oss-fuzz/docs/clusterfuzz.md

47 lines
2.0 KiB
Markdown
Raw Normal View History

# ClusterFuzz
2016-11-18 20:32:51 +00:00
[ClusterFuzz](https://blog.chromium.org/2012/04/fuzzing-for-security.html) is the distributed fuzzing infrastructure behind OSS-Fuzz. It was initially built
2016-11-18 20:05:42 +00:00
for fuzzing Chrome at scale.
## Web interface
2017-03-15 20:09:03 +00:00
ClusterFuzz provides a [web interface](https://oss-fuzz.com)
2016-11-30 16:29:19 +00:00
to view statistics about your fuzz targets, as well as current crashes.
2017-03-15 16:25:56 +00:00
*Note*: Access is restricted to project developers who we auto CC on new bug reports.
2017-03-15 20:09:03 +00:00
## Testcase reports
ClusterFuzz will automatically de-duplicate and file reproducible crashes into
our [bug tracker](https://bugs.chromium.org/p/monorail). We provide a crash
report page that gives you the stack trace, a link to the crashing testcase, and
regression ranges where the bug was most likely introduced.
![report](https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/pcre2_testcase.png)
## Fuzzer stats
2016-11-30 16:29:19 +00:00
You can view statistics about your fuzz targets (e.g. speed, coverage information,
2016-11-18 20:05:42 +00:00
memory usage) on our fuzzer statistics dashboard.
2017-03-15 20:09:03 +00:00
![stats](https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/freetype_stats.png)
## Coverage reports
2017-03-15 20:09:03 +00:00
We provide coverage reports, where we highlight the parts of source code that are being
2017-04-21 14:55:58 +00:00
reached by your fuzz target. Make sure to look at the uncovered code marked in red and
add appropriate fuzz targets to cover those usecases.
2017-03-15 20:09:03 +00:00
![coverage_1](https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/freetype_coverage_1.png)
![coverage_2](https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/freetype_coverage_2.png)
2017-03-15 20:09:03 +00:00
## Performance analyzer
2017-04-21 14:55:58 +00:00
You can view performance issues that your fuzz target is running into (e.g. leaks, timeouts,
etc) by clicking on `Performance` link on our fuzzer statistics dashboard. Make sure to fix
all cited issues, so as to keep your fuzz target running efficiently and finding new bugs.
![performance_analyzer](https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/expat_performance_analyzer.png)