mirrors/quickjs
1
0
Fork 0
mirror of https://github.com/bellard/quickjs.git synced 2024-11-22 21:58:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
99882ef128
quickjs/fuzz
History
Renata Hodovan 99882ef128 Ensure that workers in fuzzers can create their own context 
Inspired by qjs, a new helper method was added to create the JS
context, that can be reused to create context in workers, too.
2024-07-23 20:04:13 +02:00
..
fuzz_common.c Ensure that workers in fuzzers can create their own context 2024-07-23 20:04:13 +02:00
fuzz_common.h Ensure that workers in fuzzers can create their own context 2024-07-23 20:04:13 +02:00
fuzz_compile.c Ensure that workers in fuzzers can create their own context 2024-07-23 20:04:13 +02:00
fuzz_eval.c Ensure that workers in fuzzers can create their own context 2024-07-23 20:04:13 +02:00
fuzz_regexp.c OSS-Fuzz targets improvements (#267) 2024-05-08 18:19:48 +02:00
fuzz.dict OSS-Fuzz targets improvements (#267) 2024-05-08 18:19:48 +02:00
generate_dict.js OSS-Fuzz targets improvements (#267) 2024-05-08 18:19:48 +02:00
README OSS-Fuzz targets improvements (#267) 2024-05-08 18:19:48 +02:00

README 

libFuzzer support for QuickJS
=============================

Build QuickJS with libFuzzer support as follows:

  CONFIG_CLANG=y make libfuzzer

This can be extended with sanitizer support to improve efficacy:

  CONFIG_CLANG=y CONFIG_ASAN=y make libfuzzer


Currently, there are three fuzzing targets defined: fuzz_eval, fuzz_compile and fuzz_regexp.
The above build command will produce an executable binary for each of them, which can be
simply executed as:

  ./fuzz_eval

or with an initial corpus:

  ./fuzz_compile corpus_dir/

or with a predefined dictionary to improve its efficacy:

  ./fuzz_eval -dict fuzz/fuzz.dict

or with arbitrary CLI arguments provided by libFuzzer (https://llvm.org/docs/LibFuzzer.html).