diff options
| author | Nico Weber <thakis@chromium.org> | 2020-11-13 15:40:29 -0500 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2020-11-14 10:09:03 +0100 |
| commit | 8ed83f9a1d512812a416c5177aa039ada5be79bc (patch) | |
| tree | adc3fdfbf28c9ab89575f10dd48273ea459c0088 /Meta/Lagom/ReadMe.md | |
| parent | 664322d34b415c30fcd0e31933b7edd9d2010f2f (diff) | |
| download | serenity-8ed83f9a1d512812a416c5177aa039ada5be79bc.zip | |
Lagom: Augment fuzzing readme a bit
Recommend using asan, don't set the c compiler (c++ compiler is
sufficient), mention how to run on several cores, and how to get less
output.
Diffstat (limited to 'Meta/Lagom/ReadMe.md')
| -rw-r--r-- | Meta/Lagom/ReadMe.md | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/Meta/Lagom/ReadMe.md b/Meta/Lagom/ReadMe.md index 8265af2ba4..85894e0615 100644 --- a/Meta/Lagom/ReadMe.md +++ b/Meta/Lagom/ReadMe.md @@ -10,11 +10,11 @@ If you want to bring the comfortable Serenity classes with you to another system ## Fuzzing -Lagom can be used to fuzz parts of SerenityOS's code base. This requires buildling with `clang`, so it's convenient to use a different build directory for that. Run CMake like this: +Lagom can be used to fuzz parts of SerenityOS's code base. This requires buildling with `clang`, so it's convenient to use a different build directory for that. Fuzzers work best with Address Sanitizer enabled. Run CMake like this: # From the root of the SerenityOS checkout: mkdir BuildLagom && cd BuildLagom - cmake -GNinja -DBUILD_LAGOM=ON -DENABLE_FUZZER_SANITIZER=ON -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ .. + cmake -GNinja -DBUILD_LAGOM=ON -DENABLE_FUZZER_SANITIZER=ON -DENABLE_ADDRESS_SANITIZER=ON -DCMAKE_CXX_COMPILER=clang++ .. ninja Meta/Lagom/all # Or as a handy rebuild-rerun line: ninja FuzzJs && Meta/Lagom/Fuzzers/FuzzJs @@ -25,6 +25,11 @@ clang emits different warnings than gcc, so you may have to remove `-Werror` in Fuzzers work better if you give them a fuzz corpus, e.g. `Meta/Lagom/Fuzzers/FuzzBMP ../Base/res/html/misc/bmpsuite_files/rgba32-61754.bmp` Pay attention that LLVM also likes creating new files, don't blindly commit them (yet)! +To run several fuzz jobs in parallel, pass `-jobs=24 -workers=24`. + +To get less log output, pass `-close_fd_mask=3` -- but that but hides assertion messages. Just `1` only closes stdout. +It's good to move overzealous log output behind `FOO_DEBUG` macros. + ### Analyzing a crash LLVM fuzzers have a weird interface. In particular, to see the help, you need to call it with `-help=1`, and it will ignore `--help` and `-help`. |