[libFuzzer][Windows] Update Docs for Windows port

Update docs to reflect the fact that libFuzzer has been ported to Windows and is now supported there in Chrome. Also fix miscellanious issues such as wording, capitalization, line breaking at 80 chars and make examples more windows friendly (remove enable_nacl=false since it doesn't seem to do anything and add is_component_build=true since it is needed on Win. Bug: 892754 Change-Id: I4c3c2aa9a7bd13b5b29b7c0094473e27a4edfbfb Reviewed-on: https://chromium-review.googlesource.com/c/1277688Reviewed-by: Martin Barbella <mbarbella@chromium.org> Commit-Queue: Jonathan Metzman <metzman@chromium.org> Cr-Commit-Position: refs/heads/master@{#599003}

[libFuzzer][Windows] Update Docs for Windows port
Update docs to reflect the fact that libFuzzer has been ported to Windows and is now supported there in Chrome. Also fix miscellanious issues such as wording, capitalization, line breaking at 80 chars and make examples more windows friendly (remove enable_nacl=false since it doesn't seem to do anything and add is_component_build=true since it is needed on Win. Bug: 892754 Change-Id: I4c3c2aa9a7bd13b5b29b7c0094473e27a4edfbfb Reviewed-on: https://chromium-review.googlesource.com/c/1277688Reviewed-by: Martin Barbella <mbarbella@chromium.org> Commit-Queue: Jonathan Metzman <metzman@chromium.org> Cr-Commit-Position: refs/heads/master@{#599003}
df29cec0 · Jonathan Metzman · Commit Bot · 1b15ad0d · df29cec0 · df29cec0
Commit df29cec0 authored Oct 11, 2018 by Jonathan Metzman Committed by Commit Bot Oct 11, 2018
4 changed files
--- a/testing/libfuzzer/README.md
+++ b/testing/libfuzzer/README.md
@@ -11,10 +11,11 @@

 This directory contains integration between [libFuzzer] and Chromium.
 LibFuzzer is an in-process coverage-driven evolutionary fuzzing engine. It helps
-engineers to uncover potential security & stability problems earlier.
+engineers to uncover potential security & stability problems.

 *** note
-**Requirements:** libFuzzer in Chromium is supported with Linux and Mac only.
+**Requirements:** libFuzzer in Chromium is supported with Linux, Mac, and
+  Windows only.
 ***

 ## Integration Status

--- a/testing/libfuzzer/getting_started.md
+++ b/testing/libfuzzer/getting_started.md
 # Getting Started with libFuzzer in Chromium

 *** note
-**Prerequisites:** libFuzzer in Chromium is supported on Linux and Mac only.
+**Prerequisites:** libFuzzer in Chromium is supported on Linux, Mac, and Windows
+only.
 ***

 This document will walk you through:
@@ -16,22 +17,22 @@ Use `use_libfuzzer` GN argument together with sanitizer to generate build files:

 *Notice*: current implementation also supports `use_afl` argument, but it is
 recommended to use libFuzzer for local development. Running libFuzzer locally
-doesn't require any special configuration and gives meaningful output quickly for
-speed, coverage and other parameters.
+doesn't require any special configuration and gives meaningful output quickly
+for speed, coverage and other parameters.

 ```bash
 # With address sanitizer
-gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true is_debug=false enable_nacl=false' --check
+gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true is_debug=false is_component_build=true' --check
 ```

 Supported sanitizer configurations are:

 | GN Argument | Description |
 |--------------|----|
-| `is_asan=true` | enables [Address Sanitizer] to catch problems like buffer overruns. |
-| `is_msan=true` | enables [Memory Sanitizer] to catch problems like uninitialized reads<sup>\[[*](reference.md#MSan)\]</sup>. |
-| `is_ubsan_security=true` | enables [Undefined Behavior Sanitizer] to catch<sup>\[[*](reference.md#UBSan)\]</sup> undefined behavior like integer overflow. |
-| | it is possible to run libfuzzer without any sanitizers; *probably not what you want*.|
+| `is_asan=true` | Enables [Address Sanitizer] to catch problems like buffer overruns. (only supported sanitizer on Windows and Mac)|
+| `is_msan=true` | Enables [Memory Sanitizer] to catch problems like uninitialized reads<sup>\[[*](reference.md#MSan)\]</sup>. |
+| `is_ubsan_security=true` | Enables [Undefined Behavior Sanitizer] to catch<sup>\[[*](reference.md#UBSan)\]</sup> undefined behavior like integer overflow. |
+| | It is possible to run libfuzzer without any sanitizers; *probably not what you want*.|

 Fuzz targets are built with minimal symbols by default. The symbol level
 can be adjusted in the usual way by setting `symbol_level`.
@@ -41,7 +42,8 @@ To get the exact GN configuration that are used on our builders, see

 ## Write Fuzz Target

-Create a new `<my_fuzzer>.cc` file and define a `LLVMFuzzerTestOneInput` function:
+Create a new `<my_fuzzer>.cc` file and define a `LLVMFuzzerTestOneInput`
+function:

 ```cpp
 #include <stddef.h>

--- a/testing/libfuzzer/libprotobuf-mutator.md
+++ b/testing/libfuzzer/libprotobuf-mutator.md
@@ -46,6 +46,10 @@ libprotobuf-mutator fuzzer that is even more trivial than
 url_parse_proto_fuzzer.

 ## Write a fuzz target for code that accepts protobufs
+*** note
+**Note:** Right now this only works on Linux.
+***
+
 This is almost as easy as writing a standard libFuzzer-based fuzzer. You can
 look at [override_lite_runtime_plugin_test_fuzzer] for an example of a working example of
 this (don't copy the line adding "//testing/libfuzzer:no_clusterfuzz" to

--- a/testing/libfuzzer/reference.md
+++ b/testing/libfuzzer/reference.md
@@ -36,6 +36,7 @@ running:
 |Linux MSan \[[*](#MSan)\] | `tools/mb/mb.py gen -m chromium.fyi -b 'Libfuzzer Upload Linux MSan' out/Directory` |
 |Linux UBSan \[[*](#UBSan)\]| `tools/mb/mb.py gen -m chromium.fyi -b 'Libfuzzer Upload Linux UBSan' out/Directory` |
 |Mac ASan | `tools/mb/mb.py gen -m chromium.fyi -b 'Libfuzzer Upload Mac ASan' out/Directory` |
+|Windows ASan | `tools/mb/mb.py gen -m chromium.fyi -b 'Libfuzzer Upload Windows ASan' out/Directory` |


 ### Linux
@@ -52,7 +53,7 @@ Configuration example:

 ```bash
 # With address sanitizer
-gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true enable_nacl=false' --check
+gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true' --check
 ```

 ### Mac
@@ -62,9 +63,26 @@ Mac is supported by libFuzzer with `is_asan` configuration.
 Configuration example:

 ```bash
-gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true enable_nacl=false mac_deployment_target="10.7"' --check
+gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true mac_deployment_target="10.7"' --check
 ```

+### Windows
+
+Windows is supported by libFuzzer with `is_asan` configuration.
+
+Configuration example:
+
+```bash
+gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true is_debug=false is_component_build=false' --check
+```
+
+On Windows you must use `is_component_build=true` as libFuzzer does not support
+component builds on Windows. If you are using `is_asan=true` then you must use
+`is_debug=false` as ASan does not support debug builds on Windows.
+You may also want to consider using `symbol_level=1` which will reduce build
+size by reducing symbol level to the level necessary for libFuzzer (useful
+if building many fuzz targets).
+
 ## fuzzer_test GN Template

 Use `fuzzer_test` to define libFuzzer targets: