Fuzzing is a highly effective way of discovering bugs, including security vulnerabilities. cargo-fuzz
is a cargo subcommand that makes fuzzing easy.
cargo-fuzz
has picked up a lot of improvements since the beginning of the year:
- ~10x faster execution for code built in release mode thanks to tweaks to fuzzing instrumentation and compiler flags.
- Code is now compiled in release mode with debug assertions by default instead of debug mode. This brings another ~10x speedup to the default configuration.
-
Added
cargo fuzz fmt
command to print the fuzzer-generated data via itsDebug
implementation. This is particularly useful in conjunction with structure-aware fuzzing. - Much better support for Memory Sanitizer. Now it "Just Works" for pure-Rust code. Code linking to C still requires passing extra flags to C compiler.
- Support for fuzzing without any sanitizers. This is useful for testing 100% safe code where you don't have to watch out for memory errors.
- Many smaller improvements and fixes.
Fuzzing Rust code has never been easier! Check out the Rust Fuzz Book to get started.