oss-fuzz/docs/reference.md

# Reference

## Sanitizers

Fuzzers are usually built with one or more  [sanitizer](https://github.com/google/sanitizers) enabled. 
You can select sanitizer configuration by specifying `$SANITIZER` build environment variable using `-e` option:

```bash
python infra/helper.py build_fuzzers --sanitizer undefined json
```

Supported sanitizers:

| `$SANITIZER` | Description
| ------------ | ----------
| `address` *(default)* | [Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) with [Leak Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer).
| `undefined` | [Undefined Behavior Sanitizer](http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html).
| `memory` | [Memory Sanitizer](https://github.com/google/sanitizers/wiki/MemorySanitizer).<br/>*NOTE: It is critical that you build __all__ the code in your program (including libraries it uses) with Memory Sanitizer. Otherwise, you will see false positive crashes due to an inability to see initializations in uninstrumented code.*
| `profile` | Used for generating code coverage reports. See [Code Coverage doc](code_coverage.md).

Compiler flag values for predefined configurations are specified in the [Dockerfile](../infra/base-images/base-builder/Dockerfile). 
These flags can be overridden by specifying `$SANITIZER_FLAGS` directly.

You can choose which configurations to automatically run your fuzzers with in `project.yaml` file (e.g. [sqlite3](../projects/sqlite3/project.yaml)):

```yaml
sanitizers:
  - address
  - undefined
```
Create reference.md 2016-12-29 22:31:38 +00:00			`# Reference`

			`## Sanitizers`

Update reference.md 2016-12-30 06:06:54 +00:00			`Fuzzers are usually built with one or more [sanitizer](https://github.com/google/sanitizers) enabled.`
Fix typos and clarify grammar and word choice throughout the OSS-Fuzz docs. (#363) 2017-02-08 03:15:53 +00:00			You can select sanitizer configuration by specifying `$SANITIZER` build environment variable using `-e` option:
Create reference.md 2016-12-29 22:31:38 +00:00
			```bash
Update docs with new --sanitizer flag, fixes #488. (#505) 2017-04-03 15:20:11 +00:00			`python infra/helper.py build_fuzzers --sanitizer undefined json`
Create reference.md 2016-12-29 22:31:38 +00:00			```

			`Supported sanitizers:`

			\| `$SANITIZER` \| Description
			`\| ------------ \| ----------`
			\| `address` (default) \| [Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) with [Leak Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer).
			\| `undefined` \| [Undefined Behavior Sanitizer](http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html).
Fix typos and clarify grammar and word choice throughout the OSS-Fuzz docs. (#363) 2017-02-08 03:15:53 +00:00			\| `memory` \| [Memory Sanitizer](https://github.com/google/sanitizers/wiki/MemorySanitizer).<br/>NOTE: It is critical that you build __all__ the code in your program (including libraries it uses) with Memory Sanitizer. Otherwise, you will see false positive crashes due to an inability to see initializations in uninstrumented code.
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			\| `profile` \| Used for generating code coverage reports. See [Code Coverage doc](code_coverage.md).
Create reference.md 2016-12-29 22:31:38 +00:00
Update reference.md 2016-12-29 22:33:51 +00:00			`Compiler flag values for predefined configurations are specified in the [Dockerfile](../infra/base-images/base-builder/Dockerfile).`
Fix typos in docs (#1934) 2018-11-07 14:20:13 +00:00			These flags can be overridden by specifying `$SANITIZER_FLAGS` directly.
Create reference.md 2016-12-29 22:31:38 +00:00
Update reference.md 2016-12-29 22:34:20 +00:00			You can choose which configurations to automatically run your fuzzers with in `project.yaml` file (e.g. [sqlite3](../projects/sqlite3/project.yaml)):
Update reference.md 2016-12-29 22:32:42 +00:00
			```yaml
			`sanitizers:`
			`- address`
			`- undefined`
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			```