n[crates-img]:   https://img.shields.io/crates/v/honggfuzz.svg\n[crates]:       https://crates.io/crates/honggfuzz\n[docs-img]:     https://docs.rs/honggfuzz/badge.svg\n[docs]:         https://docs.rs/honggfuzz\n\nFuzz your Rust code with Google-developed Honggfuzz !\n\n## [Documentation](https://docs.rs/honggfuzz)\n\n[![asciicast](https://asciinema.org/a/43MLo5Xl8ukHxgwDLArKqS9xc.png)](https://asciinema.org/a/43MLo5Xl8ukHxgwDLArKqS9xc)\n\n## About Honggfuzz\n\nHonggfuzz is a security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based).\n\n* project homepage [honggfuzz.com](http://honggfuzz.com/)\n* project repository [github.com/google/honggfuzz](https://github.com/google/honggfuzz)\n* this upstream project is maintained by Google, but ...\n* this is NOT an official Google product\n\n## Compatibility\n\n* __Rust__: stable, beta, nightly\n* __OS__: GNU/Linux, macOS, FreeBSD, NetBSD, Android, WSL (Windows Subsystem for Linux)\n* __Arch__: x86_64, x86, arm64-v8a, armeabi-v7a, armeabi\n* __Sanitizer__: none, address, thread, leak\n\n## Dependencies\n\n### Linux\n\n* C compiler: `cc`\n* GNU Make: `make`\n* GNU Binutils development files for the BFD library: `libbfd.h`\n* libunwind development files: `libunwind.h`\n* Blocks runtime library (when compiling with clang)\n* liblzma development files\n\nFor example on Debian and its derivatives:\n\n```sh\nsudo apt install build-essential binutils-dev libunwind-dev libblocksruntime-dev liblzma-dev\n```\n\n## How to use this crate\n\nInstall honggfuzz commands to build with instrumentation and fuzz\n\n```sh\n# installs hfuzz and honggfuzz subcommands in cargo\ncargo install honggfuzz\n```\n\nAdd to your dependencies\n\n```toml\n[dependencies]\nhonggfuzz = \"0.5\"\n```\n\nCreate a target to fuzz\n\n```rust\nuse honggfuzz::fuzz;\n\nfn main() {\n    // Here you can parse `std::env::args and\n    // setup / initialize your project\n\n    // You have full control over the loop but\n    // you're supposed to call `fuzz` ad vitam aeternam\n    loop {\n        // The fuzz macro gives an arbitrary object (see `arbitrary crate`)\n        // to a closure-like block of code.\n        // For performance reasons, it is recommended that you use the native type\n        // `\u0026[u8]` when possible.\n        // Here, this slice will contain a \"random\" quantity of \"random\" data.\n        fuzz!(|data: \u0026[u8]| {\n            if data.len() != 3 {return}\n            if data[0] != b'h' {return}\n            if data[1] != b'e' {return}\n            if data[2] != b'y' {return}\n            panic!(\"BOOM\")\n        });\n    }\n}\n\n```\n\nFuzz for fun and profit !\n\n```sh\n# builds with fuzzing instrumentation and then fuzz the \"example\" target\ncargo hfuzz run example\n```\n\nOnce you got a crash, replay it easily in a debug environment\n\n```sh\n# builds the target in debug mode and replays automatically the crash in rust-lldb\ncargo hfuzz run-debug example hfuzz_workspace/*/*.fuzz\n```\n\nYou can also build and run your project without compile-time software instrumentation (LLVM's SanCov passes)\n\nThis allows you for example to try hardware-only feedback driven fuzzing:\n\n```sh\n# builds without fuzzing instrumentation and then fuzz the \"example\" target using hardware-based feedback\nHFUZZ_RUN_ARGS=\"--linux_perf_ipt_block --linux_perf_instr --linux_perf_branch\" cargo hfuzz run-no-instr example\n```\n\nClean\n\n```sh\n# a wrapper on \"cargo clean\" which cleans the fuzzing_target directory\ncargo hfuzz clean\n```\n\nVersion\n\n```sh\ncargo hfuzz version\n```\n\n### Environment variables\n\n#### `RUSTFLAGS`\n\nYou can use `RUSTFLAGS` to send additional arguments to `rustc`.\n\nFor instance, you can enable the use of LLVM's [sanitizers](https://github.com/japaric/rust-san).\nThis is a recommended option if you want to test your `unsafe` rust code but it will have an impact on performance.\n\n```sh\nRUSTFLAGS=\"-Z sanitizer=address\" cargo hfuzz run example\n```\n\n#### `HFUZZ_BUILD_ARGS`\n\nYou can use `HFUZZ_BUILD_ARGS` to send additional arguments to `cargo build`.\n\n#### `HFUZZ_RUN_ARGS`\n\nYou can use `HFUZZ_RUN_ARGS` to send additional arguments to `honggfuzz`.\nSee [USAGE](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md) for the list of those.\n\nFor example:\n\n```sh\n# 1 second of timeout\n# use 12 fuzzing thread\n# be verbose\n# stop after 1000000 fuzzing iteration\n# exit upon crash\nHFUZZ_RUN_ARGS=\"-t 1 -n 12 -v -N 1000000 --exit_upon_crash\" cargo hfuzz run example\n```\n\n#### `HFUZZ_DEBUGGER`\n\nBy default we use `rust-lldb` but you can change it to `rust-gdb`, `gdb`, `/usr/bin/lldb-7` ...\n\n#### `CARGO_TARGET_DIR`\n\nTarget compilation directory, defaults to `hfuzz_target` to not clash with `cargo build`'s default `target` directory.\n\n#### `HFUZZ_WORKSPACE`\n\nHonggfuzz working directory, defaults to `hfuzz_workspace`.\n\n#### `HFUZZ_INPUT`\n\nHonggfuzz input files (also called \"corpus\"), defaults to `$HFUZZ_WORKSPACE/{TARGET}/input`.\n\n## Conditional compilation\n\nSometimes, it is necessary to make some specific adaptation to your code to yield a better fuzzing efficiency.\n\nFor instance:\n\n* Make you software behavior as much as possible deterministic on the fuzzing input\n  * [PRNG](https://en.wikipedia.org/wiki/Pseudorandom_number_generator)s must be seeded with a constant or the fuzzer input\n  * Behavior shouldn't change based on the computer's clock.\n  * Avoid potential undeterministic behavior from racing threads.\n  * ...\n* Never ever call `std::process::exit()`.\n* Disable logging and other unnecessary functionalities.\n* Try to avoid modifying global state when possible.\n* Do not set up your own panic hook when run with `cfg(fuzzing)`\n\n\nWhen building with `cargo hfuzz`, the argument `--cfg fuzzing` is passed to `rustc` to allow you to condition the compilation of those adaptations thanks to the `cfg` macro like so:\n\n```rust\n#[cfg(fuzzing)]\nlet mut rng = rand_chacha::ChaCha8Rng::from_seed(\u0026[0]);\n#[cfg(not(fuzzing))]\nlet mut rng = rand::thread_rng();\n```\n\nAlso, when building in debug mode, the `fuzzing_debug` argument is added in addition to `fuzzing`.\n\nFor more information about conditional compilation, please see the [reference](https://doc.rust-lang.org/reference/attributes.html#conditional-compilation).\n\n## Relevant documentation about honggfuzz\n\n* [USAGE](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md)\n* [FeedbackDrivenFuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md)\n* [PersistentFuzzing](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md)\n\n## About Rust fuzzing\n\nThere is other projects providing Rust fuzzing support at [github.com/rust-fuzz](https://github.com/rust-fuzz).\n\nYou'll find support for [AFL](https://github.com/rust-fuzz/afl.rs) and LLVM's [LibFuzzer](https://github.com/rust-fuzz/cargo-fuzz) and there is also a [trophy case](https://github.com/rust-fuzz/trophy-case) ;-) .\n\nThis crate was inspired by those projects!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-fuzz%2Fhonggfuzz-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frust-fuzz%2Fhonggfuzz-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-fuzz%2Fhonggfuzz-rs/lists"}