Custom builds of the Swift toolchain (including development snapshots) have a built-in libFuzzer integration. In order to use it on a file myfile.swift, define an entry point fuzzing function with a @_cdecl("LLVMFuzzerTestOneInput") annotation:
@_cdecl("LLVMFuzzerTestOneInput") public func test(_ start: UnsafeRawPointer, _ count: Int) -> CInt { let bytes = UnsafeRawBufferPointer(start: start, count: count) // TODO: Test the code using the provided bytes. return 0 }
To compile it, use the -sanitize=fuzzer flag to link libFuzzer and enable code coverage information; and the -parse-as-library flag to omit the main symbol, so that the fuzzer entry point can be used:
% swiftc -sanitize=fuzzer -parse-as-library myfile.swift
libFuzzer can be combined with other sanitizers:
% swiftc -sanitize=fuzzer,address -parse-as-library myfile.swift
Finally, launch the fuzzing process:
% ./myfile
Refer to the official libFuzzer documentation at https://llvm.org/docs/LibFuzzer.html#options for a description of the fuzzer's command line options.