mirror of
https://github.com/bellard/quickjs.git
synced 2026-06-07 06:32:08 +00:00
8b045501f9
* Add fuzz targets for ES6 modules, JSON, RegExp, and bytecode Adds 4 new fuzzers targeting high-complexity, low-coverage functions: - fuzz_module_export: Tests ES6 module export/import parsing (complexity 6727) - fuzz_json: Tests JSON stringify/parse (complexity ~5000) - fuzz_regexp_compile: Tests RegExp compilation (complexity 5528) - fuzz_bytecode: Tests bytecode execution (complexity 5383) Identified by Fuzz Introspector as having 0% runtime coverage. Build integration for fuzz/Makefile and build.sh included. * Convert fuzz targets from C++ to C and use standard C headers |
||
|---|---|---|
| .. | ||
| fuzz_bytecode.c | ||
| fuzz_common.c | ||
| fuzz_common.h | ||
| fuzz_compile.c | ||
| fuzz_eval.c | ||
| fuzz_json.c | ||
| fuzz_module_export.c | ||
| fuzz_regexp_compile.c | ||
| fuzz_regexp.c | ||
| fuzz.dict | ||
| generate_dict.js | ||
| README | ||
libFuzzer support for QuickJS ============================= Build QuickJS with libFuzzer support as follows: CONFIG_CLANG=y make libfuzzer This can be extended with sanitizer support to improve efficacy: CONFIG_CLANG=y CONFIG_ASAN=y make libfuzzer Currently, there are three fuzzing targets defined: fuzz_eval, fuzz_compile and fuzz_regexp. The above build command will produce an executable binary for each of them, which can be simply executed as: ./fuzz_eval or with an initial corpus: ./fuzz_compile corpus_dir/ or with a predefined dictionary to improve its efficacy: ./fuzz_eval -dict fuzz/fuzz.dict or with arbitrary CLI arguments provided by libFuzzer (https://llvm.org/docs/LibFuzzer.html).