fx fuzz

run a fuzz test on target a device

Usage: fx fuzz [options] [command] [command-arguments]

  -d, --device   <name>   Connect to device using Fuchsia link-local name.
                          Must be specified if multiple devices are present.
  -f, --foreground        Run in the foreground (default is background).
  -g, --debug             Disable libFuzzer exception handling.
  -n, --no-cipd           Skip steps involving CIPD.
  -o, --output   <dir>    Use the given directory for saving output files.
                          Defaults to the current directory.
  -s, --staging  <dir>    Use the given directory for staging temporary
                          corpus files being transferred on or off of a
                          target device. Defaults to a temporary directory
                          that is removed on completion; use this options to
                          preserve those temporary files on the host.

  help                    Prints this message and exits.
  list    [name]          Lists fuzzers matching 'name' if provided, or all
  corpus  [name]          Lists the corpus instances in CIPD for the named
  fetch   <name> [label]  Retrieves the corpus for the named fuzzer.  If
                          'label' is a directory, installs the corpus from
                          that location.  Otherwise fetches and installs the
                          corpus from CIPD given by 'label', which may
                          either be a CIPD "ref", or a CIPD "tag" of the
                          form "key:value".  If omitted, 'label' defaults to
  start   <name> [...]    Fetches the latest corpus for a named fuzzer and
                          starts it. Additional arguments are passed to the
                          fuzzer. This is default command if not provided.
  check   <name>          Reports information about the named fuzzer, such as
                          execution status, corpus size, and number of
  stop    <name>          Stops all instances of the named fuzzer.
  repro   <name> [...]    Runs the named fuzzer on specific inputs. If no
                          additional inputs are provided, uses all previously
                          found crashes.
  merge   <name> [...]    Fetches the latest corpus in CIPD, merges and
                          minimizes it with the corpus on device, and stores
                          the result in CIPD.
  store   <name>          Gathers the current corpus from the target platform
                          and publishes it to CIPD.  The package will be
                          tagged with the current integration revision and
                          referenced as 'latest'.

Typical workflow is one of three commands:
  fx fuzz <name>        # Fetches the latest corpus and starts the fuzzer
  fx fuzz repro <name>  # Replays any test input artifacts found
  fx fuzz merge <name>  # Merges the current corpus with the latest in CIPD

fuzz source code