Reversed arbitrary #44
Description
Hello,
I've been toying with custom mutators in cargo-fuzz with libfuzzer and it seems to me to support changes to typed data instead of bytes, the reversed arbrirtary operation would be really helpful. Here's the interface I have implemented so far:
/// Define a custom fuzz mutator.
///
/// If `$bytes` exceeds `$max_size`, it will be silently truncated.
///
/// ## Example
/// ```no_run
/// #![no_main]
/// use libfuzzer_sys::{fuzz_target, fuzz_mutator, llvm_fuzzer_mutate};
///
/// fuzz_target!(|data: &[u8]| {
/// let _ = std::str::from_utf8(data);
/// });
///
/// fuzz_mutator!(|data: &mut [u8], max_size: usize| {
/// println!("custom mutator called with data len = {} and max_size = {}", data.len(), max_size);
/// /* call wrapper function of libfuzzer's default mutator */
/// llvm_fuzzer_mutate(data, max_size)
/// });
/// ```
The mutator with typed data would be the equivalent:
fuzz_mutator!(|data: &mut T, max_size: usize | {
loop {
/* perform changes on `data` */
if data.arbitrary_size() <= max_size { /* where arbitrary_size is some method from the Trait to calculate size in bytes */
break;
}
}
});Does this sound like a reasonable approach to you?