• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1---
2layout: default
3title: Glossary
4nav_order: 1
5permalink: /reference/glossary/
6parent: Reference
7---
8
9# Glossary
10
11For general fuzzing terms, see the [glossary] from [google/fuzzing] project.
12
13[glossary]: https://github.com/google/fuzzing/blob/master/docs/glossary.md
14[google/fuzzing]: https://github.com/google/fuzzing
15
16- TOC
17{:toc}
18---
19
20## OSS-Fuzz specific terms
21
22### ClusterFuzz
23
24A scalable fuzzing infrastructure that is used for OSS-Fuzz backend.
25[ClusterFuzz] is also used to fuzz Chrome and many other projects. A quick
26overview of ClusterFuzz user interface is available on this [page].
27
28[page]: {{ site.baseurl }}/further-reading/clusterfuzz
29[ClusterFuzz]: https://github.com/google/clusterfuzz
30
31### Fuzz Target
32
33In addition to its
34[general definition](https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzz-target),
35in OSS-Fuzz a fuzz target can be used to
36[reproduce bug reports]({{ site.baseurl }}/advanced-topics/reproducing/).
37It is recommended to use it for regression testing as well (see
38[ideal integration]({{ site.baseurl }}/advanced-topics/ideal-integration/)).
39
40### Job type
41
42Or **Fuzzer Build**.
43
44This refers to a build that contains all the [fuzz targets] for a given
45[project](#project), is run with a specific [fuzzing engine], in a specific
46build mode (e.g. with enabled/disabled assertions), and optionally combined
47with a [sanitizer].
48
49For example, we have a "libfuzzer_asan_sqlite" job type, indicating a build of
50all sqlite3 [fuzz targets] using [libFuzzer](http://libfuzzer.info) and
51[ASan](http://clang.llvm.org/docs/AddressSanitizer.html).
52
53### Project
54
55A project is an open source software project that is integrated with OSS-Fuzz.
56Each project has a single set of configuration files
57(example: [expat](https://github.com/google/oss-fuzz/tree/master/projects/expat))
58and may have one or more [fuzz targets]
59(example: [openssl](https://github.com/openssl/openssl/blob/master/fuzz/)).
60
61### Reproducer
62
63Or a **testcase**.
64
65A [test input] that causes a specific bug to reproduce.
66
67[fuzz targets]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzz-target
68[fuzzing engine]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzzing-engine
69[sanitizer]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#sanitizer
70[test input]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#test-input
71
72### Sanitizers
73
74Fuzzers are usually built with one or more [sanitizer](https://github.com/google/sanitizers) enabled.
75
76```bash
77$ python infra/helper.py build_fuzzers --sanitizer undefined json
78```
79
80Supported sanitizers:
81
82| Sanitizer | Description
83| ------------ | ----------
84| `address` *(default)* | [Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) with [Leak Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer).
85| `undefined` | [Undefined Behavior Sanitizer](http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html).
86| `memory` | [Memory Sanitizer](https://github.com/google/sanitizers/wiki/MemorySanitizer).<br/>*NOTE: It is critical that you build __all__ the code in your program (including libraries it uses) with Memory Sanitizer. Otherwise, you will see false positive crashes due to an inability to see initializations in uninstrumented code.*
87| `coverage` | Used for generating code coverage reports. See [Code Coverage doc]({{ site.baseurl }}/advanced-topics/code-coverage/).
88
89Compiler flag values for predefined configurations are specified in the [Dockerfile](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/Dockerfile).
90These flags can be overridden by specifying `$SANITIZER_FLAGS` directly.
91
92You can choose which configurations to automatically run your fuzzers with in `project.yaml` file (e.g. [sqlite3](https://github.com/google/oss-fuzz/tree/master/projects/sqlite3/project.yaml)).
93
94### Architectures
95ClusterFuzz supports fuzzing on x86_64 (aka x64) by default. However you can also fuzz using AddressSanitizer and libFuzzer on i386 (aka x86, or 32 bit) by specifying the `$ARCHITECTURE` build environment variable using the `--architecture` option:
96
97```bash
98python infra/helper.py build_fuzzers --architecture i386 json
99```
100