Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(771)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: docs/ipc_fuzzer.md

Issue 1916493003: GN configs for ipc fuzzer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: doc Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/child/BUILD.gn ('k') | tools/ipc_fuzzer/BUILD.gn » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # IPC Fuzzer 1 # IPC Fuzzer
2 2
3 A chromium IPC fuzzer is under development by aedla and tsepez. The fuzzer lives 3 A chromium IPC fuzzer is under development by aedla and tsepez. The fuzzer lives
4 under `src/tools/ipc_fuzzer/` and is running on ClusterFuzz. A previous version 4 under `src/tools/ipc_fuzzer/` and is running on ClusterFuzz. A previous version
5 of the fuzzer was a simple bitflipper, which caught around 10 bugs. A new 5 of the fuzzer was a simple bitflipper, which caught around 10 bugs. A new
6 version is doing smarter mutations and generational fuzzing. To do so, each 6 version is doing smarter mutations and generational fuzzing. To do so, each
7 `ParamTraits<Type>` needs a corresponding `FuzzTraits<Type>`. Feel free to 7 `ParamTraits<Type>` needs a corresponding `FuzzTraits<Type>`. Feel free to
8 contribute. 8 contribute.
9 9
10 [TOC] 10 [TOC]
11 11
12 ## Working with the fuzzer 12 ## Working with the fuzzer
13 13
14 ### Build instructions 14 ### Build instructions
15 15
16 * add `enable_ipc_fuzzer=1` to `GYP_DEFINES` 16 * add `enable_ipc_fuzzer=1` to `GYP_DEFINES` (or add `enable_ipc_fuzzer=true`
Martin Barbella 2016/04/22 21:00:33 Let's actually switch the order of this to mention
Oliver Chang 2016/04/22 21:14:44 Done. Also reworded some the GN instructions a lit
17 to args.gn if you use GN)
17 * build `ipc_fuzzer_all` target 18 * build `ipc_fuzzer_all` target
18 * component builds are currently broken, sorry 19 * component builds are currently broken, sorry
19 * Debug builds are broken; only Release mode works. 20 * Debug builds are broken; only Release mode works.
20 21
21 ### Replaying ipcdumps 22 ### Replaying ipcdumps
22 23
23 * `tools/ipc_fuzzer/scripts/play_testcase.py path/to/testcase.ipcdump` 24 * `tools/ipc_fuzzer/scripts/play_testcase.py path/to/testcase.ipcdump`
24 * more help: `tools/ipc_fuzzer/scripts/play_testcase.py -h` 25 * more help: `tools/ipc_fuzzer/scripts/play_testcase.py -h`
25 26
26 ### Listing messages in ipcdump 27 ### Listing messages in ipcdump
(...skipping 29 matching lines...) Expand all
56 with the `ipc_fuzzer/play_testcase.py` convenience script. 57 with the `ipc_fuzzer/play_testcase.py` convenience script.
57 58
58 ### ipcdump mutator / generator 59 ### ipcdump mutator / generator
59 60
60 Lives under `ipc_fuzzer/fuzzer`. This is the code that runs on ClusterFuzz. It 61 Lives under `ipc_fuzzer/fuzzer`. This is the code that runs on ClusterFuzz. It
61 uses `FuzzTraits<Type>` to mutate ipcdumps or generate them out of thin air. 62 uses `FuzzTraits<Type>` to mutate ipcdumps or generate them out of thin air.
62 63
63 ## Problems, questions, suggestions 64 ## Problems, questions, suggestions
64 65
65 Send them to mbarbella@chromium.org. 66 Send them to mbarbella@chromium.org.
OLDNEW
« no previous file with comments | « content/child/BUILD.gn ('k') | tools/ipc_fuzzer/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698