diff options
Diffstat (limited to 'js/src/fuzz-tests/README')
-rw-r--r-- | js/src/fuzz-tests/README | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/js/src/fuzz-tests/README b/js/src/fuzz-tests/README new file mode 100644 index 0000000000..2c98c1ffa2 --- /dev/null +++ b/js/src/fuzz-tests/README @@ -0,0 +1,31 @@ +# JS Fuzzing Interface + +This directory contains fuzzing targets that implement the unified fuzzing +interface to be used with libFuzzer or AFL. + +## Building the fuzzing targets + +To include this directory in your JS build, you need to build with Clang +and the --enable-fuzzing flag enabled. The build system will automatically +detect if you are building with afl-clang-fast for AFL or regular Clang +for libFuzzer. + +## Running a fuzzing target + +To run a particular target with libFuzzer, use: + + cd $OBJDIR/dist/bin + FUZZER=YourTargetName ./fuzz-tests + +To run with AFL, use something like + + cd $OBJDIR/dist/bin + FUZZER=YourTargetName MOZ_FUZZ_TESTFILE=input \ + afl-fuzz <regular AFL options> -f input ./fuzz-tests + + +## Writing a fuzzing target + +1. Check testExample.cpp for a target skeleton with comments. + +2. Add your own .cpp file to UNIFIED_SOURCES in moz.build |