cargo-fuzz

cargo-fuzz is the de facto choice for fuzzing Rust projects when using Cargo. It uses libFuzzer as the backend and provides a convenient Cargo subcommand that automatically enables relevant compilation flags for your Rust project, including support for sanitizers like AddressSanitizer. cargo-fuzz is currently the primary and most mature fuzzing solution for Rust projects using Cargo. Choose cargo-fuzz when: Initialize and run: cargo-fuzz requires the nightly Rust toolchain because it uses features only available in nightly. cargo-fuzz works best when your code is structured as a library crate. If you have a binary project, split your main.rs into: Initialize fuzzing: This creates: See Also: For detailed harness writing techniques and structure-aware fuzzing with the arbitrary crate, see the fuzz-harness-writing technique skill. cargo-fuzz integrates with the arbitrary crate for structure-aware fuzzing: Add to your library's Cargo.toml : If your project doesn't use unsafe Rust, disable sanitizers for 2x performance boost: Check if your project uses unsafe code: Corpus location: fuzz/corpus/fuzz_target_1/ Crashes location: fuzz/artifacts/fuzz_target_1/ ASan is enabled by default and detects memory errors: For pure safe Rust (no unsafe blocks in your code or dependencies): Performance impact: ASan adds ~2x overhead. Disable for safe Rust to improve fuzzing speed. See Also: For...