diff --git a/docs/fuzzing.rst b/docs/fuzzing.rst index 215efae45..4c08d8d18 100644 --- a/docs/fuzzing.rst +++ b/docs/fuzzing.rst @@ -75,6 +75,24 @@ large fuzz targets. Call `b2` like this:: b2 clang stage-large -j$(nproc) +fast+slow +--------- + +When building an initial corpus, it can be useful to quickly build a corpus with +a large code coverage. To speed up this process, you can build the fuzzers +without sanitizers, asserts and invariant checks. This won't find as many errors, +but build a good corpus which can then be run against a fully instrumented +fuzzer. + +To build the fuzzers in this "fast" mode, there's a build variant `build_coverage`. +Invoke `b2` like this:: + + b2 clang stage build_coverage -j$(nproc) + +For more details on "fast + slow" see `Paul Dreik's talk`_. + +.. _`Paul Dreik's talk`: https://youtu.be/e_Oc9SkCo5s?t=1679 + sharing corpora --------------- diff --git a/docs/hunspell/libtorrent.dic b/docs/hunspell/libtorrent.dic index c182b1128..c6d9c2414 100644 --- a/docs/hunspell/libtorrent.dic +++ b/docs/hunspell/libtorrent.dic @@ -469,3 +469,4 @@ fuzzer libFuzzer clang's prev +Dreik's diff --git a/fuzzers/Jamfile b/fuzzers/Jamfile index 024ed199f..b661f1dd6 100644 --- a/fuzzers/Jamfile +++ b/fuzzers/Jamfile @@ -11,6 +11,11 @@ use-project /torrent : .. ; feature fuzz : off external on : composite propagated link-incompatible ; feature.compose on : -fsanitize=fuzzer -fsanitize=fuzzer ; +# this is a build configuration that only does limited validation (i.e. no +# sanitizers, invariant-checks, asserts etc.). The purpose is to quickly iterate +# on inputs to build code coverage +variant build_coverage : release : off on off off ; + project fuzzers : requirements on