diff options
Diffstat (limited to 'docs/module')
| -rw-r--r-- | docs/module/fuzzer.md | 30 | ||||
| -rw-r--r-- | docs/module/rules.md | 5 |
2 files changed, 17 insertions, 18 deletions
diff --git a/docs/module/fuzzer.md b/docs/module/fuzzer.md index d69b992..d576693 100644 --- a/docs/module/fuzzer.md +++ b/docs/module/fuzzer.md @@ -1,9 +1,4 @@ -# Fuzzing the Troops! - -We use [Jazzer.js](https://github.com/CodeIntelligenceTesting/jazzer.js/) -as a coverage-guided fuzzer for automatic testing of module rules. - -## What is fuzzing? +# Fuzz the Troops! Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer @@ -16,35 +11,34 @@ The fuzzer can detect the following types of errors: * Dead-end game states where no other actions are available (besides "undo"). * A game taking an excessive number of steps. This could indicate infinite loops and other logical flaws in the rules. -Work files are written to the "fuzzer" directory. +Crash dumps are written to the "fuzzer" directory. ## Running -Start the fuzzer: - - bash tools/fuzz.sh title [ jazzer options... ] +There are two fuzzers available: -This will run jazzer until you stop it or it has found too many errors. +A fuzzer that uses the "jsfuzz" package. +With this fuzzer every title gets its own "fuzzer/corpus-title" sub-directory. +The corpus helps the fuzzer find interesting game states in future runs. -To keep an eye on the crashes, you can watch the fuzzer/log-title.txt file: + rtt fuzz TITLE - tail -f fuzzer/log-title.txt +A simple fuzzer that plays completely randomly: -Each fuzzed title gets its own "fuzzer/corpus-title" sub-directory. -The corpus helps the fuzzer find interesting game states in future runs. + rtt fuzz-rand TITLE -To create a code coverage report pass the `--cov` option to fuzz.sh. +The fuzzer will run until you stop it or it has found too many errors. ## Debug When the fuzzer finds a crash, it saves the game state and replay log to a JSON file. You can import the crashed game state like so: - node tools/import-game.js fuzzer/dump-title-*.json + rtt import fuzzer/dump-title-*.json The imported games don't have snapshots. You can recreate them with the patch-game tool. - node tools/patch-game.js game_id + rtt patch GAME ## Avoidance diff --git a/docs/module/rules.md b/docs/module/rules.md index ed99188..7f9ae2d 100644 --- a/docs/module/rules.md +++ b/docs/module/rules.md @@ -170,6 +170,11 @@ There's also a global scope for the main game data (via the G namespace). --- +The state stack is implmented as a linked list (G.L is the head of the linked +list, and G.L.L is the next state down the stack, etc.) Invoking call pushes a +new state at the top of the stack; goto replaces the current top of the stack, +and end pops the stack. + ## States The "states" where we wait for user input are kept in the S table. |