Fuzz Test Environment Variables, Fuzzing engine options, compilation
Fuzz test .yaml file
For every fuzz test, there is a .yaml file in .code_intelligence/fuzz_targets.
In this file, you can change the options described on this page.
Attention: if you edit this, please be careful about yaml syntax. It is sensitive to indentation (2 spaces per indent). If you introduce a syntax error there, the fuzz test will not be started.
Fixing fuzz test compilation errors
In case you get errors about undefined references to the functions you want to fuzz when building your fuzz test, you may need to add options for the compiler so that it knows what dynamic libraries or object files to link. For this, use the compiler_extra_args section.
Example with an object file:
- "-Lbuild/apps" # created by "fuzz this function" until here
- "bubbleSort.o" # added manually
For dynamic libraries, use -L to add relative paths to where they are located (if they are not in system library paths), and -l to provide their names (without "lib" and without file extension).
Use -I to provide additional paths with header files that are needed to compile your fuzz test, if any.
Adding environment variables to a fuzz test
If you want to provide environment variables to a fuzz test (e.g. you want to use UBSAN_OPTIONS=print_stacktrace=1 and ASAN_OPTIONS=halt_on_error=0) you can add them in the yaml file of your fuzz test - uncomment the "environment" section.
## Environment variables to set when executing the target.
Changing fuzzing engine options for a fuzz test
To change the behaviour of the fuzzing engine (libfuzzer or AFL), uncomment the engine_options: section and add the options there. Example:
## Options to pass to the fuzzing engine.
Libfuzzer options are documented here.