LibFuzzer is packaged with clang, so there is no additional installation [0]. You just have to provide an entry function and link it with a command-line flag. However, since C and C++ lack reflection you have to work with raw bytes as input.
LibFuzzer has the option to provide callbacks that customize mutation, which can help with obtaining coverage.
csb6|1 year ago
LibFuzzer has the option to provide callbacks that customize mutation, which can help with obtaining coverage.
[0] https://llvm.org/docs/LibFuzzer.html