From bb4a3c71ef352d2fdb5bb5bfa9b11b72bb3d28d5 Mon Sep 17 00:00:00 2001
From: Elliot Gorokhovsky <embg@fb.com>
Date: Wed, 22 Jun 2022 18:02:07 -0700
Subject: [PATCH] Update README.md for fuzzers (#3174)

* Update README.md for fuzzers

* Add ls corpora/*crash command

* nit

* Clarify wording and add Nick's command

* Minor clarification
---
 tests/fuzz/README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/fuzz/README.md b/tests/fuzz/README.md
index 71afa4063..4ff7fe3ac 100644
--- a/tests/fuzz/README.md
+++ b/tests/fuzz/README.md
@@ -50,6 +50,20 @@ See the help of the relevant command for options.
 Flags not parsed by `fuzz.py` are passed to the fuzzing engine.
 The command used to run the fuzzer is printed for debugging.
 
+Here's a helpful command to fuzz each target across all cores,
+stopping only if a bug is found:
+```
+for target in $(./fuzz.py list); do
+    ./fuzz.py libfuzzer $target -jobs=10 -workers=10 -max_total_time=1000 || break;
+done
+```
+Alternatively, you can fuzz all targets in parallel, using one core per target:
+```
+python3 ./fuzz.py list | xargs -P$(python3 ./fuzz.py list | wc -l) -I__ sh -c "python3 ./fuzz.py libfuzzer __ 2>&1 | tee __.log"
+```
+Either way, to double-check that no crashes were found, run `ls corpora/*crash`. 
+If any crashes were found, you can use the hashes to reproduce them.
+
 ## LibFuzzer
 
 ```
-- 
2.47.2