[libFuzzer] Docs: re-write the main page as per the tech writer feedback.
Bug: 539572
Change-Id: I6c3bfd3e8d3d5776eb9037e315a56d3c4a59651b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1717019
Reviewed-by: Jonathan Metzman <[email protected]>
Commit-Queue: Max Moroz <[email protected]>
Cr-Commit-Position: refs/heads/master@{#681461}
diff --git a/testing/libfuzzer/README.md b/testing/libfuzzer/README.md
index 1c48fd7..a93060d 100644
--- a/testing/libfuzzer/README.md
+++ b/testing/libfuzzer/README.md
@@ -1,77 +1,77 @@
-# libFuzzer in Chromium
+# Fuzzing in Chromium
-[go/libfuzzer-chromium](https://goto.google.com/libfuzzer-chromium) (Googler only)
+[go/chrome-fuzzing](https://goto.google.com/chrome-fuzzing) (Googler only)
-*** aside
-[Getting Started](getting_started.md)
-| [Buildbot]
-| [ClusterFuzz Stats]
-| [Cover Bug]
-***
+[Fuzzing] is a testing technique that feeds randomized inputs to a target code
+in an attempt to crash it. It's one of the most effective methods we have for
+finding security and stability issues ([go/fuzzing-success]).
-This directory contains integration between [libFuzzer] and Chromium.
-LibFuzzer is an in-process coverage-driven evolutionary fuzzing engine. It helps
-engineers to uncover potential security & stability problems.
+This documentation covers the in-process guided fuzzing approach employed by
+different fuzzing engines, such as [libFuzzer] or [AFL]. To learn more about
+out-of-process fuzzers, please refer to the [Blackbox fuzzing] page in the
+ClusterFuzz documentation.
-*** note
-**Requirements:** libFuzzer in Chromium is supported with Linux, Chrome OS, Mac,
-and Windows.
-***
+[TOC]
-## Integration Status
+## Getting Started
-Fuzzer tests are well-integrated with Chromium build system and distributed
-ClusterFuzz fuzzing system. Cover bug: [crbug.com/539572].
+In Chromium, you can easily create and submit fuzz targets. The targets are
+automatically discovered by buildbots, built with different fuzzing engines,
+then uploaded to the distributed [ClusterFuzz] fuzzing system to run at scale.
-## Documentation
+Create your first fuzz target and submit it by stepping through our [Getting
+Started Guide].
-* [Getting Started Guide] walks you through all the steps necessary to create
-your fuzz target and submit it to ClusterFuzz.
-* [Efficient Fuzzer Guide] explains how to measure fuzz target effectiveness and
-ways to improve it.
-* [Guide to libprotobuf-mutator (LPM)] walks through the steps necessary to
-create a fuzz target that expects a protobuf as input (instead of a byte
-stream). In addition to fuzzing code that accepts protobufs, it can be used to
-fuzz code that requires multiple mutated inputs, or to generate inputs defined
-by a grammar.
-* [ClusterFuzz Integration] describes integration between ClusterFuzz and
-libFuzzer.
-* [Reproducing Bugs] describes how to reproduce bugs found by libFuzzer/AFL
- and reported by ClusterFuzz.
-* [Fuzzing on Chrome OS] describes how to write fuzzers for the non-browser
- parts of Chrome OS.
-* [AFL Integration] describes AFL's integration with Chromium and ClusterFuzz.
-* [Reference] contains detailed references for different integration parts.
+## Advanced Topics
+
+* Improving fuzz target effectiveness: [Efficient Fuzzer Guide].
+* Creating a fuzz target that expects a protobuf (instead of a byte steam) as
+ input: [Guide to libprotobuf-mutator (LPM)].
+
+ **Note**: you can also use LPM to fuzz code that needs multiple mutated
+ inputs, or to generate inputs defined by a grammar.
+* Reproducing bugs found by libFuzzer/AFL and reported by ClusterFuzz:
+ [Reproducing Bugs].
+
+## Further Reading
+
+* LibFuzzer's integration with Chromium and ClusterFuzz: [LibFuzzer
+ Integration].
+* AFL's integration with Chromium and ClusterFuzz: [AFL Integration].
+* Detailed references for other integration parts: [Reference].
+* Writing fuzzers for the non-browser parts of Chrome OS: [Fuzzing on Chrome
+ OS].
## Trophies
-* [ClusterFuzz Bugs] - issues found and automatically filed by ClusterFuzz.
-* [Manual Bugs] - issues that were filed manually after running fuzz targets.
-* [Pdfium Bugs] - bugs found in pdfium by manual fuzzing.
-* [OSS Trophies] - bugs found with libFuzzer in open-source projects.
+* Issues found with in-process fuzzing and automatically filed by ClusterFuzz:
+ [ClusterFuzz Bugs].
+* Issues filed manually after running fuzz targets: [Manual Bugs].
+* Bugs found in PDFium by manual fuzzing: [PDFium Bugs].
+* Bugs found with libFuzzer in open-source projects: [OSS Trophies].
+## Other Links
+* [Guided in-process fuzzing of Chrome components] blog post.
+* [ClusterFuzz Stats] for fuzz targets built with AddressSanitizer and
+ libFuzzer.
-## Blog Posts
-* [Guided in-process fuzzing of Chrome components].
-
-## Project Links
-* [libFuzzer Infrastructure Bugs]
-
-[Buildbot]: https://ci.chromium.org/p/chromium/g/chromium.fuzz/builders
-[Cover Bug]: https://bugs.chromium.org/p/chromium/issues/detail?id=539572
-[Getting Started Guide]: getting_started.md
-[Efficient Fuzzer Guide]: efficient_fuzzer.md
-[Guide to libprotobuf-mutator (LPM)]: libprotobuf-mutator.md
-[ClusterFuzz Integration]: clusterfuzz.md
-[Reproducing Bugs]: reproducing.md
-[Reference]: reference.md
-[AFL Integration]: AFL.md
-[ClusterFuzz Bugs]: https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label:Stability-LibFuzzer%20label:ClusterFuzz&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified
+[AFL]: http://lcamtuf.coredump.cx/afl/
+[AFL Integration]: AFL_integration.md
+[Blackbox fuzzing]: https://google.github.io/clusterfuzz/setting-up-fuzzing/blackbox-fuzzing/
+[ClusterFuzz]: https://clusterfuzz.com/
+[ClusterFuzz Bugs]: https://bugs.chromium.org/p/chromium/issues/list?sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified&q=label%3AStability-LibFuzzer%2CStability-AFL%20label%3AClusterFuzz%20-status%3AWontFix%2CDuplicate&can=1
[ClusterFuzz Stats]: https://clusterfuzz.com/fuzzer-stats/by-fuzzer/fuzzer/libFuzzer/job/libfuzzer_chrome_asan
-[Pdfium Bugs]: https://bugs.chromium.org/p/pdfium/issues/list?can=1&q=libfuzzer&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles
+[Efficient Fuzzer Guide]: efficient_fuzzer.md
+[Fuzzing]: https://en.wikipedia.org/wiki/Fuzzing
+[Fuzzing on Chrome OS]: https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md
+[Getting Started Guide]: getting_started.md
+[Guide to libprotobuf-mutator (LPM)]: libprotobuf-mutator.md
+[Guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
[Manual Bugs]: https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3AStability-LibFuzzer+-label%3AClusterFuzz&sort=-modified&colspec=ID+Pri+M+Stars+ReleaseBlock+Component+Status+Owner+Summary+OS+Modified&x=m&y=releaseblock&cells=ids
[OSS Trophies]: http://llvm.org/docs/LibFuzzer.html#trophies
-[Guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
+[PDFium Bugs]: https://bugs.chromium.org/p/pdfium/issues/list?can=1&q=libfuzzer&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles
+[Reference]: reference.md
+[Reproducing Bugs]: reproducing.md
[crbug.com/539572]: https://bugs.chromium.org/p/chromium/issues/detail?id=539572
+[go/fuzzing-success]: https://goto.google.com/fuzzing-success
[libFuzzer]: http://llvm.org/docs/LibFuzzer.html
-[libFuzzer Infrastructure Bugs]: https://bugs.chromium.org/p/chromium/issues/list?q=label:LibFuzzer-Infra
-[Fuzzing on Chrome OS]: https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md
+[libFuzzer Integration]: libFuzzer_integration.md
