| commit | 5132f07a75689c04ee6827839e748ce48cdc1f25 | [log] [tgz] |
|---|---|---|
| author | Xinhao Yuan <xinhaoyuan@google.com> | Tue Aug 12 07:06:42 2025 -0700 |
| committer | Copybara-Service <copybara-worker@google.com> | Tue Aug 12 07:07:31 2025 -0700 |
| tree | 0653d9dad1a1b9b4d5e98b214cd8d7acf587d826 | |
| parent | b8a1c8cf743c0bcb6604b3eb3724b131250c85e2 [diff] |
Implement persistent mode in runner and `CentipedeCallbacks`. When persistent mode is enabled, `CentipedeCallbacks` will create a persistent mode socket/connection for each command. For each batch, CentipedeCallback sends out a request to the runner through the connection. The runner would in turn process and write the response to the connection without exiting and wait for the next request. When crash occurs, the command execution would end, which should close the connection on the runner side. Such event would be detected by `poll()` by `CentipedeCallbacks` to be handled accordingly with `Command::Wait()`. At the end of the fuzzing loop, `CentipedeCallbacks` sends out a special request to let the runner quit the persistent mode loop and return from `RunnerMain()`. The special request can be also used to implement finer strategy to restart the persistent mode once a few batches to avoid accumuating too much statefulness to cause unreproducible crashes. Had to remove a log expectation in the e2e test, since in persistent mode the input may be skipped in the previous batches, which is not printed in the crash log. PiperOrigin-RevId: 794095134
FuzzTest is a C++ testing framework for writing and executing fuzz tests, which are property-based tests executed using coverage-guided fuzzing under the hood. Fuzz tests are like regular unit tests, but more generic and more powerful. Instead of saying: “for this specific input, we expect this specific output”, we can say: “for these types of input, we expect this generic property to be true”. For example:
void MyApiAlwaysSucceedsOnPositiveIntegers(int i) { bool success = MyApi(i); EXPECT_TRUE(success); } FUZZ_TEST(MyApiTest, MyApiAlwaysSucceedsOnPositiveIntegers) .WithDomains(/*i:*/fuzztest::Positive<int>());
It is our latest fuzz testing technology and the successor of previously used fuzzing tools, such as libFuzzer. It allows you to write powerful fuzz tests more easily than with previously used fuzz targets. You can use it together with GoogleTest, or other unit testing frameworks, allowing you to write fuzz test side by side with regular unit tests, and just as easily.
It is a first-of-its-kind tool that bridges the gap between fuzzing and property-based testing, as it is both:
FuzzTest is for everyone who writes C++ code. (Currently, only C++ is supported.) Fuzz testing is a proven testing technique that has found tens of thousands of bugs. With the FuzzTest framework writing these tests becomes a breeze. Because fuzz tests are more generic, they are more powerful than regular unit tests. They can find tricky edge cases automatically for us, edge cases that most likely we would never think of.
You can write fuzz tests as easily as you write unit tests using GoogleTest for example. Simply use the FUZZ_TEST macro like you would use GoogleTest's TEST macro.
At Google, FuzzTest is widely used and software engineers love it. It has replaced the old style of writing fuzz targets.
To get started, read the Quickstart with Bazel or Quickstart with CMake, then take a look at the Overview and the Codelab.
Once you have a high level understanding about fuzz tests, consider reading the rest of the documentation, including the:
If you have a question or encounter a bug, please file an issue on GitHub.