[llvm] r285157 - [libFuzzer] refresh docs

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Tue Oct 25 18:55:18 PDT 2016

Author: kcc
Date: Tue Oct 25 20:55:17 2016
New Revision: 285157

URL: http://llvm.org/viewvc/llvm-project?rev=285157&view=rev
[libFuzzer] refresh docs


Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=285157&r1=285156&r2=285157&view=diff
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Tue Oct 25 20:55:17 2016
@@ -8,18 +8,13 @@ libFuzzer – a library for coverage-
-LibFuzzer is a library for in-process, coverage-guided, evolutionary fuzzing
-of other libraries.
+LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine.
-LibFuzzer is similar in concept to American Fuzzy Lop (AFL_), but it performs
-all of its fuzzing inside a single process.  This in-process fuzzing can be more
-restrictive and fragile, but is potentially much faster as there is no overhead
-for process start-up.
-The fuzzer is linked with the library under test, and feeds fuzzed inputs to the
+LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the
 library via a specific fuzzing entrypoint (aka "target function"); the fuzzer
 then tracks which areas of the code are reached, and generates mutations on the
-corpus of input data in order to maximize the code coverage.  The code coverage
+corpus of input data in order to maximize the code coverage.
+The code coverage
 information for libFuzzer is provided by LLVM's SanitizerCoverage_
@@ -28,8 +23,8 @@ Contact: libfuzzer(#)googlegroups.com
-LibFuzzer is under active development so a current (or at least very recent)
-version of Clang is the only supported variant.
+LibFuzzer is under active development so you will need the current
+(or at least a very recent) version of the Clang compiler.
 (If `building Clang from trunk`_ is too time-consuming or difficult, then
 the Clang binaries that the Chromium developers build are likely to be
@@ -53,7 +48,6 @@ infrastructure and can be used for other
 of LLVM.
 Getting Started
@@ -83,13 +77,12 @@ options. Note that the libFuzzer library
   svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
   # Alternative: get libFuzzer from a dedicated git mirror:
   # git clone https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer
-  clang++ -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
-  ar ruv libFuzzer.a Fuzzer*.o
+  ./Fuzzer/build.sh  # Produces libFuzzer.a
 Then build the fuzzing target function and the library under test using
 the SanitizerCoverage_ option, which instruments the code so that the fuzzer
 can retrieve code coverage information (to guide the fuzzing).  Linking with
-the libFuzzer code then gives an fuzzer executable.
+the libFuzzer code then gives a fuzzer executable.
 You should also enable one or more of the *sanitizers*, which help to expose
 latent bugs by making incorrect behavior generate errors at runtime:
@@ -834,7 +827,7 @@ Q. What about Windows then? The fuzzer c
 Volunteers are welcome.
-Q. When this Fuzzer is not a good solution for a problem?
+Q. When libFuzzer is not a good solution for a problem?
 * If the test inputs are validated by the target library and the validator

More information about the llvm-commits mailing list