mirror of
https://github.com/bellard/quickjs.git
synced 2026-05-28 03:19:36 +00:00
ba414937c7
Adds 4 new fuzzers targeting high-complexity, low-coverage functions: - fuzz_module_export: Tests ES6 module export/import parsing (complexity 6727) - fuzz_json: Tests JSON stringify/parse (complexity ~5000) - fuzz_regexp_compile: Tests RegExp compilation (complexity 5528) - fuzz_bytecode: Tests bytecode execution (complexity 5383) Identified by Fuzz Introspector as having 0% runtime coverage. Build integration for fuzz/Makefile and build.sh included. |
||
|---|---|---|
| .. | ||
| fuzz_common.c | ||
| fuzz_common.h | ||
| fuzz_compile.c | ||
| fuzz_eval.c | ||
| fuzz_module_export.cc | ||
| fuzz_regexp.c | ||
| fuzz.dict | ||
| generate_dict.js | ||
| README | ||
libFuzzer support for QuickJS ============================= Build QuickJS with libFuzzer support as follows: CONFIG_CLANG=y make libfuzzer This can be extended with sanitizer support to improve efficacy: CONFIG_CLANG=y CONFIG_ASAN=y make libfuzzer Currently, there are three fuzzing targets defined: fuzz_eval, fuzz_compile and fuzz_regexp. The above build command will produce an executable binary for each of them, which can be simply executed as: ./fuzz_eval or with an initial corpus: ./fuzz_compile corpus_dir/ or with a predefined dictionary to improve its efficacy: ./fuzz_eval -dict fuzz/fuzz.dict or with arbitrary CLI arguments provided by libFuzzer (https://llvm.org/docs/LibFuzzer.html).