Open
Description
https://github.com/rust-fuzz/cargo-fuzz
Uses libFuzzer behind the scenes.
Unsure if this is really worth it, hence "investigate" rather than "use". libFuzzer is pretty much throwing random bytes (whose next generations are then guided by coverage information from the last generations) at a function and seeing if it can trigger a panic or segfault or something. For us, the function would be something like "treat these bytes as C/C++ header source and generate bindings to them". This is likely to bounce off of libclang's parser more than it would ever even get into bindgen code, but who knows: maybe the coverage guiding works better than I think?