Public definitions for fuzzing rules.

Definitions outside this file are private unless otherwise noted, and may change without notice.

Rules

java_fuzzing_engine

Specifies a fuzzing engine that can be used to run Java fuzz targets.

name

A unique name for this target.

display_name

The name of the fuzzing engine, as it should be rendered in human-readable output.

launcher

A shell script that knows how to launch the fuzzing executable based on configuration specified in the environment.

launcher_data

A dict mapping additional runtime dependencies needed by the fuzzing engine to environment variables that will be available inside the launcher, holding the runtime path to the dependency.

library

A java_library target that is made available to all Java fuzz tests.


Macros and Functions

fuzzing_decoration

Generates the standard targets associated to a fuzz test.

This macro can be used to define custom fuzz test rules in case the default cc_fuzz_test macro is not adequate. Refer to the cc_fuzz_test macro documentation for the set of targets generated.

name

The name prefix of the generated targets. It is normally the fuzz test name in the BUILD file.

raw_binary

The label of the cc_binary or cc_test of fuzz test executable.

engine

The label of the fuzzing engine used to build the binary.

corpus

A list of corpus files.

dicts

A list of fuzzing dictionary files.

instrument_binary

(Experimental, may be removed in the future.)

By default, the generated targets depend on raw_binary through a Bazel configuration using flags from the @rules_fuzzing//fuzzing package to determine the fuzzing build mode, engine, and sanitizer instrumentation.

When this argument is false, the targets assume that raw_binary is already built in the proper configuration and will not apply the transition.

Most users should not need to change this argument. If you think the default instrumentation mode does not work for your use case, please file a Github issue to discuss.

define_regression_test

If true, generate a regression test rule.

test_tags

Tags set on the fuzzing regression test.


java_fuzz_test

Defines a Java fuzz test and a few associated tools and metadata.

For each fuzz test <name>, this macro defines a number of targets. The most relevant ones are:

  • <name>: A test that executes the fuzzer binary against the seed corpus (or on an empty input if no corpus is specified).
  • <name>_bin: The instrumented fuzz test executable. Use this target for debugging or for accessing the complete command line interface of the fuzzing engine. Most developers should only need to use this target rarely.
  • <name>_run: An executable target used to launch the fuzz test using a simpler, engine-agnostic command line interface.
  • <name>_oss_fuzz: Generates a <name>_oss_fuzz.tar archive containing the fuzz target executable and its associated resources (corpus, dictionary, etc.) in a format suitable for unpacking in the $OUT/ directory of an OSS-Fuzz build. This target can be used inside the build.sh script of an OSS-Fuzz project.

name

A unique name for this target. Required.

srcs

A list of source files of the target.

target_class

The class that contains the static fuzzerTestOneInput method. Defaults to the same class main_class would.

corpus

A list containing corpus files.

dicts

A list containing dictionaries.

engine

A label pointing to the fuzzing engine to use.

tags

Tags set on the fuzzing regression test.

binary_kwargs

Keyword arguments directly forwarded to the fuzz test binary rule.


Providers

FuzzingEngineInfo

Provider for storing the language-independent part of the specification of a fuzzing engine.