| OLD | NEW |
|---|
| 1 # libFuzzer and ClusterFuzz Integration | 1 # libFuzzer and ClusterFuzz Integration |
| 2 | 2 |
| 3 *** note | 3 *** note |
| 4 Most links on this page are private. | 4 Most links on this page are private. |
| 5 *** | 5 *** |
| 6 | 6 |
| 7 ClusterFuzz is a distributed fuzzing infrastructure | 7 ClusterFuzz is a distributed fuzzing infrastructure |
| 8 ([go/clusterfuzz](https://goto.google.com/clusterfuzz)) that automatically | 8 ([go/clusterfuzz](https://goto.google.com/clusterfuzz)) that automatically |
| 9 executes libFuzzer tests on scale. | 9 executes libFuzzer tests on scale. |
| 10 | 10 |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 * ClusterFuzz downloads new binaries once a day and runs fuzzers continuously. | 28 * ClusterFuzz downloads new binaries once a day and runs fuzzers continuously. |
| 29 * Fuzzer run logs are uploaded to [ClusterFuzz libFuzzer Logs] GCS bucket. | 29 * Fuzzer run logs are uploaded to [ClusterFuzz libFuzzer Logs] GCS bucket. |
| 30 * Fuzzing corpus is maintained for each fuzzer in [Corpus GCS Bucket]. Once a da
y | 30 * Fuzzing corpus is maintained for each fuzzer in [Corpus GCS Bucket]. Once a da
y |
| 31 corpus is minimized to reduce number of duplicates and/or reduce effect of | 31 corpus is minimized to reduce number of duplicates and/or reduce effect of |
| 32 parasitic coverage. | 32 parasitic coverage. |
| 33 * [ClusterFuzz Fuzzer Status] displays fuzzer runtime | 33 * [ClusterFuzz Fuzzer Status] displays fuzzer runtime |
| 34 metrics as well as provides links to crashes and coverage reports. The informati
on | 34 metrics as well as provides links to crashes and coverage reports. The informati
on |
| 35 is collected every 30 minutes. | 35 is collected every 30 minutes. |
| 36 | 36 |
| 37 | 37 |
| 38 ## Corpus |
| 39 ClusterFuzz uses two corpus types with libFuzzer: |
| 40 |
| 41 * **Seed** (or **static**) corpus: files manually uploaded by developers. |
| 42 ClusterFuzz uses these files for fuzzing but doesn't delete/overwrite them. |
| 43 |
| 44 * **General** (or **working**) corpus: files generated by fuzzers themselves. |
| 45 These corpus files are frequently modified during fuzzing sessions and can be |
| 46 deleted during corpus minimization. |
| 47 |
| 48 A fuzzer has two input corpus directories, seed and general, but its output |
| 49 goes into general corpus directory. Seed corpus is read-only. |
| 50 |
| 51 |
| 38 [Buildbot]: https://goto.google.com/libfuzzer-clusterfuzz-buildbot | 52 [Buildbot]: https://goto.google.com/libfuzzer-clusterfuzz-buildbot |
| 39 [fuzzer_test.gni]: https://code.google.com/p/chromium/codesearch#chromium/src/te
sting/libfuzzer/fuzzer_test.gni | 53 [fuzzer_test.gni]: https://code.google.com/p/chromium/codesearch#chromium/src/te
sting/libfuzzer/fuzzer_test.gni |
| 40 [chromium_libfuzzer.py]: https://code.google.com/p/chromium/codesearch#chromium/
build/scripts/slave/recipes/chromium_libfuzzer.py | 54 [chromium_libfuzzer.py]: https://code.google.com/p/chromium/codesearch#chromium/
build/scripts/slave/recipes/chromium_libfuzzer.py |
| 41 [ClusterFuzz Fuzzer Status]: https://goto.google.com/libfuzzer-clusterfuzz-statu
s | 55 [ClusterFuzz Fuzzer Status]: https://goto.google.com/libfuzzer-clusterfuzz-statu
s |
| 42 [ClusterFuzz libFuzzer Logs]: https://goto.google.com/libfuzzer-clusterfuzz-logs | 56 [ClusterFuzz libFuzzer Logs]: https://goto.google.com/libfuzzer-clusterfuzz-logs |
| 43 [Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus | 57 [Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1896123002:
[libfuzzer] Update documentation on UBSan options and Upload Corpus section. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master