Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1205)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: testing/libfuzzer/efficient_fuzzer.md

Issue 2610323002: [libfuzzer] support multiple seed_corpus directories. (Closed)
Patch Set: Add missing scripts Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « testing/libfuzzer/archive_corpus.py ('k') | testing/libfuzzer/fuzzer_test.gni » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Efficient Fuzzer 1 # Efficient Fuzzer
2 2
3 This document describes ways to determine your fuzzer efficiency and ways 3 This document describes ways to determine your fuzzer efficiency and ways
4 to improve it. 4 to improve it.
5 5
6 ## Overview 6 ## Overview
7 7
8 Being a coverage-driven fuzzer, libFuzzer considers a certain input *interesting * 8 Being a coverage-driven fuzzer, libFuzzer considers a certain input *interesting *
9 if it results in new coverage. The set of all interesting inputs is called 9 if it results in new coverage. The set of all interesting inputs is called
10 *corpus*. 10 *corpus*.
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
51 `seed_corpus` attribute to fuzzer target: 51 `seed_corpus` attribute to fuzzer target:
52 52
53 ``` 53 ```
54 fuzzer_test("my_protocol_fuzzer") { 54 fuzzer_test("my_protocol_fuzzer") {
55 ... 55 ...
56 seed_corpus = "src/fuzz/testcases" 56 seed_corpus = "src/fuzz/testcases"
57 ... 57 ...
58 } 58 }
59 ``` 59 ```
60 60
61 You may specify multiple seed corpus directories via `seed_corpuses` attribute:
62
63 ```
64 fuzzer_test("my_protocol_fuzzer") {
65 ...
66 seed_corpuses = [ "src/fuzz/testcases", "src/unittest/data" ]
67 ...
68 }
69 ```
70
71 All files found in the directories and their subdirectories will be archived
72 into `%YOUR_FUZZER_NAME%_seed_corpus.zip` output archive.
73
61 If you don't want to store seed corpus in Chromium repository, you can upload 74 If you don't want to store seed corpus in Chromium repository, you can upload
62 corpus to Google Cloud Storage bucket used by ClusterFuzz: 75 corpus to Google Cloud Storage bucket used by ClusterFuzz:
63 76
64 77
65 1) go to [Corpus GCS Bucket] 78 1) go to [Corpus GCS Bucket]
66 79
67 2) open directory named `%YOUR_FUZZER_NAME%_static` 80 2) open directory named `%YOUR_FUZZER_NAME%_static`
68 81
69 3) upload corpus files into the directory 82 3) upload corpus files into the directory
70 83
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after
245 ``` 258 ```
246 259
247 Please note that `dict` parameter should be provided [separately](#Fuzzer-Dictio nary). 260 Please note that `dict` parameter should be provided [separately](#Fuzzer-Dictio nary).
248 Other options may be passed through `libfuzzer_options` property. 261 Other options may be passed through `libfuzzer_options` property.
249 262
250 263
251 [AFL]: http://lcamtuf.coredump.cx/afl/ 264 [AFL]: http://lcamtuf.coredump.cx/afl/
252 [ClusterFuzz status]: clusterfuzz.md#Status-Links 265 [ClusterFuzz status]: clusterfuzz.md#Status-Links
253 [Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus 266 [Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus
254 [issue 638836]: https://bugs.chromium.org/p/chromium/issues/detail?id=638836 267 [issue 638836]: https://bugs.chromium.org/p/chromium/issues/detail?id=638836
OLDNEW
« no previous file with comments | « testing/libfuzzer/archive_corpus.py ('k') | testing/libfuzzer/fuzzer_test.gni » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698