Jazzer has the following dependencies when being built from source:
- Bazelisk or the version of Bazel specified in
.bazelversion - One of the following C++ compilers:
- Clang 9.0+ (clang-cl on Windows)
- Xcode (Xcode.app is required, not just the developer tools)
- GCC (should work with
--repo_env=CC=gcc, but is not tested)
It is recommended to use Bazelisk to automatically download and install Bazel.
Simply download the release binary for your OS and architecture and ensure that it is available in the PATH.
The instructions below will assume that this binary is called bazel - Bazelisk is a thin wrapper around the actual Bazel binary and can be used interchangeably.
Assuming the dependencies are installed, build Jazzer from source and run it as follows:
$ git clone https://github.com/CodeIntelligenceTesting/jazzer
$ cd jazzer
# Note the double dash used to pass <arguments> to Jazzer rather than Bazel.
$ bazel run //:jazzer -- <arguments>You can also build your own version of the release binaries:
$ bazel build //:jazzer_release
...
INFO: Found 1 target...
Target //:jazzer_release up-to-date:
bazel-bin/jazzer_release.tar.gz
...To run the tests, execute the following command:
$ bazel test //...If you need to debug an issue that can only be reproduced by an integration test (java_fuzz_target_test), you can start Jazzer in debug mode via --config=debug.
The JVM running Jazzer will suspend until a debugger connects on port 5005 (or the port specified via DEFAULT_JVM_DEBUG_PORT).
Run ./format.sh to format all source files in the way enforced by the "Check formatting" CI job.
Requires an account on Sonatype with access to the com.code-intelligence group as well as a YubiKey with the signing key.
- Install GPG prerequisites via
sudo apt-get install gnupg2 gnupg-agent scdaemon pcscd. - Execute
mkdir -p ~/.gnupg && echo use-agent >> ~/.gnupg/gpg.confto enable GPG's smart card support. - Execute
cat deploy/maven.pub | gpg --importto import the public key used for Maven signatures - Plug in the YubiKey and execute
gpg --card-statusto generate a key stub. If you see aNo such deviceerror, retry after executingkillall gpg-agent; killall pcscdto remove existing locks on the YubiKey.
-
Update
JAZZER_VERSIONinmaven.bzl. -
Create a release, using the auto-generated changelog as a base for the release notes.
-
Trigger the "Release" GitHub Actions workflow for the tag. This builds release archives for GitHub as well as the multi-architecture jar for the
com.code-intelligence:jazzerMaven artifact. -
Create a GitHub release and upload the contents of the
jazzer_releasesartifact from the workflow run. -
Check out the tag locally and, with the YubiKey plugged in, run
bazel run //deploywith the following environment variables to upload the Maven artifacts:JAZZER_JAR_PATH: local path of the multi-architecturejazzer.jarcontained in thejazzerartifact of the "Release" workflowMAVEN_USER: username on https://oss.sonatype.orgMAVEN_PASSWORD: password on https://oss.sonatype.org
The YubiKey blinks repeatedly and needs a touch to confirm each individual signature.
-
Log into https://oss.sonatype.org, select both staging repositories and "Close" them. Wait and refresh, then select them again and "Release" them.
-
Locally, with Docker credentials available, run
docker/push_all.shto build and push thecifuzz/jazzerandcifuzz/jazzer-autofuzzDocker images.
Javadocs are hosted at https://codeintelligencetesting.github.io/jazzer-docs, which is populated from https://github.com/CodeIntelligenceTesting/jazzer-docs.
To update the docs after a release with API changes, follow these steps to get properly linked cross-references:
- Delete the contents of the
jazzer-apisubdirectory ofjazzer-docs. - Run
bazel build --//deploy:linked_javadoc //deploy:jazzer-api-docsand unpack the jar into thejazzer-apisubdirectory ofjazzer-docs. - Commit and push the changes, then wait for them to be published (can take a minute).
- Repeat the same steps with
jazzer-apireplaced byjazzerand then byjazzer-junit.