mirror of
https://github.com/RGBCube/serenity
synced 2025-06-01 06:18:12 +00:00
Lagom: Mention OSS-Fuzz in ReadMe
We added OSS-Fuzz integration in #4154, but documentation about it is spread across several pull requests, IRC, and issues. Let's collect the important bits in the ReadMe.
This commit is contained in:
Nico Weber
Andreas Kling
parent
1f22a59f9d
commit
29e4dc7634
1 changed files with 30 additions and 0 deletions
|
|
@ -10,6 +10,10 @@ If you want to bring the comfortable Serenity classes with you to another system
|
|||
|
||||
## Fuzzing
|
||||
|
||||
Lagom can be used to fuzz parts of SerenityOS's code base. Fuzzers can be run locally, and they also run continuously on OSS-Fuzz.
|
||||
|
||||
### Fuzzing locally
|
||||
|
||||
Lagom can be used to fuzz parts of SerenityOS's code base. This requires buildling with `clang`, so it's convenient to use a different build directory for that. Fuzzers work best with Address Sanitizer enabled. Run CMake like this:
|
||||
|
||||
# From the root of the SerenityOS checkout:
|
||||
|
|
@ -30,6 +34,32 @@ To run several fuzz jobs in parallel, pass `-jobs=24 -workers=24`.
|
|||
To get less log output, pass `-close_fd_mask=3` -- but that but hides assertion messages. Just `1` only closes stdout.
|
||||
It's good to move overzealous log output behind `FOO_DEBUG` macros.
|
||||
|
||||
### Fuzzing on OSS-Fuzz
|
||||
|
||||
https://oss-fuzz.com/ automatically runs all fuzzers in the Fuzzers/ subdirectory whose name starts with "Fuzz" and which are added to the build in `Fuzzers/CMakeLists.txt` if `ENABLE_OSS_FUZZ` is set. Looking for "serenity" on oss-fuzz.com finds interesting links, in particular:
|
||||
|
||||
* [known open bugs found by fuzzers](https://oss-fuzz.com/testcases?project=serenity&open=yes)
|
||||
* [oss-fuzz bug tracker for these](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:serenity)
|
||||
* [coverage report](https://oss-fuzz.com/coverage-report/job/libfuzzer_asan_serenity/latest)
|
||||
* [build logs](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#serenity)
|
||||
|
||||
Here's [Serenity's OSS-Fuzz Config](https://github.com/google/oss-fuzz/tree/master/projects/serenity).
|
||||
|
||||
To run the oss-fuzz build locally:
|
||||
|
||||
```
|
||||
git clone https://github.com/google/oss-fuzz/
|
||||
cd oss-fuzz
|
||||
python3 infra/helper.py build_image serenity
|
||||
python3 infra/helper.py build_fuzzers serenity
|
||||
```
|
||||
|
||||
These commands will put the fuzzers in `build/out/serenity` in the oss-fuzz repo. You can run the binaries in there individually, or simply type:
|
||||
|
||||
```
|
||||
python3 infra/helper.py run_fuzzer serenity FUZZER_NAME
|
||||
```
|
||||
|
||||
### Analyzing a crash
|
||||
|
||||
LLVM fuzzers have a weird interface. In particular, to see the help, you need to call it with `-help=1`, and it will ignore `--help` and `-help`.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue