Commit ee16da12 authored by Alexander Bulekov's avatar Alexander Bulekov Committed by Thomas Huth
Browse files

docs/fuzz: describe building fuzzers with enable-sanitizers 



Signed-off-by: default avatarAlexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-3-alxndr@bu.edu>
Reviewed-by: default avatarPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: default avatarThomas Huth <thuth@redhat.com>
Signed-off-by: default avatarThomas Huth <thuth@redhat.com>
parent dd016265

docs/devel/fuzzing.txt

+5 −2
Original line number Diff line number Diff line
@@ -23,9 +23,12 @@ AddressSanitizer mmaps ~20TB of memory, as part of its detection. This results 
in a large page-map, and a much slower fork().



To build the fuzzers, install a recent version of clang:

Configure with (substitute the clang binaries with the version you installed):

Configure with (substitute the clang binaries with the version you installed).

Here, enable-sanitizers, is optional but it allows us to reliably detect bugs

such as out-of-bounds accesses, use-after-frees, double-frees etc.



    CC=clang-8 CXX=clang++-8 /path/to/configure --enable-fuzzing

    CC=clang-8 CXX=clang++-8 /path/to/configure --enable-fuzzing \

                                                --enable-sanitizers



Fuzz targets are built similarly to system/softmmu: