This experimental driver integrates Fuzzilli with Chrome for fuzz testing. It is currently under active development, so some functionalities may not behave as expected.
To use this driver, your fuzzer must:
-1
from the fuzzing function if JS throws an exception. Return 0
otherwise.You must also build Fuzzilli. See Fuzzilli documentation.
Ensure the following build flags are enabled when compiling Chrome:
dcheck_always_on = false is_asan = true use_fuzzilli = true use_remoteexec=true symbol_level=2 v8_fuzzilli = true v8_static_library = true v8_dcheck_always_on = true
swift run -c release FuzzilliCli --storagePath=/path/to/tmp/storage --profile=your_profile --jobs=1 /out/fuzzilli/your_fuzzer