README.md
1# Fuzzilli x Chrome
2
3This experimental driver integrates Fuzzilli with Chrome for fuzz testing. It
4is currently under active development, so some functionalities may not behave
5as expected.
6
7# How to use this driver?
8
9## Pre-requisite
10
11To use this driver, your fuzzer must:
12- Take JS as input.
13- Return `-1` from the fuzzing function if JS throws an exception. Return `0`
14otherwise.
15
16You must also build [Fuzzilli](https://github.com/googleprojectzero/fuzzilli).
17See Fuzzilli documentation.
18
19## Mandatory compile flags
20
21Ensure the following build flags are enabled when compiling Chrome:
22
23```
24dcheck_always_on = false
25is_asan = true
26use_fuzzilli = true
27use_remoteexec=true
28symbol_level=2
29v8_fuzzilli = true
30v8_static_library = true
31v8_dcheck_always_on = true
32```
33
34## Running with Fuzzilli
35
36```
37swift run -c release FuzzilliCli --storagePath=/path/to/tmp/storage --profile=your_profile --jobs=1 /out/fuzzilli/your_fuzzer
38```
39