2019-08-07 14:37:16 +00:00
---
layout: default
title: Glossary
nav_order: 1
permalink: /reference/glossary/
parent: Reference
---
# Glossary
2019-08-15 22:07:23 +00:00
For general fuzzing terms, see the [glossary] from [google/fuzzing] project.
2019-08-07 14:37:16 +00:00
[glossary]: https://github.com/google/fuzzing/blob/master/docs/glossary.md
[google/fuzzing]: https://github.com/google/fuzzing
- TOC
{:toc}
---
## OSS-Fuzz specific terms
### ClusterFuzz
A scalable fuzzing infrastructure that is used for OSS-Fuzz backend.
[ClusterFuzz] is also used to fuzz Chrome and many other projects. A quick
overview of ClusterFuzz user interface is available on this [page].
2019-08-21 22:10:15 +00:00
[page]: {{ site.baseurl }}/further-reading/clusterfuzz
2019-08-07 14:37:16 +00:00
[ClusterFuzz]: https://github.com/google/clusterfuzz
### Fuzz Target
2020-04-09 05:27:04 +00:00
In addition to its
[general definition ](https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzz-target ),
in OSS-Fuzz a fuzz target can be used to
[reproduce bug reports ]({{ site.baseurl }}/advanced-topics/reproducing/ ).
It is recommended to use it for regression testing as well (see
[ideal integration ]({{ site.baseurl }}/advanced-topics/ideal-integration/ )).
2019-08-07 14:37:16 +00:00
### Job type
Or **Fuzzer Build** .
This refers to a build that contains all the [fuzz targets] for a given
[project ](#project ), is run with a specific [fuzzing engine], in a specific
build mode (e.g. with enabled/disabled assertions), and optionally combined
with a [sanitizer].
For example, we have a "libfuzzer_asan_sqlite" job type, indicating a build of
all sqlite3 [fuzz targets] using [libFuzzer ](http://libfuzzer.info ) and
[ASan ](http://clang.llvm.org/docs/AddressSanitizer.html ).
### Project
A project is an open source software project that is integrated with OSS-Fuzz.
Each project has a single set of configuration files
(example: [expat ](https://github.com/google/oss-fuzz/tree/master/projects/expat ))
and may have one or more [fuzz targets]
(example: [openssl ](https://github.com/openssl/openssl/blob/master/fuzz/ )).
### Reproducer
Or a **testcase** .
A [test input] that causes a specific bug to reproduce.
[fuzz targets]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzz-target
[fuzzing engine]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzzing-engine
[sanitizer]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#sanitizer
[test input]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#test-input
### Sanitizers
Fuzzers are usually built with one or more [sanitizer ](https://github.com/google/sanitizers ) enabled.
```bash
2019-08-15 22:07:23 +00:00
$ python infra/helper.py build_fuzzers --sanitizer undefined json
2019-08-07 14:37:16 +00:00
```
Supported sanitizers:
2019-08-15 22:07:23 +00:00
| Sanitizer | Description
2019-08-07 14:37:16 +00:00
| ------------ | ----------
| `address` *(default)* | [Address Sanitizer ](https://github.com/google/sanitizers/wiki/AddressSanitizer ) with [Leak Sanitizer ](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer ).
| `undefined` | [Undefined Behavior Sanitizer ](http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html ).
| `memory` | [Memory Sanitizer ](https://github.com/google/sanitizers/wiki/MemorySanitizer ).< br /> *NOTE: It is critical that you build __all__ the code in your program (including libraries it uses) with Memory Sanitizer. Otherwise, you will see false positive crashes due to an inability to see initializations in uninstrumented code.*
2019-08-15 22:07:23 +00:00
| `coverage` | Used for generating code coverage reports. See [Code Coverage doc ]({{ site.baseurl }}/advanced-topics/code-coverage/ ).
2019-08-07 14:37:16 +00:00
Compiler flag values for predefined configurations are specified in the [Dockerfile ](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/Dockerfile ).
These flags can be overridden by specifying `$SANITIZER_FLAGS` directly.
2019-08-19 21:07:33 +00:00
You can choose which configurations to automatically run your fuzzers with in `project.yaml` file (e.g. [sqlite3 ](https://github.com/google/oss-fuzz/tree/master/projects/sqlite3/project.yaml )).
### Architectures
ClusterFuzz supports fuzzing on x86_64 (aka x64) by default. However you can also fuzz using AddressSanitizer and libFuzzer on i386 (aka x86, or 32 bit) by specifiying the `$ARCHITECTURE` build environment variable using the `--architecture` option:
```bash
python infra/helper.py build_fuzzers --architecture i386 json
```