docs/ipc_fuzzer.md - Issue 1916493003: GN configs for ipc fuzzer.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: docs/ipc_fuzzer.md

Issue 1916493003: GN configs for ipc fuzzer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: reword doc + rebase Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 # IPC Fuzzer	1 # IPC Fuzzer

2	2

3 A chromium IPC fuzzer is under development by aedla and tsepez. The fuzzer lives	3 A chromium IPC fuzzer is under development by aedla and tsepez. The fuzzer lives

4 under `src/tools/ipc_fuzzer/` and is running on ClusterFuzz. A previous version	4 under `src/tools/ipc_fuzzer/` and is running on ClusterFuzz. A previous version

5 of the fuzzer was a simple bitflipper, which caught around 10 bugs. A new	5 of the fuzzer was a simple bitflipper, which caught around 10 bugs. A new

6 version is doing smarter mutations and generational fuzzing. To do so, each	6 version is doing smarter mutations and generational fuzzing. To do so, each

7 `ParamTraits<Type>` needs a corresponding `FuzzTraits<Type>`. Feel free to	7 `ParamTraits<Type>` needs a corresponding `FuzzTraits<Type>`. Feel free to

8 contribute.	8 contribute.

9	9

10 [TOC]	10 [TOC]

11	11

12 ## Working with the fuzzer	12 ## Working with the fuzzer

13	13

14 ### Build instructions	14 ### Build instructions

15	15

16 * add `enable_ipc_fuzzer=1` to `GYP_DEFINES`	16 * Run `gn args` and add `enable_ipc_fuzzer = true` to your args.gn. If you use

	17 GYP, add `enable_ipc_fuzzer=1` to `GYP_DEFINES`.

17 * build `ipc_fuzzer_all` target	18 * build `ipc_fuzzer_all` target

18 * component builds are currently broken, sorry	19 * component builds are currently broken, sorry

19 * Debug builds are broken; only Release mode works.	20 * Debug builds are broken; only Release mode works.

20	21

21 ### Replaying ipcdumps	22 ### Replaying ipcdumps

22	23

23 * `tools/ipc_fuzzer/scripts/play_testcase.py path/to/testcase.ipcdump`	24 * `tools/ipc_fuzzer/scripts/play_testcase.py path/to/testcase.ipcdump`

24 * more help: `tools/ipc_fuzzer/scripts/play_testcase.py -h`	25 * more help: `tools/ipc_fuzzer/scripts/play_testcase.py -h`

25	26

26 ### Listing messages in ipcdump	27 ### Listing messages in ipcdump

(...skipping 29 matching lines...) Expand all Loading...
56 with the `ipc_fuzzer/play_testcase.py` convenience script.	57 with the `ipc_fuzzer/play_testcase.py` convenience script.

57	58

58 ### ipcdump mutator / generator	59 ### ipcdump mutator / generator

59	60

60 Lives under `ipc_fuzzer/fuzzer`. This is the code that runs on ClusterFuzz. It	61 Lives under `ipc_fuzzer/fuzzer`. This is the code that runs on ClusterFuzz. It

61 uses `FuzzTraits<Type>` to mutate ipcdumps or generate them out of thin air.	62 uses `FuzzTraits<Type>` to mutate ipcdumps or generate them out of thin air.

62	63

63 ## Problems, questions, suggestions	64 ## Problems, questions, suggestions

64	65

65 Send them to mbarbella@chromium.org.	66 Send them to mbarbella@chromium.org.

OLD	NEW

« build/config/features.gni ('K') | « content/child/BUILD.gn ('k') | tools/ipc_fuzzer/BUILD.gn » ('j') | tools/ipc_fuzzer/BUILD.gn » ('J')