cc_fuzzing_engine

Specifies a fuzzing engine that can be used to run C++ fuzz targets.

ATTRIBUTES

NameDescriptionTypeMandatoryDefault
nameA unique name for this target.Namerequired
display_nameThe name of the fuzzing engine, as it should be rendered in human-readable output.Stringrequired
launcherA shell script that knows how to launch the fuzzing executable based on configuration specified in the environment.Labelrequired
launcher_dataA dict mapping additional runtime dependencies needed by the fuzzing engine to environment variables that will be available inside the launcher, holding the runtime path to the dependency.Dictionary: Label -> Stringoptional{}
libraryA cc_library target that implements the fuzzing engine entry point.Labelrequired

cc_fuzz_test

Defines a fuzz test and a few associated tools and metadata.

For each fuzz test <name>, this macro defines a number of targets. The most relevant ones are:

  • <name>: A test that executes the fuzzer binary against the seed corpus (or on an empty input if no corpus is specified).
  • <name>_instrum: The instrumented fuzz test executable. Use this target for debugging or for accessing the complete command line interface of the fuzzing engine. Most developers should only need to use this target rarely.
  • <name>_run: An executable target used to launch the fuzz test using a simpler, engine-agnostic command line interface.
  • <name>_oss_fuzz: Generates a <name>_oss_fuzz.tar archive containing the fuzz target executable and its associated resources (corpus, dictionary, etc.) in a format suitable for unpacking in the $OUT/ directory of an OSS-Fuzz build. This target can be used inside the build.sh script of an OSS-Fuzz project.

TODO: Document here the command line interface of the <name>_run targets.

PARAMETERS

NameDescriptionDefault Value
nameA unique name for this target. Required.none
corpusA list containing corpus files.None
dictsA list containing dictionaries.None
engineA label pointing to the fuzzing engine to use.“@rules_fuzzing//fuzzing:cc_engine”
tagsTags set on the fuzzing regression test.None
binary_kwargsKeyword arguments directly forwarded to the fuzz test binary rule.none

fuzzing_decoration

Generates the standard targets associated to a fuzz test.

This macro can be used to define custom fuzz test rules in case the default cc_fuzz_test macro is not adequate. Refer to the cc_fuzz_test macro documentation for the set of targets generated.

PARAMETERS

NameDescriptionDefault Value
base_nameThe name prefix of the generated targets. It is normally the fuzz test name in the BUILD file.none
raw_binaryThe label of the cc_binary or cc_test of fuzz test executable.none
engineThe label of the fuzzing engine used to build the binary.none
corpusA list of corpus files.None
dictsA list of fuzzing dictionary files.None
instrument_binary(Experimental, may be removed in the future.)

By default, the generated targets depend on raw_binary through a Bazel configuration using flags from the @rules_fuzzing//fuzzing package to determine the fuzzing build mode, engine, and sanitizer instrumentation.

When this argument is false, the targets assume that raw_binary is already built in the proper configuration and will not apply the transition.

Most users should not need to change this argument. If you think the default instrumentation mode does not work for your use case, please file a Github issue to discuss.
True
define_regression_testIf true, generate a regression test rule.True
test_tagsTags set on the fuzzing regression test.None