Documentation: Update Lagom ReadMe with new fuzzer build instructions

Author: https://github.com/ADKaster Commit: https://github.com/SerenityOS/serenity/commit/aed56b46d45 Pull-request: https://github.com/SerenityOS/serenity/pull/10109 Reviewed-by: https://github.com/BenWiederhake ✅
2025-04-20 19:45:12 +00:00 · 2021-09-18 03:16:23 -06:00 · 2021-09-18 03:16:23 -06:00 · aed56b46d4 · 2024-07-18 03:43:51 +09:00
commit aed56b46d4
parent d19bd59e28
1 changed files with 12 additions and 6 deletions
--- a/Meta/Lagom/ReadMe.md
+++ b/Meta/Lagom/ReadMe.md
@ -17,17 +17,23 @@ Lagom can be used to fuzz parts of SerenityOS's code base. Fuzzers can be run lo
 Lagom can be used to fuzz parts of SerenityOS's code base. This requires buildling with `clang`, so it's convenient to use a different build directory for that. Fuzzers work best with Address Sanitizer enabled. Run CMake like this:

    # From the root of the SerenityOS checkout:
-    mkdir BuildLagom && cd BuildLagom
-    cmake -GNinja -DBUILD_LAGOM=ON -DENABLE_FUZZER_SANITIZER=ON -DENABLE_ADDRESS_SANITIZER=ON -DENABLE_UNDEFINED_SANITIZER=ON -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang ..
-    ninja Meta/Lagom/all
+    cmake -GNinja -S Meta/Lagom -B Build/lagom-fuzzers \
+      -DBUILD_LAGOM=ON \
+      -DENABLE_FUZZER_SANITIZER=ON \
+      -DENABLE_ADDRESS_SANITIZER=ON \
+      -DENABLE_UNDEFINED_SANITIZER=ON \
+      -DCMAKE_CXX_COMPILER=clang++ \
+      -DCMAKE_C_COMPILER=clang
+    cd Build/lagom-fuzzers
+    ninja
    # Or as a handy rebuild-rerun line:
-    ninja FuzzJs && Meta/Lagom/Fuzzers/FuzzJs
+    ninja FuzzJs && ./Fuzzers/FuzzJs

 Any fuzzing results (particularly slow inputs, crashes, etc.) will be dropped in the current directory.

 clang emits different warnings than gcc, so you may have to remove `-Werror` in CMakeLists.txt and Meta/Lagom/CMakeLists.txt.

-Fuzzers work better if you give them a fuzz corpus, e.g. `Meta/Lagom/Fuzzers/FuzzBMP ../Base/res/html/misc/bmpsuite_files/rgba32-61754.bmp` Pay attention that LLVM also likes creating new files, don't blindly commit them (yet)!
+Fuzzers work better if you give them a fuzz corpus, e.g. `./Fuzzers/FuzzBMP ../Base/res/html/misc/bmpsuite_files/rgba32-61754.bmp` Pay attention that LLVM also likes creating new files, don't blindly commit them (yet)!

 To run several fuzz jobs in parallel, pass `-jobs=24 -workers=24`.

@ -99,7 +105,7 @@ To reproduce a crash, run it like this: `MyFuzzer crash-27480a219572aa5a11b28596
 To reproduce a crash in gdb, you want to disable various signal handlers, so that gdb sees the actual location of the crash:

 ```
-$ gdb ./Meta/Lagom/Fuzzers/FuzzBMP
+$ gdb ./Fuzzers/FuzzBMP
 <... SNIP some output ...>
 (gdb) run -handle_abrt=0 -handle_segv=0 crash-27480a219572aa5a11b285968a3632a4cf25388e
 <... SNIP some output ...>