diff options
| author | Tor Andersson <tor@ccxvii.net> | 2025-04-28 22:09:29 +0200 |
|---|---|---|
| committer | Tor Andersson <tor@ccxvii.net> | 2025-04-29 01:16:25 +0200 |
| commit | 48e39e44dbe267f8945e9d597e61fd8aa3dfb376 (patch) | |
| tree | c75e854fadc20d827cd5b422c5ab0f1a45cdf1d2 /docs/module/fuzzer.md | |
| parent | 7a93787dfe5cdaba3eed98ed8edd19674186430b (diff) | |
| download | server-48e39e44dbe267f8945e9d597e61fd8aa3dfb376.tar.gz | |
Improved fuzzing.
Diffstat (limited to 'docs/module/fuzzer.md')
| -rw-r--r-- | docs/module/fuzzer.md | 30 |
1 files changed, 12 insertions, 18 deletions
diff --git a/docs/module/fuzzer.md b/docs/module/fuzzer.md index d69b992..d576693 100644 --- a/docs/module/fuzzer.md +++ b/docs/module/fuzzer.md @@ -1,9 +1,4 @@ -# Fuzzing the Troops! - -We use [Jazzer.js](https://github.com/CodeIntelligenceTesting/jazzer.js/) -as a coverage-guided fuzzer for automatic testing of module rules. - -## What is fuzzing? +# Fuzz the Troops! Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer @@ -16,35 +11,34 @@ The fuzzer can detect the following types of errors: * Dead-end game states where no other actions are available (besides "undo"). * A game taking an excessive number of steps. This could indicate infinite loops and other logical flaws in the rules. -Work files are written to the "fuzzer" directory. +Crash dumps are written to the "fuzzer" directory. ## Running -Start the fuzzer: - - bash tools/fuzz.sh title [ jazzer options... ] +There are two fuzzers available: -This will run jazzer until you stop it or it has found too many errors. +A fuzzer that uses the "jsfuzz" package. +With this fuzzer every title gets its own "fuzzer/corpus-title" sub-directory. +The corpus helps the fuzzer find interesting game states in future runs. -To keep an eye on the crashes, you can watch the fuzzer/log-title.txt file: + rtt fuzz TITLE - tail -f fuzzer/log-title.txt +A simple fuzzer that plays completely randomly: -Each fuzzed title gets its own "fuzzer/corpus-title" sub-directory. -The corpus helps the fuzzer find interesting game states in future runs. + rtt fuzz-rand TITLE -To create a code coverage report pass the `--cov` option to fuzz.sh. +The fuzzer will run until you stop it or it has found too many errors. ## Debug When the fuzzer finds a crash, it saves the game state and replay log to a JSON file. You can import the crashed game state like so: - node tools/import-game.js fuzzer/dump-title-*.json + rtt import fuzzer/dump-title-*.json The imported games don't have snapshots. You can recreate them with the patch-game tool. - node tools/patch-game.js game_id + rtt patch GAME ## Avoidance |