Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: testing/libfuzzer/clusterfuzz.md

Issue 1896123002: [libfuzzer] Update documentation on UBSan options and Upload Corpus section. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed nits, added documentation on seed corpus stored in the repo. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | testing/libfuzzer/efficient_fuzzer.md » ('j') | testing/libfuzzer/getting_started.md » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # libFuzzer and ClusterFuzz Integration 1 # libFuzzer and ClusterFuzz Integration
2 2
3 *** note 3 *** note
4 Most links on this page are private. 4 Most links on this page are private.
5 *** 5 ***
6 6
7 ClusterFuzz is a distributed fuzzing infrastructure 7 ClusterFuzz is a distributed fuzzing infrastructure
8 ([go/clusterfuzz](https://goto.google.com/clusterfuzz)) that automatically 8 ([go/clusterfuzz](https://goto.google.com/clusterfuzz)) that automatically
9 executes libFuzzer tests on scale. 9 executes libFuzzer tests on scale.
10 10
(...skipping 17 matching lines...) Expand all
28 * ClusterFuzz downloads new binaries once a day and runs fuzzers continuously. 28 * ClusterFuzz downloads new binaries once a day and runs fuzzers continuously.
29 * Fuzzer run logs are uploaded to [ClusterFuzz libFuzzer Logs] GCS bucket. 29 * Fuzzer run logs are uploaded to [ClusterFuzz libFuzzer Logs] GCS bucket.
30 * Fuzzing corpus is maintained for each fuzzer in [Corpus GCS Bucket]. Once a da y 30 * Fuzzing corpus is maintained for each fuzzer in [Corpus GCS Bucket]. Once a da y
31 corpus is minimized to reduce number of duplicates and/or reduce effect of 31 corpus is minimized to reduce number of duplicates and/or reduce effect of
32 parasitic coverage. 32 parasitic coverage.
33 * [ClusterFuzz Fuzzer Status] displays fuzzer runtime 33 * [ClusterFuzz Fuzzer Status] displays fuzzer runtime
34 metrics as well as provides links to crashes and coverage reports. The informati on 34 metrics as well as provides links to crashes and coverage reports. The informati on
35 is collected every 30 minutes. 35 is collected every 30 minutes.
36 36
37 37
38 ## Upload Corpus
39 ClusterFuzz uses two corpus types with libFuzzer:
40
41 1) **Seed** (or **static**) corpus: files manually uploaded by developers.
42 ClusterFuzz uses these files for fuzzing but doesn't delete/overwrite them.
43
44 2) **General** (or **working**) corpus: files generated by fuzzers themselves.
45 These corpus files are frequently modified during fuzzing sessions and can be
46 deleted during corpus minimization.
47
48 A fuzzer has two input corpus directories, seed and general, but its output
49 goes into general corpus directory. Seed corpus is read-only.
50
51 ClusterFuzz supports two sources of seed corpus.
52
53 #### Chromium repository
aizatsky 2016/04/19 18:42:43 Let's move this section to efficient_fuzzing.
mmoroz 2016/04/20 12:38:20 Done.
54
55 To use corpus stored in the repository you need to add `seed_corpus` attribute
56 to fuzzer target:
57
58 ```
59 fuzzer_test("my_protocol_fuzzer") {
60 ...
61 seed_corpus = "src/fuzz/testcases"
62 ...
63 }
64 ```
65
66 #### Google Cloud Storage
67
68 If you don't want to store seed corpus in Chromium repository, you can upload
69 it into Google Cloud Storage bucket:
70
71
72 1) go to [Corpus GCS Bucket]
73
74 2) open directory named `%YOUR_FUZZER_NAME%_static`
75
76 3) upload corpus files into the directory
77
78
79 Alternative way is to use `gsutil` tool:
80 ```bash
81 gsutil -m rsync <corpus_dir_on_disk> gs://clusterfuzz-corpus/libfuzzer/%YOUR_FUZ ZER_NAME%_static
82 ```
83
38 [Buildbot]: https://goto.google.com/libfuzzer-clusterfuzz-buildbot 84 [Buildbot]: https://goto.google.com/libfuzzer-clusterfuzz-buildbot
39 [fuzzer_test.gni]: https://code.google.com/p/chromium/codesearch#chromium/src/te sting/libfuzzer/fuzzer_test.gni 85 [fuzzer_test.gni]: https://code.google.com/p/chromium/codesearch#chromium/src/te sting/libfuzzer/fuzzer_test.gni
40 [chromium_libfuzzer.py]: https://code.google.com/p/chromium/codesearch#chromium/ build/scripts/slave/recipes/chromium_libfuzzer.py 86 [chromium_libfuzzer.py]: https://code.google.com/p/chromium/codesearch#chromium/ build/scripts/slave/recipes/chromium_libfuzzer.py
41 [ClusterFuzz Fuzzer Status]: https://goto.google.com/libfuzzer-clusterfuzz-statu s 87 [ClusterFuzz Fuzzer Status]: https://goto.google.com/libfuzzer-clusterfuzz-statu s
42 [ClusterFuzz libFuzzer Logs]: https://goto.google.com/libfuzzer-clusterfuzz-logs 88 [ClusterFuzz libFuzzer Logs]: https://goto.google.com/libfuzzer-clusterfuzz-logs
43 [Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus 89 [Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus
OLDNEW
« no previous file with comments | « no previous file | testing/libfuzzer/efficient_fuzzer.md » ('j') | testing/libfuzzer/getting_started.md » ('J')

Powered by Google App Engine
This is Rietveld 408576698