From: Kostya Serebryany <kcc@google.com>
Date: Fri, 28 Oct 2016 16:55:29 +0000 (+0000)
Subject: [libFuzzer] a bit more docs
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a3dd1fe4c0648065c64ebfbe7414f9900a829362;p=llvm

[libFuzzer] a bit more docs

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285415 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst
index a467e010d3d..ddabee476bc 100644
--- a/docs/LibFuzzer.rst
+++ b/docs/LibFuzzer.rst
@@ -80,7 +80,9 @@ Some important things to remember about fuzz targets:
 * The fuzzing engine will execute the fuzz target many times with different inputs in the same process.
 * It must tolerate any kind of input (empty, huge, malformed, etc).
 * It must not `exit()` on any input.
-* It may use multiple threads but ideally all threads should be joined at the end of the function.
+* It may use threads but ideally all threads should be joined at the end of the function.
+* It must be as deterministic as possible. Non-determinism (e.g. random decisions not based on the input byte) will make fuzzing inefficient.
+* It must be fast. Try avoiding cubic or greater complexity.
 * Ideally, it should not modify any global state (although that's not strict).