Jazzer has the following dependencies when being built from source:
.bazelversion--repo_env=CC=gcc, but is not tested)It is recommended to use Bazelisk to automatically download and install Bazel. Simply download the release binary for your OS and architecture and ensure that it is available in the PATH. The instructions below will assume that this binary is called bazel - Bazelisk is a thin wrapper around the actual Bazel binary and can be used interchangeably.
Assuming the dependencies are installed, build Jazzer from source and run it as follows:
$ git clone https://github.com/CodeIntelligenceTesting/jazzer $ cd jazzer # Note the double dash used to pass <arguments> to Jazzer rather than Bazel. $ bazel run //:jazzer -- <arguments>
You can also build your own version of the release binaries:
$ bazel build //:jazzer_release ... INFO: Found 1 target... Target //:jazzer_release up-to-date: bazel-bin/jazzer_release.tar.gz ...
To run the tests, execute the following command:
$ bazel test //...
If you need to debug an issue that can only be reproduced by an integration test (java_fuzz_target_test), you can start Jazzer in debug mode via --config=debug. The JVM running Jazzer will suspend until a debugger connects on port 5005 (or the port specified via DEFAULT_JVM_DEBUG_PORT).
Run ./format.sh to format all source files in the way enforced by the “Check formatting” CI job.
Requires an account on Sonatype with access to the com.code-intelligence group as well as a YubiKey with the signing key.
sudo apt-get install gnupg2 gnupg-agent scdaemon pcscd.mkdir -p ~/.gnupg && echo use-agent >> ~/.gnupg/gpg.conf to enable GPG's smart card support.cat deploy/maven.pub | gpg --import to import the public key used for Maven signaturesgpg --card-status to generate a key stub. If you see a No such device error, retry after executing killall gpg-agent; killall pcscd to remove existing locks on the YubiKey.Update JAZZER_VERSION in maven.bzl.
Create a release, using the auto-generated changelog as a base for the release notes.
Trigger the “Release” GitHub Actions workflow for the tag. This builds release archives for GitHub as well as the multi-architecture jar for the com.code-intelligence:jazzer Maven artifact.
Create a GitHub release and upload the contents of the jazzer_releases artifact from the workflow run.
Check out the tag locally and, with the YubiKey plugged in, run bazel run //deploy with the following environment variables to upload the Maven artifacts:
JAZZER_JAR_PATH: local path of the multi-architecture jazzer.jar contained in the jazzer artifact of the “Release” workflowMAVEN_USER: username on https://oss.sonatype.orgMAVEN_PASSWORD: password on https://oss.sonatype.orgThe YubiKey blinks repeatedly and needs a touch to confirm each individual signature.
Log into https://oss.sonatype.org, select both staging repositories and “Close” them. Wait and refresh, then select them again and “Release” them.
Locally, with Docker credentials available, run docker/push_all.sh to build and push the cifuzz/jazzer and cifuzz/jazzer-autofuzz Docker images.
Javadocs are hosted at https://codeintelligencetesting.github.io/jazzer-docs, which is populated from https://github.com/CodeIntelligenceTesting/jazzer-docs.
To update the docs after a release with API changes, follow these steps to get properly linked cross-references:
jazzer-api subdirectory of jazzer-docs.bazel build --//deploy:linked_javadoc //deploy:jazzer-api-docs and unpack the jar into the jazzer-api subdirectory of jazzer-docs.jazzer-api replaced by jazzer and then by jazzer-junit.