testing/libfuzzer/fuzzilli/README.md
This experimental driver integrates Fuzzilli with Chrome for fuzz testing. It is currently under active development, so some functionalities may not behave as expected.
To use this driver, your fuzzer must:
-1 from the fuzzing function if JS throws an exception. Return 0
otherwise.You must also build Fuzzilli. See Fuzzilli documentation.
Ensure the following build flags are enabled when compiling Chrome:
dcheck_always_on = false
is_asan = true
use_chromium_fuzzilli = true
use_remoteexec=true
symbol_level=2
v8_fuzzilli = true
v8_static_library = true
v8_dcheck_always_on = true
swift run -c release FuzzilliCli --storagePath=/path/to/tmp/storage --profile=your_profile --jobs=1 /out/fuzzilli/your_fuzzer