tree: 74b3cac076ede8cd0313a7ac3ef7aa31d6722385 [path history] [tgz]
  1. BUILD.gn
  2. fuzzilli_driver.cc
  3. README.md
testing/libfuzzer/fuzzilli/README.md

Fuzzilli x Chrome

This experimental driver integrates Fuzzilli with Chrome for fuzz testing. It is currently under active development, so some functionalities may not behave as expected.

How to use this driver?

Pre-requisite

To use this driver, your fuzzer must:

  • Take JS as input.
  • Return -1 from the fuzzing function if JS throws an exception. Return 0 otherwise.

You must also build Fuzzilli. See Fuzzilli documentation.

Mandatory compile flags

Ensure the following build flags are enabled when compiling Chrome:

dcheck_always_on = false
is_asan = true
use_fuzzilli = true
use_remoteexec=true
symbol_level=2
v8_fuzzilli = true
v8_static_library = true
v8_dcheck_always_on = true

Running with Fuzzilli

swift run -c release FuzzilliCli --storagePath=/path/to/tmp/storage --profile=your_profile --jobs=1 /out/fuzzilli/your_fuzzer