blob: 2c98c1ffa2665868e54aa3b6880a949dd41a5216 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# JS Fuzzing Interface
This directory contains fuzzing targets that implement the unified fuzzing
interface to be used with libFuzzer or AFL.
## Building the fuzzing targets
To include this directory in your JS build, you need to build with Clang
and the --enable-fuzzing flag enabled. The build system will automatically
detect if you are building with afl-clang-fast for AFL or regular Clang
for libFuzzer.
## Running a fuzzing target
To run a particular target with libFuzzer, use:
cd $OBJDIR/dist/bin
FUZZER=YourTargetName ./fuzz-tests
To run with AFL, use something like
cd $OBJDIR/dist/bin
FUZZER=YourTargetName MOZ_FUZZ_TESTFILE=input \
afl-fuzz <regular AFL options> -f input ./fuzz-tests
## Writing a fuzzing target
1. Check testExample.cpp for a target skeleton with comments.
2. Add your own .cpp file to UNIFIED_SOURCES in moz.build
|