Google Git
Sign in
chromium/chromium/src/testing/libfuzzer/a09d055e6eeaafaa67c84ff6b8d4263dece63fe0
commit
a09d055e6eeaafaa67c84ff6b8d4263dece63fe0
[log]
author
Jocelyn Tran <[email protected]>
Tue Mar 17 22:34:04 2026
committer
Copybara-Service <[email protected]>
Tue Mar 17 22:36:38 2026
tree
a7a4dc862488041ebb427a8c5508524e5c77398f
parent
8f72f0f652a70f185a6ae045fa61d50330bed434 [diff]
Improve fuzz test coverage generation guide

Refactors the guide to improve clarity. Also, adds instructions on how
to view the generated coverage report when building on a remote machine.

Bug: b:478226234
Change-Id: I3b8f14d0a4734a764261c4492c1eeb1908f3bb18
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7674321
Commit-Queue: Jon Toohill <[email protected]>
Reviewed-by: Jon Toohill <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1600846}
NOKEYCHECK=True
GitOrigin-RevId: aa097354e6d4c364bd784ea941db94898c2b396e
1 file changed
tree: a7a4dc862488041ebb427a8c5508524e5c77398f
  1. fuzzer_support_ios/
  2. fuzzers/
  3. fuzzilli/
  4. proto/
  5. renderer_fuzzing/
  6. research/
  7. tests/
  8. AFL_integration.md
  9. archive_corpus.py
  10. BUILD.gn
  11. confirm_fuzztest_init.cc
  12. confirm_fuzztests.py
  13. dictionary_generator.py
  14. efficient_fuzzing.md
  15. fuzz_test_coverage.md
  16. fuzzer_test.gni
  17. fuzzing_browsertests.md
  18. fuzztest_init_helper.cc
  19. fuzztest_init_helper.h
  20. fuzztest_wrapper.cpp
  21. gen_fuzzer_config.py
  22. gen_fuzzer_owners.py
  23. getting_started.md
  24. getting_started_with_libfuzzer.md
  25. libfuzzer_base_wrappers.h
  26. libfuzzer_exports.h
  27. libFuzzer_integration.md
  28. libprotobuf-mutator.md
  29. OWNERS
  30. README.md
  31. reference.md
  32. reproducing.md
  33. unittest_main.cc
  34. zip_sources.py
README.md

Fuzzing in Chromium

go/chrome-fuzzing

Just got a bug report from ClusterFuzz?: If you want to reproduce a ClusterFuzz crash locally, see How to Reproduce a Crash from ClusterFuzz.

Fuzzing is an automated software testing technique that provides invalid, unexpected, or random data as inputs to a program to find bugs.

Why fuzz? Fuzzing finds thousands of security and stability issues before they reach users (see go/fuzzing-success). For more information about the benefits of fuzzing, see go/why-fuzz.

Where to fuzz? Fuzz code that parses, decodes, or manipulates input from untrusted sources, such as the web.

Getting started

In Chromium, you can create and submit fuzz targets that run continuously at scale on ClusterFuzz.

To get started, choose the fuzzing framework that fits your use case.

FuzzTest (recommended)

We recommend FuzzTest for new fuzzers in Chromium. FuzzTest integrates with the gtest framework. It tests code that accepts structured, typed inputs, such as int, std::string, std::vector, or custom classes.

libFuzzer (deprecated)

libFuzzer tests APIs that consume raw byte buffers, such as image decoders and JSON or XML parsers. Use libFuzzer if you are modifying an existing libFuzzer target or building a grammar-aware fuzzer.

Advanced topics

Getting help

If you have questions or encounter issues,

Dashboard and stats