[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 20/20] fuzz: add documentation to docs/devel/
From: |
Stefan Hajnoczi |
Subject: |
Re: [PATCH v4 20/20] fuzz: add documentation to docs/devel/ |
Date: |
Thu, 7 Nov 2019 14:40:36 +0100 |
User-agent: |
Mutt/1.12.1 (2019-06-15) |
On Wed, Oct 30, 2019 at 02:50:04PM +0000, Oleinik, Alexander wrote:
> +== Building the fuzzers ==
> +
> +NOTE: If possible, build a 32-bit binary. When forking, the 32-bit fuzzer is
> +much faster, since the page-map has a smaller size. This is due to the fact
> that
> +AddressSanitizer mmaps ~20TB of memory, as part of its detection. This
> results
> +in a large page-map, and a much slower fork(). O
> +
> +To build the fuzzers, install a recent version of clang:
> +Configure with (substitute the clang binaries with the version you
> installed):
> +
> + CC=clang-8 CXX=clang++-8 /path/to/configure --enable-fuzzing
> +
> +Fuzz targets are built similarly to system/softmmu:
> +
> + make i386-softmmu/fuzz
> +
> +This builds ./i386-softmmu/qemu-fuzz-i386
I'm surprised that "make i386-softmmu/fuzz" builds
i386-softmmu/qemu-fuzz-i386. Should that be "make
i386-softmmu/qemu-fuzz-i386"?
> += Implmentation Details =
s/Implmentation/Implementation/
> +
> +== The Fuzzer's Lifecycle ==
> +
> +The fuzzer has two entrypoints that libfuzzer calls. libfuzzer provides it's
> +own main(), which performs some setup, and calls the entrypoints:
> +
> +LLVMFuzzerInitialize: called prior to fuzzing. Used to initialize all of the
> +necessary state
> +
> +LLVMFuzzerTestOneInput: called for each fuzzing run. Processes the input and
> +resets the state at the end of each run.
> +
> +In more detail:
> +
> +LLVMFuzzerInitialize parses the arguments to the fuzzer (must start with two
> +dashes, so they are ignored by libfuzzer main()). Currently, the arguments
> +select the fuzz target. Then, the qtest client is initialized. If the target
> +requires qos, qgraph is set up and the QOM/LIBQOS modules are initailized.
s/initailized/initialized/
signature.asc
Description: PGP signature
- Re: [PATCH v4 20/20] fuzz: add documentation to docs/devel/,
Stefan Hajnoczi <=