Cargo-fuzz is now 10x faster, better supports sanitizers

Fuzzing is a highly effective way of discovering bugs, including security vulnerabilities. cargo-fuzz is a cargo subcommand that makes fuzzing easy.

cargo-fuzz has picked up a lot of improvements since the beginning of the year:

  • ~10x faster execution for code built in release mode thanks to tweaks to fuzzing instrumentation and compiler flags.
  • Code is now compiled in release mode with debug assertions by default instead of debug mode. This brings another ~10x speedup to the default configuration.
  • Added cargo fuzz fmt command to print the fuzzer-generated data via its Debug implementation. This is particularly useful in conjunction with structure-aware fuzzing.
  • Much better support for Memory Sanitizer. Now it "Just Works" for pure-Rust code. Code linking to C still requires passing extra flags to C compiler.
  • Support for fuzzing without any sanitizers. This is useful for testing 100% safe code where you don't have to watch out for memory errors.
  • Many smaller improvements and fixes.

Fuzzing Rust code has never been easier! Check out the Rust Fuzz Book to get started.

19 Likes