This repository provides a harness for JavaScript-based fuzzers, primarily targeting the SpiderMonkey JavaScript engine. It's designed for security researchers and developers needing to test JavaScript engine robustness, identify bugs, and track regressions. The collection includes jsfunfuzz for general engine testing, compare_jit for output comparison, and randorderfuzz for random test integration.

How It Works

The core of funfuzz is a Python-based harness that orchestrates fuzzing campaigns. It automates restarting crashed fuzzers, analyzing output for new bugs, reducing test cases to their minimal reproducible form, and identifying regression introduction points. It integrates with SpiderMonkey's build system and leverages tools like compile_shell and autobisectjs for targeted testing and analysis.

Quick Start & Requirements

• Install dependencies: pip install -r requirements.txt
• Clone mozilla-central: hg clone https://hg.mozilla.org/mozilla-central/ ~/trees/mozilla-central/
• Python 3.6+ required.
• Building SpiderMonkey requires specific prerequisites (see README).
• Address Sanitizer (ASan) builds have additional requirements.
• Windows: Requires MozillaBuild (>= 3.2), Git, Debugging Tools for Windows, and Visual Studio 2017+.
• macOS: Requires xcode-select --install and LLVM via Homebrew.
• Linux: Requires core_uses_pid=1, 32-bit libraries (Debian/Ubuntu: lib32z1 gcc-multilib g++-multilib), and gdb. Clang is needed for ASan builds.
• A ~/.fuzzmanagerconf file is necessary for configuration.
• Official docs: https://github.com/MozillaSecurity/funfuzz

Highlighted Details

• Automates test case reduction and regression identification.
• Supports deterministic and random fuzzing configurations.
• Integrates with SpiderMonkey's build process and analysis tools.
• Cross-platform support with detailed setup instructions for Windows, macOS, and Linux.

Maintenance & Community

This project is maintained by Mozilla Security. Further community interaction details are not explicitly provided in the README.

Licensing & Compatibility

The README does not explicitly state a license. Compatibility for commercial use or closed-source linking is not specified.

Limitations & Caveats

The project primarily targets Mercurial repositories for mozilla-central; Git support is less tested. Some features like funbind are Linux-only. Older or less common operating systems may encounter issues.