Fuzzing and sanitizers

Fuzzing, which is simply providing potentially invalid, unexpected, or random data as an input to a program, is an extremely effective way of finding bugs in large software systems, and is an important part of the software development lifecycle.

LLVM, the compiler infrastructure used to build Android, contains multiple components that perform static and dynamic analysis. Of these components, the sanitizers can be used to push out bugs and make Android better.

While Android has supported fuzzing tools for many releases, Android 8.0 includes more fuzzing support, tighter fuzzing tool integration in the Android build system, and greater dynamic analysis support on the Android kernels.

This section includes information on how to set up and use various fuzzing and sanitizing tools.