1# Fuzzilli x Chrome 2 3This experimental driver integrates Fuzzilli with Chrome for fuzz testing. It 4is currently under active development, so some functionalities may not behave 5as expected. 6 7# How to use this driver? 8 9## Pre-requisite 10 11To use this driver, your fuzzer must: 12- Take JS as input. 13- Return `-1` from the fuzzing function if JS throws an exception. Return `0` 14otherwise. 15 16You must also build [Fuzzilli](https://github.com/googleprojectzero/fuzzilli). 17See Fuzzilli documentation. 18 19## Mandatory compile flags 20 21Ensure the following build flags are enabled when compiling Chrome: 22 23``` 24dcheck_always_on = false 25is_asan = true 26use_fuzzilli = true 27use_remoteexec=true 28symbol_level=2 29v8_fuzzilli = true 30v8_static_library = true 31v8_dcheck_always_on = true 32``` 33 34## Running with Fuzzilli 35 36``` 37swift run -c release FuzzilliCli --storagePath=/path/to/tmp/storage --profile=your_profile --jobs=1 /out/fuzzilli/your_fuzzer 38``` 39