diff options
| author | Nico Weber <thakis@chromium.org> | 2020-11-29 13:26:51 -0500 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2020-11-29 20:22:09 +0100 |
| commit | 29e4dc76341a4592682271d3955efe992967c3e7 (patch) | |
| tree | 582033d7bc6e520b5ff074b8d58244cc6b9b5a03 /Meta/Lagom/ReadMe.md | |
| parent | 1f22a59f9d0f442eec37f8dab9ee4f6577c00caf (diff) | |
| download | serenity-29e4dc76341a4592682271d3955efe992967c3e7.zip | |
Lagom: Mention OSS-Fuzz in ReadMe
We added OSS-Fuzz integration in #4154, but documentation about it
is spread across several pull requests, IRC, and issues. Let's collect
the important bits in the ReadMe.
Diffstat (limited to 'Meta/Lagom/ReadMe.md')
| -rw-r--r-- | Meta/Lagom/ReadMe.md | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/Meta/Lagom/ReadMe.md b/Meta/Lagom/ReadMe.md index 85894e0615..85fde5f118 100644 --- a/Meta/Lagom/ReadMe.md +++ b/Meta/Lagom/ReadMe.md @@ -10,6 +10,10 @@ If you want to bring the comfortable Serenity classes with you to another system ## Fuzzing +Lagom can be used to fuzz parts of SerenityOS's code base. Fuzzers can be run locally, and they also run continuously on OSS-Fuzz. + +### Fuzzing locally + Lagom can be used to fuzz parts of SerenityOS's code base. This requires buildling with `clang`, so it's convenient to use a different build directory for that. Fuzzers work best with Address Sanitizer enabled. Run CMake like this: # From the root of the SerenityOS checkout: @@ -30,6 +34,32 @@ To run several fuzz jobs in parallel, pass `-jobs=24 -workers=24`. To get less log output, pass `-close_fd_mask=3` -- but that but hides assertion messages. Just `1` only closes stdout. It's good to move overzealous log output behind `FOO_DEBUG` macros. +### Fuzzing on OSS-Fuzz + +https://oss-fuzz.com/ automatically runs all fuzzers in the Fuzzers/ subdirectory whose name starts with "Fuzz" and which are added to the build in `Fuzzers/CMakeLists.txt` if `ENABLE_OSS_FUZZ` is set. Looking for "serenity" on oss-fuzz.com finds interesting links, in particular: + +* [known open bugs found by fuzzers](https://oss-fuzz.com/testcases?project=serenity&open=yes) + * [oss-fuzz bug tracker for these](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:serenity) +* [coverage report](https://oss-fuzz.com/coverage-report/job/libfuzzer_asan_serenity/latest) +* [build logs](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#serenity) + +Here's [Serenity's OSS-Fuzz Config](https://github.com/google/oss-fuzz/tree/master/projects/serenity). + +To run the oss-fuzz build locally: + +``` +git clone https://github.com/google/oss-fuzz/ +cd oss-fuzz +python3 infra/helper.py build_image serenity +python3 infra/helper.py build_fuzzers serenity +``` + +These commands will put the fuzzers in `build/out/serenity` in the oss-fuzz repo. You can run the binaries in there individually, or simply type: + +``` +python3 infra/helper.py run_fuzzer serenity FUZZER_NAME +``` + ### Analyzing a crash LLVM fuzzers have a weird interface. In particular, to see the help, you need to call it with `-help=1`, and it will ignore `--help` and `-help`. |