Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/docs/glossary.md

3.4 KiB
Raw Blame History

OSS-Fuzz Glossary

WORK-IN-PROGRESS

Naming things is hard.
This page tries to reduce confusion around fuzz-related terminology.

Fuzz Target

Or Target Function or Fuzzing Target Function, or Fuzzing Entry Point.
A function to which we apply fuzzing. A specific signature must be used for OSS-Fuzz. Examples: openssl, SQLite, re2.

A Fuzz Target can and should also be used for regression testing and for reproducing bug reports, see ideal integration.

Library Config

???Any better name???

OSS-Fuzz-specific term.
OSS-Fuzz applies fuzzing to Fuzz Targets that test APIs of some specific opensource library (or sometimes, internal functions of some application). One library may have more than one Fuzz Target (example: openssl), but OSS-Fuzz will have a single set of configuration files for such library. This is what we call Library Config.

Fuzzing Engine

A tool that tries to find interesting inputs for a Fuzz Target by executing it. Examples: libFuzzer, AFL, honggfuzz, etc

See also Mutation Engine and Test Generator.

Job type

A ClusterFuzz specific term. This refers to a build of all fuzz targets for a given library (see library config) with a specific fuzzing engine, in a specific build mode (e.g. with enabled or disabled assertions), optionally combined with a sanitizer.

For example, we have a "libfuzzer_asan_sqlite" job type, indicating a build of all sqlite3 fuzz target using libFuzzer and ASan.

Test Input

A sequence of bytes that is used as the input to a Fuzz Target. Typicaly, a test input is stored in a separate file.

Reproducer

Or a testcase.
A Test Input that causes a specific bug to reproduce.

Corpus

Or test corpus, or fuzzing corpus. A set of test inputs.

Mutation Engine

A tool that take a set of testcases and creates their mutations, but do not directly feed the mutations to Fuzz Targets. Example: Radamsa,

Test Generator

A tool that generates testcases according to some rules or grammar. Example: csmith (a test generator for the C language).

Sanitizer

A dynamic testing tool that can detect bugs during program execution. An incomplete list: ASan, MSan, TSan, LSan, UBSan.

Fuzzer

The most overloaded term, which makes it bad (maybe, we should try avoiding it?). Sometimes the "Fuzzer" is referred to a fuzz target, sometimes to a fuzzing engine, mutation engine, or a test generator. sometimes to a fuzzer build.