0
Files
src/testing/libfuzzer
Michael Achenbach 85d03692df [fuzzing] Add high-end ASAN centipede builder with dchecks
This adds a centipede builder that only builds the V8 fuzzer
targets, which require dchecks to find the most useful bugs.

This is similar to https://crrev.com/c/6434210 but with centipede
for the high-end builder config. Centipede has a much better
performance as libFuzzer according to the stats.

After a grace period, we'll disable the V8 targets on the
high-end release builder without dchecks.

By only building V8 targets, this builder will be quite fast and
won't have a long cycle time.

Bug: 408843424
Change-Id: I9c421c2ef6b8295a31cb035adf3fd3e96057f966
Cq-Include-Trybots: luci.chromium.try:linux-centipede-asan-rel
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6540831
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Paul Semel <paulsemel@chromium.org>
Reviewed-by: Ben Pastene <bpastene@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1459930}
2025-05-14 01:27:08 -07:00
..

Fuzz testing in Chromium

go/chrome-fuzzing

Fuzzing is a testing technique that feeds auto-generated inputs to a piece of target code in an attempt to crash the code. It's one of the most effective methods we have for finding security and stability issues (see go/fuzzing-success). You can learn more about the benefits of fuzzing at go/why-fuzz.

This documentation covers the in-process guided fuzzing approach employed by different fuzzing engines, such as libFuzzer or [AFL]. To learn more about out-of-process fuzzers, please refer to the Blackbox fuzzing page in the ClusterFuzz documentation.

[TOC]

Getting Started

In Chromium, you can easily create and submit fuzz targets. The targets are automatically discovered by buildbots, built with different fuzzing engines, then uploaded to the distributed ClusterFuzz fuzzing system to run at scale.

You should fuzz any code which absorbs inputs from untrusted sources, such as the web. If the code parses, decodes, or otherwise manipulates that input, it's an especially good idea to fuzz it.

Create your first fuzz target and submit it by stepping through our Getting Started Guide.

Advanced Topics

Further Reading

Trophies