testing/libfuzzer/fuzzilli/README.md - codesearch/chromium/src - Git at Google

 # Fuzzilli x Chrome

 This experimental driver integrates Fuzzilli with Chrome for fuzz testing. It
 is currently under active development, so some functionalities may not behave
 as expected.

 # How to use this driver?

 ## Pre-requisite

 To use this driver, your fuzzer must:
 - Take JS as input.
 - Return `-1` from the fuzzing function if JS throws an exception. Return `0`
 otherwise.

 You must also build [Fuzzilli](https://github.com/googleprojectzero/fuzzilli).
 See Fuzzilli documentation.

 ## Mandatory compile flags

 Ensure the following build flags are enabled when compiling Chrome:

 ```
 dcheck_always_on = false
 is_asan = true
 use_fuzzilli = true
 use_remoteexec=true
 symbol_level=2
 v8_fuzzilli = true
 v8_static_library = true
 v8_dcheck_always_on = true
 ```

 ## Running with Fuzzilli

 ```
 swift run -c release FuzzilliCli --storagePath=/path/to/tmp/storage --profile=your_profile --jobs=1 /out/fuzzilli/your_fuzzer
 ```
	# Fuzzilli x Chrome

	This experimental driver integrates Fuzzilli with Chrome for fuzz testing. It
	is currently under active development, so some functionalities may not behave
	as expected.

	# How to use this driver?

	## Pre-requisite

	To use this driver, your fuzzer must:
	- Take JS as input.
	- Return `-1` from the fuzzing function if JS throws an exception. Return `0`
	otherwise.

	You must also build [Fuzzilli](https://github.com/googleprojectzero/fuzzilli).
	See Fuzzilli documentation.

	## Mandatory compile flags

	Ensure the following build flags are enabled when compiling Chrome:

	```
	dcheck_always_on = false
	is_asan = true
	use_fuzzilli = true
	use_remoteexec=true
	symbol_level=2
	v8_fuzzilli = true
	v8_static_library = true
	v8_dcheck_always_on = true
	```

	## Running with Fuzzilli

	```
	swift run -c release FuzzilliCli --storagePath=/path/to/tmp/storage --profile=your_profile --jobs=1 /out/fuzzilli/your_fuzzer
	```