# JS Fuzzing Interface

This directory contains fuzzing targets that implement the unified fuzzing
interface to be used with libFuzzer or AFL.

## Building the fuzzing targets

To include this directory in your JS build, you need to build with Clang
and the --enable-fuzzing flag enabled. The build system will automatically
detect if you are building with afl-clang-fast for AFL or regular Clang
for libFuzzer.

## Running a fuzzing target

To run a particular target with libFuzzer, use:

    cd $OBJDIR/dist/bin
    FUZZER=YourTargetName ./fuzz-tests

To run with AFL, use something like

    cd $OBJDIR/dist/bin
    FUZZER=YourTargetName MOZ_FUZZ_TESTFILE=input \
    afl-fuzz <regular AFL options> -f input ./fuzz-tests


## Writing a fuzzing target

1.  Check testExample.cpp for a target skeleton with comments.

2.  Add your own .cpp file to UNIFIED_SOURCES in moz.build