diff options
| author | Andrew Kaster <akaster@serenityos.org> | 2021-09-18 03:16:23 -0600 |
|---|---|---|
| committer | Idan Horowitz <idan.horowitz@gmail.com> | 2021-09-18 16:38:59 +0300 |
| commit | aed56b46d45e3fb32370632abfeccbaf9705979e (patch) | |
| tree | 857f084b409cd704d3e231439189d1e0836a4bb9 /Meta | |
| parent | d19bd59e28a8bc8a90b2aca068c6f68d1f5e5244 (diff) | |
| download | serenity-aed56b46d45e3fb32370632abfeccbaf9705979e.zip | |
Documentation: Update Lagom ReadMe with new fuzzer build instructions
Diffstat (limited to 'Meta')
| -rw-r--r-- | Meta/Lagom/ReadMe.md | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/Meta/Lagom/ReadMe.md b/Meta/Lagom/ReadMe.md index 470eb08930..960c76615e 100644 --- a/Meta/Lagom/ReadMe.md +++ b/Meta/Lagom/ReadMe.md @@ -17,17 +17,23 @@ Lagom can be used to fuzz parts of SerenityOS's code base. Fuzzers can be run lo Lagom can be used to fuzz parts of SerenityOS's code base. This requires buildling with `clang`, so it's convenient to use a different build directory for that. Fuzzers work best with Address Sanitizer enabled. Run CMake like this: # From the root of the SerenityOS checkout: - mkdir BuildLagom && cd BuildLagom - cmake -GNinja -DBUILD_LAGOM=ON -DENABLE_FUZZER_SANITIZER=ON -DENABLE_ADDRESS_SANITIZER=ON -DENABLE_UNDEFINED_SANITIZER=ON -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang .. - ninja Meta/Lagom/all + cmake -GNinja -S Meta/Lagom -B Build/lagom-fuzzers \ + -DBUILD_LAGOM=ON \ + -DENABLE_FUZZER_SANITIZER=ON \ + -DENABLE_ADDRESS_SANITIZER=ON \ + -DENABLE_UNDEFINED_SANITIZER=ON \ + -DCMAKE_CXX_COMPILER=clang++ \ + -DCMAKE_C_COMPILER=clang + cd Build/lagom-fuzzers + ninja # Or as a handy rebuild-rerun line: - ninja FuzzJs && Meta/Lagom/Fuzzers/FuzzJs + ninja FuzzJs && ./Fuzzers/FuzzJs Any fuzzing results (particularly slow inputs, crashes, etc.) will be dropped in the current directory. clang emits different warnings than gcc, so you may have to remove `-Werror` in CMakeLists.txt and Meta/Lagom/CMakeLists.txt. -Fuzzers work better if you give them a fuzz corpus, e.g. `Meta/Lagom/Fuzzers/FuzzBMP ../Base/res/html/misc/bmpsuite_files/rgba32-61754.bmp` Pay attention that LLVM also likes creating new files, don't blindly commit them (yet)! +Fuzzers work better if you give them a fuzz corpus, e.g. `./Fuzzers/FuzzBMP ../Base/res/html/misc/bmpsuite_files/rgba32-61754.bmp` Pay attention that LLVM also likes creating new files, don't blindly commit them (yet)! To run several fuzz jobs in parallel, pass `-jobs=24 -workers=24`. @@ -99,7 +105,7 @@ To reproduce a crash, run it like this: `MyFuzzer crash-27480a219572aa5a11b28596 To reproduce a crash in gdb, you want to disable various signal handlers, so that gdb sees the actual location of the crash: ``` -$ gdb ./Meta/Lagom/Fuzzers/FuzzBMP +$ gdb ./Fuzzers/FuzzBMP <... SNIP some output ...> (gdb) run -handle_abrt=0 -handle_segv=0 crash-27480a219572aa5a11b285968a3632a4cf25388e <... SNIP some output ...> |