rules_fuzzing icon indicating copy to clipboard operation
rules_fuzzing copied to clipboard
verified publisher icon bazelbuild

Black box fuzzing with TSAN

Open zhenyudg opened this issue 2 years ago • 0 comments

Requested Behavior

Support for black box fuzzing with TSAN.

An impediment to fuzzing with TSAN is that coverage instrumentation for coverage-guided fuzzing is not thread safe (see https://github.com/google/oss-fuzz/issues/5272#issuecomment-790805359). We can circumvent the problem of racy coverage instrumentation by abandoning coverage instrumentation altogether.

I was able to set up black box fuzzing with TSAN and honggfuzz. Unfortunately, since I use toolchain features rather than rules_fuzzing's configuration transitions to instrument my fuzz tests, I can't trivially upstream my code change directly here. But it might be worth implementing support for tsan-* configurations.

zhenyudg avatar Mar 16 '23 19:03 zhenyudg