testing/libfuzzer/clusterfuzz.md - Issue 1896123002: [libfuzzer] Update documentation on UBSan options and Upload Corpus section.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: testing/libfuzzer/clusterfuzz.md

Issue 1896123002: [libfuzzer] Update documentation on UBSan options and Upload Corpus section. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixed nits, added documentation on seed corpus stored in the repo. Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: testing/libfuzzer/clusterfuzz.md

diff --git a/testing/libfuzzer/clusterfuzz.md b/testing/libfuzzer/clusterfuzz.md

index 513b45eaf2d2f6b169695af6f9f9cdb7bca34234..581c239184e4b8312c84a689031a0fbe5ac7ca90 100644

--- a/testing/libfuzzer/clusterfuzz.md

+++ b/testing/libfuzzer/clusterfuzz.md

@@ -35,6 +35,52 @@ metrics as well as provides links to crashes and coverage reports. The informati

is collected every 30 minutes.

+## Upload Corpus

+ClusterFuzz uses two corpus types with libFuzzer:

+1) **Seed** (or **static**) corpus: files manually uploaded by developers.

+ClusterFuzz uses these files for fuzzing but doesn't delete/overwrite them.

+2) **General** (or **working**) corpus: files generated by fuzzers themselves.

+These corpus files are frequently modified during fuzzing sessions and can be

+deleted during corpus minimization.

+A fuzzer has two input corpus directories, seed and general, but its output

+goes into general corpus directory. Seed corpus is read-only.

+ClusterFuzz supports two sources of seed corpus.

+#### Chromium repository

aizatsky 2016/04/19 18:42:43 Let's move this section to efficient_fuzzing.

mmoroz 2016/04/20 12:38:20 Done.

+To use corpus stored in the repository you need to add `seed_corpus` attribute

+to fuzzer target:

+```

+fuzzer_test("my_protocol_fuzzer") {

+ ...

+ seed_corpus = "src/fuzz/testcases"

+ ...

+```

+#### Google Cloud Storage

+If you don't want to store seed corpus in Chromium repository, you can upload

+it into Google Cloud Storage bucket:

+1) go to [Corpus GCS Bucket]

+2) open directory named `%YOUR_FUZZER_NAME%_static`

+3) upload corpus files into the directory

+Alternative way is to use `gsutil` tool:

+```bash

+gsutil -m rsync <corpus_dir_on_disk> gs://clusterfuzz-corpus/libfuzzer/%YOUR_FUZZER_NAME%_static

+```

[Buildbot]: https://goto.google.com/libfuzzer-clusterfuzz-buildbot

[fuzzer_test.gni]: https://code.google.com/p/chromium/codesearch#chromium/src/testing/libfuzzer/fuzzer_test.gni

[chromium_libfuzzer.py]: https://code.google.com/p/chromium/codesearch#chromium/build/scripts/slave/recipes/chromium_libfuzzer.py

« no previous file with comments | « no previous file | testing/libfuzzer/efficient_fuzzer.md » ('j') | testing/libfuzzer/getting_started.md » ('J')