summaryrefslogtreecommitdiff
path: root/docs/module/fuzzer.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/module/fuzzer.md')
-rw-r--r--docs/module/fuzzer.md30
1 files changed, 12 insertions, 18 deletions
diff --git a/docs/module/fuzzer.md b/docs/module/fuzzer.md
index d69b992..d576693 100644
--- a/docs/module/fuzzer.md
+++ b/docs/module/fuzzer.md
@@ -1,9 +1,4 @@
-# Fuzzing the Troops!
-
-We use [Jazzer.js](https://github.com/CodeIntelligenceTesting/jazzer.js/)
-as a coverage-guided fuzzer for automatic testing of module rules.
-
-## What is fuzzing?
+# Fuzz the Troops!
Fuzzing or fuzz testing is an automated software testing technique that
involves providing invalid, unexpected, or random data as inputs to a computer
@@ -16,35 +11,34 @@ The fuzzer can detect the following types of errors:
* Dead-end game states where no other actions are available (besides "undo").
* A game taking an excessive number of steps. This could indicate infinite loops and other logical flaws in the rules.
-Work files are written to the "fuzzer" directory.
+Crash dumps are written to the "fuzzer" directory.
## Running
-Start the fuzzer:
-
- bash tools/fuzz.sh title [ jazzer options... ]
+There are two fuzzers available:
-This will run jazzer until you stop it or it has found too many errors.
+A fuzzer that uses the "jsfuzz" package.
+With this fuzzer every title gets its own "fuzzer/corpus-title" sub-directory.
+The corpus helps the fuzzer find interesting game states in future runs.
-To keep an eye on the crashes, you can watch the fuzzer/log-title.txt file:
+ rtt fuzz TITLE
- tail -f fuzzer/log-title.txt
+A simple fuzzer that plays completely randomly:
-Each fuzzed title gets its own "fuzzer/corpus-title" sub-directory.
-The corpus helps the fuzzer find interesting game states in future runs.
+ rtt fuzz-rand TITLE
-To create a code coverage report pass the `--cov` option to fuzz.sh.
+The fuzzer will run until you stop it or it has found too many errors.
## Debug
When the fuzzer finds a crash, it saves the game state and replay log to a JSON file.
You can import the crashed game state like so:
- node tools/import-game.js fuzzer/dump-title-*.json
+ rtt import fuzzer/dump-title-*.json
The imported games don't have snapshots. You can recreate them with the patch-game tool.
- node tools/patch-game.js game_id
+ rtt patch GAME
## Avoidance