-
Notifications
You must be signed in to change notification settings - Fork 112
JQF Maven Plugin
The JQF maven plugin allows you to fuzz your JQF tests without having to clone the JQF repo and run shell scripts. Once you have written a JQF test using the Maven dependency on jqf-fuzz for the API, you are ready to use the plugin.
Add this in your pom.xml file:
<build>
<plugins>
<plugin>
<groupId>edu.berkeley.cs.jqf</groupId>
<artifactId>jqf-maven-plugin</artifactId>
<version>1.0-alpha-2</version>
</plugin>
</plugins>
</build>Note: You may want to double-check what is the latest released version, since this wiki page may go out of date. Use the version string after the prefix "jqf-" (e.g. if the release is "jqf-1.0-beta-1" then use "1.0-beta-1" as version).
Run the command:
mvn jqf:fuzz -Dclass=<fully-qualified-class-name> -Dmethod=<method-name>
Where the class and method names are for the target you are trying to fuzz. See Writing a JQF test.
For example, in the JQF examples project directory,
mvn jqf:fuzz -Dclass=edu.berkeley.cs.jqf.examples.closure.CompilerTest -Dmethod=testWithGenerator
The results of fuzzing are usually saved in a directory such as target/fuzz-results/<class-name>/<method-name>, but this can be changed (along with many other things such timeouts and which classes to include/exclude from instrumentation). To get a full list of configuration commands, ask Maven to describe the plugin's options:
mvn help:describe -Dplugin=jqf -Ddetail
Once the fuzzing stops due to a timeout or a CTRL+C, you can reproduce a generated input (such as a failure). Run the command:
mvn jqf:fuzz -Dclass=<fully-qualified-class-name> -Dmethod=<method-name> -Dinput=<file-name>`
For example,
mvn jqf:repro -Dclass=edu.berkeley.cs.jqf.examples.closure.CompilerTest -Dmethod=testWithGenerator -Dinput=target/fuzz-results/edu.berkeley.cs.jqf.examples.closure.CompilerTest/testWithGenerator/corpus/id_000028
The source code examples in the wiki pages can be freely re-used under the same license as the rest of JQF.