1# OVERVIEW 2 3This directory provides fuzzing targets to be run inside Google 4oss-fuzz infrastructure. 5 6See also https://github.com/google/oss-fuzz. 7 8# HOW IT WORKS 9 10We need to provide the source code and the rune to produce objects or 11archives (artefacts) from source code. These items ideally should live 12inside xen.git so that they can be kept up to date. 13 14The artefacts contain all the code we wish to fuzz and a function 15called LLVMFuzzerTestOneInput. LLVMFuzzerTestOneInput is the entry 16point to the code we wish to fuzz. Note that we don't produce 17executable programs because we don't have libFuzzEngine 18locally. libFuzzEngine is maintained by oss-fuzz. 19 20We also provide build script to oss-fuzz. The build script will 21inherit the correct compiler settings and be run in a pre-setup 22environment, which has libFuzzEngine installed. The build script is 23responsible for calling the correct Xen build rune to produce the 24artefacts, then link them against libFuzzEngine to produce 25executables, which will run in oss-fuzz infrastructure. 26 27Please refer to official oss-fuzz documents for the most up-to-date 28descriptions for all moving parts. 29 30# HOW TO IMPROVE THE FUZZING TARGETS 31 32Feel free to modify each fuzzing targets at will. Make sure they build 33by invoking make as you would build tools. 34 35To actually test the new code, you would need to run the target in 36standalone mode, please refer to oss-fuzz documents on how to do that. 37 38It is highly recommended that you run the new target for a while to 39weed out error in plumbing code to avoid false positives. 40