Search code examples
c++libfuzzer

Singleton in libfuzzer


Will singleton created in libfuzzer be "one instance per run" or "one instance per multiple runs"?

Example:

// singleton example
int& Singleton() {
  static int a = 0;
  return a;
}


extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
  // Usage example
  Singleton() += Size;
}

  • 1 run: Size = 10. Singleton() == 10
  • 2 run: Size = 20. Singleton() == 20 ("one instance per run") or Singleton() == 30 ("one instance per all runs")

Solution

  • Late answer - there will be single instance per multiple runs.