1*33edd672SMark## Building Jazzer from source 2*33edd672SMark 3*33edd672SMark### Dependencies 4*33edd672SMark 5*33edd672SMarkJazzer has the following dependencies when being built from source: 6*33edd672SMark 7*33edd672SMark* [Bazelisk](https://github.com/bazelbuild/bazelisk) or the version of Bazel specified in [`.bazelversion`](.bazelversion) 8*33edd672SMark* One of the following C++ compilers: 9*33edd672SMark * [Clang](https://clang.llvm.org/) 9.0+ (clang-cl on Windows) 10*33edd672SMark * Xcode (Xcode.app is required, not just the developer tools) 11*33edd672SMark * GCC (should work with `--repo_env=CC=gcc`, but is not tested) 12*33edd672SMark 13*33edd672SMarkIt is recommended to use [Bazelisk](https://github.com/bazelbuild/bazelisk) to automatically download and install Bazel. 14*33edd672SMarkSimply download the release binary for your OS and architecture and ensure that it is available in the `PATH`. 15*33edd672SMarkThe instructions below will assume that this binary is called `bazel` - Bazelisk is a thin wrapper around the actual Bazel binary and can be used interchangeably. 16*33edd672SMark 17*33edd672SMark### Compiling 18*33edd672SMark 19*33edd672SMarkAssuming the dependencies are installed, build Jazzer from source and run it as follows: 20*33edd672SMark 21*33edd672SMark```bash 22*33edd672SMark$ git clone https://github.com/CodeIntelligenceTesting/jazzer 23*33edd672SMark$ cd jazzer 24*33edd672SMark# Note the double dash used to pass <arguments> to Jazzer rather than Bazel. 25*33edd672SMark$ bazel run //:jazzer -- <arguments> 26*33edd672SMark``` 27*33edd672SMark 28*33edd672SMarkYou can also build your own version of the release binaries: 29*33edd672SMark 30*33edd672SMark```bash 31*33edd672SMark$ bazel build //:jazzer_release 32*33edd672SMark... 33*33edd672SMarkINFO: Found 1 target... 34*33edd672SMarkTarget //:jazzer_release up-to-date: 35*33edd672SMark bazel-bin/jazzer_release.tar.gz 36*33edd672SMark... 37*33edd672SMark``` 38*33edd672SMark 39*33edd672SMark### Running the tests 40*33edd672SMark 41*33edd672SMarkTo run the tests, execute the following command: 42*33edd672SMark 43*33edd672SMark```bash 44*33edd672SMark$ bazel test //... 45*33edd672SMark``` 46*33edd672SMark 47*33edd672SMark#### Debugging 48*33edd672SMark 49*33edd672SMarkIf you need to debug an issue that can only be reproduced by an integration test (`java_fuzz_target_test`), you can start Jazzer in debug mode via `--config=debug`. 50*33edd672SMarkThe JVM running Jazzer will suspend until a debugger connects on port 5005 (or the port specified via `DEFAULT_JVM_DEBUG_PORT`). 51*33edd672SMark 52*33edd672SMark### Formatting 53*33edd672SMark 54*33edd672SMarkRun `./format.sh` to format all source files in the way enforced by the "Check formatting" CI job. 55*33edd672SMark 56*33edd672SMark## Releasing (CI employees only) 57*33edd672SMark 58*33edd672SMarkRequires an account on [Sonatype](https://issues.sonatype.org) with access to the `com.code-intelligence` group as well as a YubiKey with the signing key. 59*33edd672SMark 60*33edd672SMark### One-time setup 61*33edd672SMark 62*33edd672SMark1. Install GPG prerequisites via `sudo apt-get install gnupg2 gnupg-agent scdaemon pcscd`. 63*33edd672SMark2. Execute `mkdir -p ~/.gnupg && echo use-agent >> ~/.gnupg/gpg.conf` to enable GPG's smart card support. 64*33edd672SMark3. Execute `cat deploy/maven.pub | gpg --import` to import the public key used for Maven signatures 65*33edd672SMark4. Plug in the YubiKey and execute `gpg --card-status` to generate a key stub. 66*33edd672SMark If you see a `No such device` error, retry after executing `killall gpg-agent; killall pcscd` to remove existing locks on the YubiKey. 67*33edd672SMark 68*33edd672SMark### Per release 69*33edd672SMark 70*33edd672SMark1. Update `JAZZER_VERSION` in [`maven.bzl`](maven.bzl). 71*33edd672SMark2. Create a release, using the auto-generated changelog as a base for the release notes. 72*33edd672SMark3. Trigger the "Release" GitHub Actions workflow for the tag. 73*33edd672SMark This builds release archives for GitHub as well as the multi-architecture jar for the `com.code-intelligence:jazzer` Maven artifact. 74*33edd672SMark4. Create a GitHub release and upload the contents of the `jazzer_releases` artifact from the workflow run. 75*33edd672SMark5. Check out the tag locally and, with the YubiKey plugged in, run `bazel run //deploy` with the following environment variables to upload the Maven artifacts: 76*33edd672SMark * `JAZZER_JAR_PATH`: local path of the multi-architecture `jazzer.jar` contained in the `jazzer` artifact of the "Release" workflow 77*33edd672SMark * `MAVEN_USER`: username on https://oss.sonatype.org 78*33edd672SMark * `MAVEN_PASSWORD`: password on https://oss.sonatype.org 79*33edd672SMark 80*33edd672SMark The YubiKey blinks repeatedly and needs a touch to confirm each individual signature. 81*33edd672SMark6. Log into https://oss.sonatype.org, select both staging repositories and "Close" them. 82*33edd672SMark Wait and refresh, then select them again and "Release" them. 83*33edd672SMark7. Locally, with Docker credentials available, run `docker/push_all.sh` to build and push the `cifuzz/jazzer` and `cifuzz/jazzer-autofuzz` Docker images. 84*33edd672SMark 85*33edd672SMark### Updating the hosted javadocs 86*33edd672SMark 87*33edd672SMarkJavadocs are hosted at https://codeintelligencetesting.github.io/jazzer-docs, which is populated from https://github.com/CodeIntelligenceTesting/jazzer-docs. 88*33edd672SMark 89*33edd672SMarkTo update the docs after a release with API changes, follow these steps to get properly linked cross-references: 90*33edd672SMark 91*33edd672SMark1. Delete the contents of the `jazzer-api` subdirectory of `jazzer-docs`. 92*33edd672SMark2. Run `bazel build --//deploy:linked_javadoc //deploy:jazzer-api-docs` and unpack the jar into the `jazzer-api` subdirectory of `jazzer-docs`. 93*33edd672SMark3. Commit and push the changes, then wait for them to be published (can take a minute). 94*33edd672SMark4. Repeat the same steps with `jazzer-api` replaced by `jazzer` and then by `jazzer-junit`. 95