testing/libfuzzer/reproducing.md - Issue 2280913002: [libfuzzer] Update GN flags for reproducing bugs.

Side by Side Diff: testing/libfuzzer/reproducing.md

Issue 2280913002: [libfuzzer] Update GN flags for reproducing bugs. (Closed)

Patch Set: Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 # Reproducing ClusterFuzz bugs locally	1 # Reproducing ClusterFuzz bugs locally

2	2

3 ClusterFuzz will report bugs in the bug tracker in the following form:	3 ClusterFuzz will report bugs in the bug tracker in the following form:

4	4

5 ```	5 ```

6 Detailed report: https://cluster-fuzz.appspot.com/testcase?key=...	6 Detailed report: https://cluster-fuzz.appspot.com/testcase?key=...

7	7

8 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer	8 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer

9 Job Type: libfuzzer_chrome_asan	9 Job Type: libfuzzer_chrome_asan

10 Platform Id: linux	10 Platform Id: linux

(...skipping 25 matching lines...) Expand all Loading...
36 string specified after the "Fuzzer :" in the report, but without the	36 string specified after the "Fuzzer :" in the report, but without the

37 "libfuzzer_" or "afl_" prefix. In this case, the `$FUZZER_NAME` is	37 "libfuzzer_" or "afl_" prefix. In this case, the `$FUZZER_NAME` is

38 "media_pipeline_integration_fuzzer".	38 "media_pipeline_integration_fuzzer".

39	39

40 3. Follow the steps in one of the subsequent sections (from a chromium	40 3. Follow the steps in one of the subsequent sections (from a chromium

41 checkout). The string specified after the "Job Type: " will be either	41 checkout). The string specified after the "Job Type: " will be either

42 `afl_chrome_asan`, `libfuzzer_chrome_asan`, `libfuzzer_chrome_msan`, or	42 `afl_chrome_asan`, `libfuzzer_chrome_asan`, `libfuzzer_chrome_msan`, or

43 `libfuzzer_chrome_ubsan`, indicating which one to use.	43 `libfuzzer_chrome_ubsan`, indicating which one to use.

44	44

45	45

	46 Note: ClusterFuzz uses release builds by default, so it may be worth adding

	47 `is_debug=false` to your GN args if you are having trouble reproducing a

	48 particular report. For ASan builds both Debug and Release configurations are

	49 supported. Check a job type of the report for presence of `_debug` suffix.

	50

	51

46 ### Reproducing AFL + ASan bugs	52 ### Reproducing AFL + ASan bugs

47 ```bash	53 ```bash

48 $ gn gen out/afl '--args=use_afl=true is_asan=true enable_nacl=false proprietary _codecs=true'	54 $ gn gen out/afl '--args=use_afl=true is_asan=true enable_nacl=false proprietary _codecs=true ffmpeg_branding="Chrome"'
	inferno 2016/08/26 14:45:26 Most devs will be using is_debug=false, so lets ma Most devs will be using is_debug=false, so lets make it default for asan too. and then fix your above comment. Also, add point about ffmpeg_branding=ChromeOS for linux, ffmpeg_branding=Chrome for other platforms. mmoroz 2016/08/26 16:35:59 Done. Show quoted text On 2016/08/26 14:45:26, inferno wrote: > Most devs will be using is_debug=false, so lets make it default for asan too. > and then fix your above comment. > > Also, add point about ffmpeg_branding=ChromeOS for linux, ffmpeg_branding=Chrome > for other platforms. Done.
49 $ ninja -C out/afl $FUZZER_NAME	55 $ ninja -C out/afl $FUZZER_NAME

50 $ out/afl/$FUZZER_NAME < /path/to/repro	56 $ out/afl/$FUZZER_NAME < /path/to/repro

51 ```	57 ```

52	58

53 ### Reproducing LibFuzzer + ASan bugs	59 ### Reproducing LibFuzzer + ASan bugs

54	60

55 ```bash	61 ```bash

56 $ gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true enable_nacl=false proprietary_codecs=true'	62 $ gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true enable_nacl=false proprietary_codecs=true ffmpeg_branding="Chrome"'

57 $ ninja -C out/libfuzzer $FUZZER_NAME	63 $ ninja -C out/libfuzzer $FUZZER_NAME

58 $ out/libfuzzer/$FUZZER_NAME /path/to/repro	64 $ out/libfuzzer/$FUZZER_NAME /path/to/repro

59 ```	65 ```

60	66

61 ### Reproducing LibFuzzer + MSan bugs	67 ### Reproducing LibFuzzer + MSan bugs

62	68

63 ```bash	69 ```bash

64 # The gclient sync is necessary to pull in instrumented libraries.	70 # The gclient sync is necessary to pull in instrumented libraries.

65 $ GYP_DEFINES='msan=1 use_prebuilt_instrumented_libraries=1' gclient sync	71 $ GYP_DEFINES='msan=1 use_prebuilt_instrumented_libraries=1' gclient sync

66 $ gn gen out/libfuzzer '--args=use_libfuzzer=true is_msan=true msan_track_origin s=2 use_prebuilt_instrumented_libraries=true enable_nacl=false proprietary_codec s=true'	72 $ gn gen out/libfuzzer '--args=is_debug=false use_libfuzzer=true is_msan=true ms an_track_origins=2 use_prebuilt_instrumented_libraries=true enable_nacl=false pr oprietary_codecs=true ffmpeg_branding="Chrome"'

67 $ ninja -C out/libfuzzer $FUZZER_NAME	73 $ ninja -C out/libfuzzer $FUZZER_NAME

68 $ out/libfuzzer/$FUZZER_NAME /path/to/repro	74 $ out/libfuzzer/$FUZZER_NAME /path/to/repro

69 ```	75 ```

70	76

71 ### Reproducing LibFuzzer + UBSan bugs	77 ### Reproducing LibFuzzer + UBSan bugs

72	78

73 ```bash	79 ```bash

74 $ gn gen out/libfuzzer '--args=use_libfuzzer=true is_ubsan_security=true enable_ nacl=false proprietary_codecs=true'	80 $ gn gen out/libfuzzer '--args=is_debug=false use_libfuzzer=true is_ubsan_securi ty=true enable_nacl=false proprietary_codecs=true ffmpeg_branding="Chrome"'

75 $ ninja -C out/libfuzzer $FUZZER_NAME	81 $ ninja -C out/libfuzzer $FUZZER_NAME

76 $ export UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1	82 $ export UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1

77 $ out/libfuzzer/$FUZZER_NAME /path/to/repro	83 $ out/libfuzzer/$FUZZER_NAME /path/to/repro

78 ```	84 ```

79	85

80 Note: ClusterFuzz uses release builds by default, so it may be worth adding

81 "is_debug=false" to your GN args if you are having trouble reproducing a

82 particular report.

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »