=== Setup
Required packages: afl

==== Compiling Qt
This will build an instrumented Qt:

[source, sh]
----
export CC=$(which afl-gcc)
export CXX=$(which afl-g++)
./configure ...
make
----

=== Running the fuzzer
[source, sh]
----
cd /sys/devices/system/cpu
su
echo performance | tee cpu*/cpufreq/scaling_governor
exit

cd $testdir
afl-fuzz -m 512 -t 40 -i $input -o $output -- $testexe @@

# see for available scaling_governor values:
cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors

cd /sys/devices/system/cpu
su
echo powersave | tee cpu*/cpufreq/scaling_governor
exit
----

The $input directory contains your reference input files, while the findings of the fuzzers will be written in $output.

@@ gets replaced by the name of a file generated by AFL, containing the mutated input.

=== Using ramdisk for tests
[source, sh]
----
$ mkdir afl
# mount -t tmpfs -o size=1024M tmpfs afl/
$ cd afl/
$ afl-fuzz -i inputs -o findings ...
----

=== Sources
1. https://www.kdab.com/fuzzing-qt-fun-profit/