testing/libfuzzer/clusterfuzz.md - Issue 1896123002: [libfuzzer] Update documentation on UBSan options and Upload Corpus section.

Side by Side Diff: testing/libfuzzer/clusterfuzz.md

Issue 1896123002: [libfuzzer] Update documentation on UBSan options and Upload Corpus section. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 # libFuzzer and ClusterFuzz Integration	1 # libFuzzer and ClusterFuzz Integration

2	2

3 *** note	3 *** note

4 Most links on this page are private.	4 Most links on this page are private.

5 ***	5 ***

6	6

7 ClusterFuzz is a distributed fuzzing infrastructure	7 ClusterFuzz is a distributed fuzzing infrastructure

8 ([go/clusterfuzz](https://goto.google.com/clusterfuzz)) that automatically	8 ([go/clusterfuzz](https://goto.google.com/clusterfuzz)) that automatically

9 executes libFuzzer tests on scale.	9 executes libFuzzer tests on scale.

10	10

(...skipping 17 matching lines...) Expand all Loading...
28 * ClusterFuzz downloads new binaries once a day and runs fuzzers continuously.	28 * ClusterFuzz downloads new binaries once a day and runs fuzzers continuously.

29 * Fuzzer run logs are uploaded to [ClusterFuzz libFuzzer Logs] GCS bucket.	29 * Fuzzer run logs are uploaded to [ClusterFuzz libFuzzer Logs] GCS bucket.

30 * Fuzzing corpus is maintained for each fuzzer in [Corpus GCS Bucket]. Once a da y	30 * Fuzzing corpus is maintained for each fuzzer in [Corpus GCS Bucket]. Once a da y

31 corpus is minimized to reduce number of duplicates and/or reduce effect of	31 corpus is minimized to reduce number of duplicates and/or reduce effect of

32 parasitic coverage.	32 parasitic coverage.

33 * [ClusterFuzz Fuzzer Status] displays fuzzer runtime	33 * [ClusterFuzz Fuzzer Status] displays fuzzer runtime

34 metrics as well as provides links to crashes and coverage reports. The informati on	34 metrics as well as provides links to crashes and coverage reports. The informati on

35 is collected every 30 minutes.	35 is collected every 30 minutes.

36	36

37	37

	38 ## Upload Corpus

	39 There are two types of corpus used by libFuzzers at ClusterFuzz:
	Martin Barbella 2016/04/19 15:44:41 ClusterFuzz uses two corpus types with libFuzzer: ClusterFuzz uses two corpus types with libFuzzer: mmoroz 2016/04/19 17:46:36 Done. Show quoted text On 2016/04/19 15:44:41, Martin Barbella wrote: > ClusterFuzz uses two corpus types with libFuzzer: Done.
	40

	41 1) Seed (or static) corpus: files manually uploaded by developers.

	42 ClusterFuzz uses these files for fuzzing but doesn't delete/overwrite them.

	43

	44 2) General (or working) corpus: files generated by fuzzers themselves.

	45 These corpus files are frequently modified during fuzzing sessions and can be

	46 deleted during corpus minimization.

	47

	48 Literally, a fuzzer has two input corpus directories (seed and general), but
	Martin Barbella 2016/04/19 15:44:41 Remove "Literally, " (seed and general), -> , seed Remove "Literally, " (seed and general), -> , seed and general, mmoroz 2016/04/19 17:46:36 Done. Show quoted text On 2016/04/19 15:44:41, Martin Barbella wrote: > Remove "Literally, " > (seed and general), -> , seed and general, Done.
	49 its output goes into general corpus directory. Seed corpus is read-only.

	50

	51 To upload seed corpus for libFuzzer being run at ClusterFuzz:
	Martin Barbella 2016/04/19 15:44:41 for a libFuzzer for a libFuzzer mmoroz 2016/04/19 17:46:36 Done. Show quoted text On 2016/04/19 15:44:41, Martin Barbella wrote: > for a libFuzzer Done.
	52

	53 1) go to [Corpus GCS Bucket]

	54

	55 2) open directory named `%YOUR_FUZZER_NAME%_static`

	56

	57 3) upload corpus files into the directory

	58

	59

	60 Alternative way is to use `gsutil` tool:

	61 ```bash

	62 gsutil -m rsync <corpus_dir_on_disk> gs://clusterfuzz-corpus/libfuzzer/%YOUR_FUZ ZER_NAME%_static

	63 ```

	64

38 [Buildbot]: https://goto.google.com/libfuzzer-clusterfuzz-buildbot	65 [Buildbot]: https://goto.google.com/libfuzzer-clusterfuzz-buildbot

39 [fuzzer_test.gni]: https://code.google.com/p/chromium/codesearch#chromium/src/te sting/libfuzzer/fuzzer_test.gni	66 [fuzzer_test.gni]: https://code.google.com/p/chromium/codesearch#chromium/src/te sting/libfuzzer/fuzzer_test.gni

40 [chromium_libfuzzer.py]: https://code.google.com/p/chromium/codesearch#chromium/ build/scripts/slave/recipes/chromium_libfuzzer.py	67 [chromium_libfuzzer.py]: https://code.google.com/p/chromium/codesearch#chromium/ build/scripts/slave/recipes/chromium_libfuzzer.py

41 [ClusterFuzz Fuzzer Status]: https://goto.google.com/libfuzzer-clusterfuzz-statu s	68 [ClusterFuzz Fuzzer Status]: https://goto.google.com/libfuzzer-clusterfuzz-statu s

42 [ClusterFuzz libFuzzer Logs]: https://goto.google.com/libfuzzer-clusterfuzz-logs	69 [ClusterFuzz libFuzzer Logs]: https://goto.google.com/libfuzzer-clusterfuzz-logs

43 [Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus	70 [Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus

OLD	NEW

« no previous file with comments | « no previous file | testing/libfuzzer/efficient_fuzzer.md » ('j') | no next file with comments »