From 3a22d409962d361309ca40d79767323235d468a0 Mon Sep 17 00:00:00 2001
From: Max Moroz <mmoroz@chromium.org>
Date: Tue, 6 Aug 2019 08:18:46 -0700
Subject: [PATCH] [docs] Update the glossary page to depend on google/fuzzing
 repo + minor tweaks. (#2659)

* [docs] Update the glossary page to depend on google/fuzzing repo + minor tweaks.

* fix a broken link
---
 docs/glossary.md | 102 +++++++++++++++--------------------------------
 1 file changed, 33 insertions(+), 69 deletions(-)

diff --git a/docs/glossary.md b/docs/glossary.md
index 67e32a1c8..8f9b7f238 100644
--- a/docs/glossary.md
+++ b/docs/glossary.md
@@ -1,91 +1,55 @@
 # Glossary
 
-Naming things is hard, so this page tries to reduce confusion around fuzzing-related terminology.
+For general fuzzing terms, see the [glossary] from [google/fuzzing] project,
 
-## Corpus
-Or **test corpus**, or **fuzzing corpus**.<BR>
-A set of [test inputs](#test-input). In most contexts, it refers to a set of minimal test inputs that generate maximal code coverage.
+[glossary]: https://github.com/google/fuzzing/blob/master/docs/glossary.md
+[google/fuzzing]: https://github.com/google/fuzzing
 
-## Cross-pollination
-The term is taken from botany, where one plant pollinates a plant of another variety.
-In fuzzing, cross-pollination means using a corpus for one
-[fuzz target](#fuzz-target) to expand a [corpus](#corpus) for another fuzz target.
-For example, if there are two libraries that process the same common data
-format, it is often benefitial to cross-pollinate their respective corpora.
+## OSS-Fuzz specific terms
 
-## Fuzz Target
-Or **Target Function**, or **Fuzzing Target Function**, or **Fuzzing Entry Point**.<BR>
-A function to which we apply fuzzing. A [specific signature](http://libfuzzer.info#fuzz-target) is required for OSS-Fuzz.
-Examples: [openssl](https://github.com/openssl/openssl/blob/master/fuzz/x509.c),
-[re2](https://github.com/google/re2/blob/master/re2/fuzzing/re2_fuzzer.cc),
-[SQLite](https://www.sqlite.org/src/artifact/ad79e867fb504338).
+### ClusterFuzz
 
-A fuzz target can be used to [reproduce bug reports](reproducing.md). 
-It is recommended to use it for regression testing as well (see [ideal integration](ideal_integration.md)).
+A scalable fuzzing infrastructure that is used for OSS-Fuzz backend.
+[ClusterFuzz] is also used to fuzz Chrome and many other projects. A quick
+overview of ClusterFuzz user interface is available on this [page].
 
-## Fuzzer
+[page]: clusterfuzz.md
+[ClusterFuzz]: https://github.com/google/clusterfuzz
 
-The most overloaded term and used in a variety of contexts, which makes it bad.
-Sometimes, "Fuzzer" is referred to a [fuzz target](#fuzz-target), 
-a [fuzzing engine](#fuzzing-engine),
-a [mutation engine](#mutation-engine),
-a [test generator](#test-generator) or 
-a [fuzzer build](#job-type).
+### Fuzz Target
 
-## Fuzzing Engine
+In addition to its general definition, in OSS-Fuzz a fuzz target can be used to
+[reproduce bug reports](reproducing.md). It is recommended to use it for
+regression testing as well (see [ideal integration](ideal_integration.md)).
 
-A tool that tries to find interesting inputs for a [fuzz target](#fuzz-target) by executing it.
-Examples: [libFuzzer](http://libfuzzer.info),
-[AFL](lcamtuf.coredump.cx/afl/),
-[honggfuzz](https://github.com/google/honggfuzz), etc 
+### Job type
 
-See related terms [Mutation Engine](#mutation-engine) and [Test Generator](#test-generator).
+Or **Fuzzer Build**.
 
-## Job type
+This refers to a build that contains all the [fuzz targets] for a given
+[project](#project), is run  with a specific [fuzzing engine], in a specific
+build mode (e.g. with enabled/disabled assertions),  and optionally combined
+with a [sanitizer].
 
-Or **Fuzzer Build**.<BR>
-A [ClusterFuzz](clusterfuzz.md)-specific term.
-This refers to a build that contains all the [fuzz targets](#fuzz-target) for a given [project](#project), is run 
-with a specific [fuzzing engine](#fuzzing-engine), in a specific build mode (e.g. with enabled/disabled assertions), 
-and optionally combined with a [sanitizer](#sanitizer).
+For example, we have a "libfuzzer_asan_sqlite" job type, indicating a build of
+all sqlite3 [fuzz targets] using  [libFuzzer](http://libfuzzer.info) and
+[ASan](http://clang.llvm.org/docs/AddressSanitizer.html).
 
-For example, we have a "libfuzzer_asan_sqlite" job type, indicating a build of all sqlite3 [fuzz targets](#fuzz-target) using 
-[libFuzzer](http://libfuzzer.info) and [ASan](http://clang.llvm.org/docs/AddressSanitizer.html).
-
-
-## Mutation Engine
-A tool that takes a set of testcases as input and creates their mutated versions. 
-It is just a generator and does not feed the mutations to [fuzz target](#fuzz-target).
-Example: [radamsa](https://github.com/aoh/radamsa) (a generic test mutator).
-
-## Project
+### Project
 
 A project is an open source software project that is integrated with OSS-Fuzz.
 Each project has a single set of configuration files 
-(example: [expat](https://github.com/google/oss-fuzz/tree/master/projects/expat)) and 
-may have one or more [fuzz targets](#fuzz-target) 
+(example: [expat](https://github.com/google/oss-fuzz/tree/master/projects/expat))
+and  may have one or more [fuzz targets]
 (example: [openssl](https://github.com/openssl/openssl/blob/master/fuzz/)). 
 
-## Reproducer 
-Or a **testcase**.<BR>
-A [test input](#test-input) that causes a specific bug to reproduce. 
+### Reproducer
 
-## [Sanitizer](https://github.com/google/sanitizers)
-A [dynamic testing](https://en.wikipedia.org/wiki/Dynamic_testing) tool that can detect bugs during program execution.
-Examples:
-[ASan](http://clang.llvm.org/docs/AddressSanitizer.html),
-[DFSan](http://clang.llvm.org/docs/DataFlowSanitizer.html),
-[LSan](http://clang.llvm.org/docs/LeakSanitizer.html),
-[MSan](http://clang.llvm.org/docs/MemorySanitizer.html),
-[TSan](http://clang.llvm.org/docs/ThreadSanitizer.html),
-[UBSan](http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html). 
+Or a **testcase**.
 
-## Test Generator
-A tool that generates testcases from scratch according to some rules or grammar. 
-Examples: 
-[csmith](https://embed.cs.utah.edu/csmith/) (a test generator for C language),
-[cross_fuzz](http://lcamtuf.coredump.cx/cross_fuzz/) (a cross-document DOM binding test generator).
+A [test input] that causes a specific bug to reproduce.
 
-## Test Input
-A sequence of bytes that is used as input to a [fuzz target](#fuzz-target). 
-Typically, a test input is stored in a separate file.
+[fuzz targets]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzz-target
+[fuzzing engine]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzzing-engine
+[sanitizer]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#sanitizer
+[test input]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#test-input