Specifies a fuzzing engine that can be used to run C++ fuzz targets.
ATTRIBUTES
Name | Description | Type | Mandatory | Default |
---|---|---|---|---|
name | A unique name for this target. | Name | required | |
display_name | The name of the fuzzing engine, as it should be rendered in human-readable output. | String | required | |
launcher | A shell script that knows how to launch the fuzzing executable based on configuration specified in the environment. | Label | required | |
launcher_data | A dict mapping additional runtime dependencies needed by the fuzzing engine to environment variables that will be available inside the launcher, holding the runtime path to the dependency. | Dictionary: Label -> String | optional | {} |
library | A cc_library target that implements the fuzzing engine entry point. | Label | required |
Defines a fuzz test and a few associated tools and metadata.
For each fuzz test <name>
, this macro defines a number of targets. The most relevant ones are:
<name>
: A test that executes the fuzzer binary against the seed corpus (or on an empty input if no corpus is specified).<name>_instrum
: The instrumented fuzz test executable. Use this target for debugging or for accessing the complete command line interface of the fuzzing engine. Most developers should only need to use this target rarely.<name>_run
: An executable target used to launch the fuzz test using a simpler, engine-agnostic command line interface.<name>_oss_fuzz
: Generates a <name>_oss_fuzz.tar
archive containing the fuzz target executable and its associated resources (corpus, dictionary, etc.) in a format suitable for unpacking in the $OUT/ directory of an OSS-Fuzz build. This target can be used inside the build.sh
script of an OSS-Fuzz project.TODO: Document here the command line interface of the
<name>_run
targets.
PARAMETERS
Name | Description | Default Value |
---|---|---|
name | A unique name for this target. Required. | none |
corpus | A list containing corpus files. | None |
dicts | A list containing dictionaries. | None |
engine | A label pointing to the fuzzing engine to use. | “@rules_fuzzing//fuzzing:cc_engine” |
tags | Tags set on the fuzzing regression test. | None |
binary_kwargs | Keyword arguments directly forwarded to the fuzz test binary rule. | none |
Generates the standard targets associated to a fuzz test.
This macro can be used to define custom fuzz test rules in case the default cc_fuzz_test
macro is not adequate. Refer to the cc_fuzz_test
macro documentation for the set of targets generated.
PARAMETERS
Name | Description | Default Value |
---|---|---|
base_name | The name prefix of the generated targets. It is normally the fuzz test name in the BUILD file. | none |
raw_binary | The label of the cc_binary or cc_test of fuzz test executable. | none |
engine | The label of the fuzzing engine used to build the binary. | none |
corpus | A list of corpus files. | None |
dicts | A list of fuzzing dictionary files. | None |
instrument_binary | (Experimental, may be removed in the future.) By default, the generated targets depend on raw_binary through a Bazel configuration using flags from the @rules_fuzzing//fuzzing package to determine the fuzzing build mode, engine, and sanitizer instrumentation. When this argument is false, the targets assume that raw_binary is already built in the proper configuration and will not apply the transition. Most users should not need to change this argument. If you think the default instrumentation mode does not work for your use case, please file a Github issue to discuss. | True |
define_regression_test | If true, generate a regression test rule. | True |
test_tags | Tags set on the fuzzing regression test. | None |