libFuzzer documentation fixes.

R=mmoroz@chromium.org,ochang@chromium.org

Bug: 
Change-Id: I2f1d8ecbdceb8583b4b387773a46966e52a21007
Reviewed-on: https://chromium-review.googlesource.com/796715Reviewed-by: Max Moroz <mmoroz@chromium.org>
Commit-Queue: Abhishek Arya <inferno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#520132}

testing/libfuzzer/README.md

-# libFuzzer in Chrome
+# libFuzzer in Chromium
 
-[go/libfuzzer-chrome](https://goto.google.com/libfuzzer-chrome)
+[go/libfuzzer-chromium](https://goto.google.com/libfuzzer-chromium) (Googler only)
 
 *** aside
 [Getting Started](getting_started.md)
-| [Buildbot](https://goto.google.com/libfuzzer-clusterfuzz-buildbot)
-| [ClusterFuzz Status](https://goto.google.com/libfuzzer-clusterfuzz-status)
+| [Buildbot](https://build.chromium.org/p/chromium.fyi/buildslaves/slave43-c1)
+| [ClusterFuzz Status](https://clusterfuzz.com/v2/fuzzer-stats)
 | [Cover Bug]
 ***
 
-This directory contains integration between [libFuzzer] and Chrome.
+This directory contains integration between [libFuzzer] and Chromium.
 libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps
 engineers to uncover potential security & stability problems earlier.
 
 *** note
-**Requirements:** libFuzzer in Chrome is supported with GN on Mac and Linux only.
+**Requirements:** libFuzzer in Chromium is supported with Linux and Mac only.
 ***
 
 ## Integration Status
 
-Fuzzer tests are well-integrated with Chrome build system & distributed
+Fuzzer tests are well-integrated with Chromium build system and distributed
 ClusterFuzz fuzzing system. Cover bug: [crbug.com/539572].
 
 ## Documentation

testing/libfuzzer/clusterfuzz.md

 # libFuzzer and ClusterFuzz Integration
 
-*** note
-Most links on this page are private.
-***
-
-ClusterFuzz is a distributed fuzzing infrastructure 
-([go/clusterfuzz](https://goto.google.com/clusterfuzz)) that automatically
+ClusterFuzz is a distributed fuzzing infrastructure that automatically
 executes libFuzzer tests on scale.
 
+Googlers can read more [here](https://goto.google.com/clusterfuzz).
+
 ## Status Links
 
 * [Buildbot] - status of all libFuzzer builds.
@@ -27,12 +24,11 @@ builds fuzzers with multiple sanitizers and uploads binaries to a special
 GCS bucket. Build bot recipe is defined in [chromium_libfuzzer.py].
 * ClusterFuzz downloads new binaries once a day and runs fuzzers continuously.
 * Fuzzer run logs are uploaded to [ClusterFuzz libFuzzer Logs] GCS bucket.
-* Fuzzing corpus is maintained for each fuzzer in [Corpus GCS Bucket]. Once a day
+* Fuzzing corpus is maintained for each fuzzer in [Corpus GCS Bucket]. Once a day,
 corpus is minimized to reduce number of duplicates and/or reduce effect of 
 parasitic coverage. 
 * [ClusterFuzz Fuzzer Status] displays fuzzer runtime 
-metrics as well as provides links to crashes and coverage reports. The information
-is collected every 30 minutes.
+metrics as well as provides links to crashes and coverage reports.
 
 
 ## Corpus
@@ -49,9 +45,9 @@ A fuzzer has two input corpus directories, seed and general, but its output
 goes into general corpus directory. Seed corpus is read-only.
 
 
-[Buildbot]: https://goto.google.com/libfuzzer-clusterfuzz-buildbot
+[Buildbot]: https://build.chromium.org/p/chromium.fyi/buildslaves/slave43-c1
 [chromium_libfuzzer.py]: https://code.google.com/p/chromium/codesearch#chromium/build/scripts/slave/recipes/chromium_libfuzzer.py
-[ClusterFuzz Fuzzer Status]: https://goto.google.com/libfuzzer-clusterfuzz-status
-[ClusterFuzz libFuzzer Logs]: https://goto.google.com/libfuzzer-clusterfuzz-logs
-[Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus
+[ClusterFuzz Fuzzer Status]: https://clusterfuzz.com/v2/fuzzer-stats
+[ClusterFuzz libFuzzer Logs]: https://console.cloud.google.com/storage/browser/clusterfuzz-libfuzzer-logs
+[Corpus GCS Bucket]: https://console.cloud.google.com/storage/clusterfuzz-corpus/libfuzzer
 [fuzzer_test.gni]: https://code.google.com/p/chromium/codesearch#chromium/src/testing/libfuzzer/fuzzer_test.gni

testing/libfuzzer/efficient_fuzzer.md

@@ -23,7 +23,7 @@ There are several metrics you should look at to determine your fuzzer effectiven
 
 * [Fuzzer Speed](#Fuzzer-Speed)
 * [Corpus Size](#Corpus-Size)
-* [Coverage](#Coverage)
+* [Code Coverage](#Code-Coverage)
 
 You can collect these metrics manually or take them from [ClusterFuzz status]
 pages after a fuzzer is checked in Chromium repository.
@@ -301,7 +301,7 @@ All other options can be passed using `libfuzzer_options` property.
 
 [AFL]: http://lcamtuf.coredump.cx/afl/
 [ClusterFuzz status]: clusterfuzz.md#Status-Links
-[Corpus GCS Bucket]: https://goto.google.com/libfuzzer-clusterfuzz-corpus
+[Corpus GCS Bucket]: https://console.cloud.google.com/storage/clusterfuzz-corpus/libfuzzer
 [issue 638836]: https://bugs.chromium.org/p/chromium/issues/detail?id=638836
 [coverage script]: https://cs.chromium.org/chromium/src/testing/libfuzzer/coverage.py
 [gsutil]: https://cloud.google.com/storage/docs/gsutil

testing/libfuzzer/getting_started.md

-# Getting Started with libFuzzer in Chrome
+# Getting Started with libFuzzer in Chromium
 
-***
-**Prerequisites:** libFuzzer in Chrome is supported with GN on Linux and Mac only.
+*** note
+**Prerequisites:** libFuzzer in Chromium is supported on Linux and Mac only.
 ***
 
 This document will walk you through:

testing/libfuzzer/libprotobuf-mutator.md

-# Getting Started with libprotobuf-mutator in Chrome
+# Getting Started with libprotobuf-mutator in Chromium
 
 *** note
 **Note:** libprotobuf-mutator (LPM) is new to Chromium and does not (yet) have a

testing/libfuzzer/reference.md

 # libFuzzer Integration Reference
 
-## Extra sanitizer configuration
+## Additional sanitizer configuration
 
 ### MSan
 
@@ -12,13 +12,12 @@ GYP_DEFINES='use_goma=1 msan=1 use_prebuilt_instrumented_libraries=1' gclient ru
 
 ### UBSan
 
-By default UBSan doesn't crash once undefined behavior has been detected.
-To make it crash the following additional option should be provided:
+By default, UBSan does not crash when undefined behavior is detected.
+To make it crash, the following option needs to be set in environment:
 ```bash
 UBSAN_OPTIONS=halt_on_error=1 ./fuzzer <corpus_directory_or_single_testcase_path>
-
 ```
-Other useful options (used by ClusterFuzz) are:
+Other useful options are (also used by ClusterFuzz):
 ```bash
 UBSAN_OPTIONS=symbolize=1:halt_on_error=1:print_stacktrace=1 ./fuzzer <corpus_directory_or_single_testcase_path>
 ```
@@ -80,11 +79,11 @@ Following arguments are supported:
 
 | Argument | Description |
 |----------|-------------|
-| sources | **required** list of fuzzer test source files. |
+| sources | **required** list of fuzzer test source files |
 | deps | fuzzer dependencies |
 | additional_configs | additional GN configurations to be used for compilation |
 | dict | a dictionary file for the fuzzer |
-| libfuzzer_options | runtime options file for the fuzzer. See [Fuzzer Runtime Options](Fuzzer-Options) |
+| libfuzzer_options | runtime options file for the fuzzer. See [Fuzzer Runtime Options](#Fuzzer-Runtime-Options) |
 
 
 ## Fuzzer Runtime Options
@@ -103,7 +102,7 @@ Most common flags are:
 | max_len | Maximum length of test input. |
 | timeout | Timeout of seconds. Units slower than this value will be reported as bugs. |
 
-A fuller list of options can be found at [libFuzzer Usage] page and by running
+Full list of options can be found at [libFuzzer options] page and by running
 the binary with `-help=1`.
 
 To specify these options for ClusterFuzz, list all parameters in
@@ -119,7 +118,7 @@ fuzzer_test("my_fuzzer") {
 }
 ```
 
-[libFuzzer Usage]: http://llvm.org/docs/LibFuzzer.html#usage
+[libFuzzer options]: http://llvm.org/docs/LibFuzzer.html#options
 [Address Sanitizer]: http://clang.llvm.org/docs/AddressSanitizer.html
 [Memory Sanitizer]: http://clang.llvm.org/docs/MemorySanitizer.html
 [Undefined Behavior Sanitizer]: http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html