README (722B)
1 libFuzzer support for QuickJS 2 ============================= 3 4 Build QuickJS with libFuzzer support as follows: 5 6 CONFIG_CLANG=y make libfuzzer 7 8 This can be extended with sanitizer support to improve efficacy: 9 10 CONFIG_CLANG=y CONFIG_ASAN=y make libfuzzer 11 12 13 Currently, there are three fuzzing targets defined: fuzz_eval, fuzz_compile and fuzz_regexp. 14 The above build command will produce an executable binary for each of them, which can be 15 simply executed as: 16 17 ./fuzz_eval 18 19 or with an initial corpus: 20 21 ./fuzz_compile corpus_dir/ 22 23 or with a predefined dictionary to improve its efficacy: 24 25 ./fuzz_eval -dict fuzz/fuzz.dict 26 27 or with arbitrary CLI arguments provided by libFuzzer (https://llvm.org/docs/LibFuzzer.html).