{"id":13378868,"url":"https://github.com/MozillaSecurity/funfuzz","last_synced_at":"2025-03-13T05:30:43.366Z","repository":{"id":34743803,"uuid":"38723557","full_name":"MozillaSecurity/funfuzz","owner":"MozillaSecurity","description":"A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.","archived":false,"fork":false,"pushed_at":"2023-02-10T15:37:48.000Z","size":29014,"stargazers_count":635,"open_issues_count":58,"forks_count":115,"subscribers_count":43,"default_branch":"master","last_synced_at":"2024-11-03T03:32:17.415Z","etag":null,"topics":["fuzzer","javascript-fuzzing","jsfunfuzz","spidermonkey-engine"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MozillaSecurity.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2015-07-08T01:05:26.000Z","updated_at":"2024-10-26T00:17:22.000Z","dependencies_parsed_at":"2022-09-17T20:51:02.451Z","dependency_job_id":"3571656e-06a3-4f84-85e9-3780c7ba0cdc","html_url":"https://github.com/MozillaSecurity/funfuzz","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MozillaSecurity%2Ffunfuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MozillaSecurity%2Ffunfuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MozillaSecurity%2Ffunfuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MozillaSecurity%2Ffunfuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MozillaSecurity","download_url":"https://codeload.github.com/MozillaSecurity/funfuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243350965,"owners_count":20276893,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzer","javascript-fuzzing","jsfunfuzz","spidermonkey-engine"],"created_at":"2024-07-30T07:00:57.882Z","updated_at":"2025-03-13T05:30:43.035Z","avatar_url":"https://github.com/MozillaSecurity.png","language":"Python","funding_links":[],"categories":["Python","Tools"],"sub_categories":["Web, JavaScript"],"readme":"[![Build Status](https://travis-ci.org/MozillaSecurity/funfuzz.svg?branch=master)](https://travis-ci.org/MozillaSecurity/funfuzz) [![codecov](https://codecov.io/gh/MozillaSecurity/funfuzz/branch/master/graph/badge.svg)](https://codecov.io/gh/MozillaSecurity/funfuzz)\n\nThis repository contains several JavaScript-based fuzzers. [jsfunfuzz](js/jsfunfuzz) tests JavaScript engines and can run in a JavaScript shell, compare_jit compares output from SpiderMonkey using different flags, while randorderfuzz throws in random tests from the mozilla-central directory into generated jsfunfuzz output.\n\nMost of the code other than testcase generation is written in Python: restarting the program when it exits or crashes, noticing evidence of new bugs from the program's output, [reducing testcases](https://github.com/MozillaSecurity/lithium/), and [identifying when regressions were introduced](src/funfuzz/autobisectjs/README.md).\n\n\n## Setup\n\nInstall the required pip packages using `pip install -r requirements.txt` (assuming you are in the funfuzz repository).\n\nSome parts of the fuzzer will only activate if the Python scripts can find your mozilla-central tree:\n```\nmkdir -p ~/trees/\nhg clone https://hg.mozilla.org/mozilla-central/ ~/trees/mozilla-central/\n```\n\nSome parts of the harness assume a clean **Mercurial** clone of the mozilla trees. There is insufficient testing with Git for now - please file an issue if you hit problems with Git repositories of mozilla trees.\n\nIf you want to use these scripts to compile SpiderMonkey, install the usual prerequisites for [building SpiderMonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Build_Documentation). There are [additional requirements for building with Address Sanitizer](https://developer.mozilla.org/en-US/docs/Mozilla/Testing/Firefox_and_Address_Sanitizer).\n\n### Windows (only 64-bit supported)\n\n1. Install [MozillaBuild](https://wiki.mozilla.org/MozillaBuild) (Using compile_shell for SpiderMonkey requires at least version 3.2).\n2. Install [Git](https://git-scm.com/) to clone these funfuzz repositories.\n3. Install [Debugging Tools for Windows](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) to get cdb.exe and thus stacks from crashes.\n4. Make sure you install at least Microsoft Visual Studio 2017 (Community Edition is recommended) as per the build instructions above in the Setup section.\n5. Run `start-shell.bat` to get a MSYS shell. You can use Git by calling its absolute path, e.g. `/c/Program\\ Files/Git/bin/git.exe`.\n    1. Run the batch file with administrator privileges to get gflags analysis working correctly.\n\n\n### Mac\n\n1. If you encounter problems accessing the compiler, try re-running this command:\n\n  ```xcode-select --install```\n\nespecially after updating major/minor OS versions. This sometimes manifests on Mac OS X Combo updates.\n\n2. Install LLVM via Homebrew, to get llvm-symbolizer needed for symbolizing ASan crash stacks.\n\n  ```\n  brew install llvm\n  ```\n\n\n### Linux\n\n1. To ensure your core dumps don't get mixed up when multiple instances crash at the same time, run:\n\n  ```\n  echo -n 1 | sudo tee /proc/sys/kernel/core_uses_pid\n  ```\n2. Install 32-bit libraries to compile 32-bit binaries:\n  * Debian/Ubuntu: ```sudo apt-get install lib32z1 gcc-multilib g++-multilib```\n  * Fedora: (Fedora is known to work, however the exact library names are unknown for now.)\n3. Install gdb:\n  * Debian/Ubuntu: ```sudo apt-get install gdb```\n  * Fedora: Please ensure that all development packages are installed (see ```rpm -qa \"*devel\"```), and run ```yum install gdb```\n4. Install clang for clang/ASan builds:\n  * Debian/Ubuntu: ```sudo apt-get install clang```\n  * Clang is used for 64-bit builds, while GCC is used for some older 32-bit builds\n\n\n## Running funfuzz\n\nTo run **only the js fuzzers** which compiles shells with random configurations every 8 hours and tests them:\n\n`\u003cpython executable\u003e -u funfuzz.loop_bot -b \"--random\" --target-time 28800 | tee ~/log-loop_botPy.txt`\n\nTo test **a patch** (assuming patch is in `~/patch.diff`) against a specific branch (assuming **Mercurial** mozilla-inbound is in `~/trees/mozilla-inbound`), using a debug 64-bit deterministic shell configuration, every 8 hours:\n\n`\u003cpython executable\u003e -u funfuzz.loop_bot -b \"--enable-debug -R ~/trees/mozilla-inbound -P ~/patch.diff\" --target-time 28800 | tee ~/log-loop_botPy.txt`\n\nIn js mode, loop_bot makes use of:\n\n* [compile_shell](js/compile_shell.py)\n* [jsfunfuzz](src/funfuzz/js/jsfunfuzz)\n* [compare_jit](src/funfuzz/js/compare_jit.py) (if testing deterministic builds)\n* randorderfuzz (included in funfuzz, if tests are present in the mozilla repository)\n* funbind (Linux-only, included in funfuzz, if [binaryen](https://github.com/WebAssembly/binaryen/releases) can be downloaded)\n* [autobisectjs](src/funfuzz/autobisectjs/README.md) (if the mozilla repository is present).\n\nThe parameters in `-b` get passed into [compile_shell](js/compile_shell.py) and [autobisectjs](src/funfuzz/autobisectjs/README.md).\n\nYou will also need to need a `~/.fuzzmanagerconf` file, similar to:\n\n```\n[Main]\nserverhost = \u003cyour hostname\u003e\nserverport = \u003cyour port\u003e\nserverproto = https\nserverauthtoken = \u003cif any\u003e\nsigdir = /Users/\u003cyour username\u003e/sigcache/\ntool = jsfunfuzz\n```\n\nReplace anything between `\u003c` and `\u003e` with your desired parameters.\n\n## FAQ:\n\n**Q: What platforms does funfuzz run on?**\n\n**A:** compile_shell has been tested on:\n\n* Windows 10 with [MozillaBuild 3.2](https://wiki.mozilla.org/MozillaBuild)\n* macOS 10.13 and 10.14\n* Ubuntu 18.04 LTS (only LTS versions supported going forward)\n\nFedora Linux and openSUSE Leap (42.3 and later) have not been tested extensively and there may be a few bugs along the way.\n\nThe following operating systems are less common and while they may still work, be prepared to **expect issues** along the way:\n\n* Windows 7, 8 / Windows 8.1\n* Windows Server 2012 R2\n* Ubuntu Linux 16.04 LTS (install Python 3.6 via a PPA)\n* Ubuntu Linux 15.10 and prior\n\nSupport for the following operating systems **have been removed**:\n\n* Windows Vista, Windows XP and earlier\n* Mac OS X 10.12 and earlier\n* Ubuntu Linux 13.10 and earlier\n* Ubuntu (and variants) on [ARM ODROID boards](http://www.hardkernel.com/main/main.php)\n\n**Q: What version of Python does funfuzz require?**\n\n**A:** Python 3.6+\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMozillaSecurity%2Ffunfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FMozillaSecurity%2Ffunfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMozillaSecurity%2Ffunfuzz/lists"}