Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(152)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: testing/libfuzzer/reproducing.md

Issue 2280913002: [libfuzzer] Update GN flags for reproducing bugs. (Closed)
Patch Set: Fix grammar and typo. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Reproducing ClusterFuzz bugs locally 1 # Reproducing ClusterFuzz bugs locally
2 2
3 ClusterFuzz will report bugs in the bug tracker in the following form: 3 ClusterFuzz will report bugs in the bug tracker in the following form:
4 4
5 ``` 5 ```
6 Detailed report: https://cluster-fuzz.appspot.com/testcase?key=... 6 Detailed report: https://cluster-fuzz.appspot.com/testcase?key=...
7 7
8 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer 8 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer
9 Job Type: libfuzzer_chrome_asan 9 Job Type: libfuzzer_chrome_asan
10 Platform Id: linux 10 Platform Id: linux
(...skipping 25 matching lines...) Expand all
36 string specified after the "Fuzzer :" in the report, but *without* the 36 string specified after the "Fuzzer :" in the report, but *without* the
37 "libfuzzer_" or "afl_" prefix. In this case, the `$FUZZER_NAME` is 37 "libfuzzer_" or "afl_" prefix. In this case, the `$FUZZER_NAME` is
38 "media_pipeline_integration_fuzzer". 38 "media_pipeline_integration_fuzzer".
39 39
40 3. Follow the steps in one of the subsequent sections (from a chromium 40 3. Follow the steps in one of the subsequent sections (from a chromium
41 checkout). The string specified after the "Job Type: " will be either 41 checkout). The string specified after the "Job Type: " will be either
42 `afl_chrome_asan`, `libfuzzer_chrome_asan`, `libfuzzer_chrome_msan`, or 42 `afl_chrome_asan`, `libfuzzer_chrome_asan`, `libfuzzer_chrome_msan`, or
43 `libfuzzer_chrome_ubsan`, indicating which one to use. 43 `libfuzzer_chrome_ubsan`, indicating which one to use.
44 44
45 45
46 *Notes*:
47
48 * `is_debug`: ClusterFuzz uses release builds by default (`is_debug=false`).
49 For ASan builds, both Debug and Release configurations are supported.
50 Check a job type of the report for presence of `_debug` suffix.
51
52 * `ffmpeg_branding`: For Linux `ffmpeg_branding` should be set to `ChromeOS`.
53 For other platforms, use `ffmpeg_branding=Chrome`.
54
46 ### Reproducing AFL + ASan bugs 55 ### Reproducing AFL + ASan bugs
47 ```bash 56 ```bash
48 $ gn gen out/afl '--args=use_afl=true is_asan=true enable_nacl=false proprietary _codecs=true' 57 $ gn gen out/afl '--args=is_debug=false use_afl=true is_asan=true enable_nacl=fa lse proprietary_codecs=true ffmpeg_branding="ChromeOS"'
49 $ ninja -C out/afl $FUZZER_NAME 58 $ ninja -C out/afl $FUZZER_NAME
50 $ out/afl/$FUZZER_NAME < /path/to/repro 59 $ out/afl/$FUZZER_NAME < /path/to/repro
51 ``` 60 ```
52 61
53 ### Reproducing LibFuzzer + ASan bugs 62 ### Reproducing LibFuzzer + ASan bugs
54 63
55 ```bash 64 ```bash
56 $ gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true enable_nacl=false proprietary_codecs=true' 65 $ gn gen out/libfuzzer '--args=is_debug=false use_libfuzzer=true is_asan=true en able_nacl=false proprietary_codecs=true ffmpeg_branding="ChromeOS"'
57 $ ninja -C out/libfuzzer $FUZZER_NAME 66 $ ninja -C out/libfuzzer $FUZZER_NAME
58 $ out/libfuzzer/$FUZZER_NAME /path/to/repro 67 $ out/libfuzzer/$FUZZER_NAME /path/to/repro
59 ``` 68 ```
60 69
61 ### Reproducing LibFuzzer + MSan bugs 70 ### Reproducing LibFuzzer + MSan bugs
62 71
63 ```bash 72 ```bash
64 # The gclient sync is necessary to pull in instrumented libraries. 73 # The gclient sync is necessary to pull in instrumented libraries.
65 $ GYP_DEFINES='msan=1 use_prebuilt_instrumented_libraries=1' gclient sync 74 $ GYP_DEFINES='msan=1 use_prebuilt_instrumented_libraries=1' gclient sync
66 $ gn gen out/libfuzzer '--args=use_libfuzzer=true is_msan=true msan_track_origin s=2 use_prebuilt_instrumented_libraries=true enable_nacl=false proprietary_codec s=true' 75 $ gn gen out/libfuzzer '--args=is_debug=false use_libfuzzer=true is_msan=true ms an_track_origins=2 use_prebuilt_instrumented_libraries=true enable_nacl=false pr oprietary_codecs=true ffmpeg_branding="ChromeOS"'
67 $ ninja -C out/libfuzzer $FUZZER_NAME 76 $ ninja -C out/libfuzzer $FUZZER_NAME
68 $ out/libfuzzer/$FUZZER_NAME /path/to/repro 77 $ out/libfuzzer/$FUZZER_NAME /path/to/repro
69 ``` 78 ```
70 79
71 ### Reproducing LibFuzzer + UBSan bugs 80 ### Reproducing LibFuzzer + UBSan bugs
72 81
73 ```bash 82 ```bash
74 $ gn gen out/libfuzzer '--args=use_libfuzzer=true is_ubsan_security=true enable_ nacl=false proprietary_codecs=true' 83 $ gn gen out/libfuzzer '--args=is_debug=false use_libfuzzer=true is_ubsan_securi ty=true enable_nacl=false proprietary_codecs=true ffmpeg_branding="ChromeOS"'
75 $ ninja -C out/libfuzzer $FUZZER_NAME 84 $ ninja -C out/libfuzzer $FUZZER_NAME
76 $ export UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1 85 $ export UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1
77 $ out/libfuzzer/$FUZZER_NAME /path/to/repro 86 $ out/libfuzzer/$FUZZER_NAME /path/to/repro
78 ``` 87 ```
79 88
80 *Note*: ClusterFuzz uses release builds by default, so it may be worth adding
81 "is_debug=false" to your GN args if you are having trouble reproducing a
82 particular report.
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698