[libFuzzer][Chrome OS] Update docs to reflect Chrome OS port

Bug: 906214 Change-Id: I6e8b74c892535143e0d25709e6e170152acaa2e5 Reviewed-on: https://chromium-review.googlesource.com/c/1355337 Commit-Queue: Jonathan Metzman <metzman@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#612383}

[libFuzzer][Chrome OS] Update docs to reflect Chrome OS port
Bug: 906214 Change-Id: I6e8b74c892535143e0d25709e6e170152acaa2e5 Reviewed-on: https://chromium-review.googlesource.com/c/1355337 Commit-Queue: Jonathan Metzman <metzman@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#612383}
f8a8a429 · Jonathan Metzman · Commit Bot · 50071947 · f8a8a429 · f8a8a429
Commit f8a8a429 authored Nov 29, 2018 by Jonathan Metzman Committed by Commit Bot Nov 29, 2018
Showing with 24 additions and 4 deletions

testing/libfuzzer/README.md testing/libfuzzer/README.md +5 -2

testing/libfuzzer/getting_started.md testing/libfuzzer/getting_started.md +4 -2

testing/libfuzzer/reference.md testing/libfuzzer/reference.md +15 -0

No files found.
--- a/testing/libfuzzer/README.md
+++ b/testing/libfuzzer/README.md
@@ -14,8 +14,8 @@ LibFuzzer is an in-process coverage-driven evolutionary fuzzing engine. It helps
 engineers to uncover potential security & stability problems.
 *** note
-**Requirements:** libFuzzer in Chromium is supported with Linux, Mac, and
+**Requirements:** libFuzzer in Chromium is supported with Linux, Chrome OS, Mac,
-Windows only.
+and Windows.
 ***
 ## Integration Status
@@ -40,6 +40,8 @@ libFuzzer.
  and reported by ClusterFuzz.
 * [Reproducing on Linux, Mac, and Android] describes how to reproduce bugs
  reported by ClusterFuzz on Linux, Mac, and Android.
+* [Fuzzing on Chrome OS] describes how to write fuzzers for the non-browser
+  parts of Chrome OS.
 * [Reference] contains detailed references for different integration parts.
 ## Trophies
@@ -73,3 +75,4 @@ libFuzzer.
 [crbug.com/539572]: https://bugs.chromium.org/p/chromium/issues/detail?id=539572
 [libFuzzer]: http://llvm.org/docs/LibFuzzer.html
 [libFuzzer Infrastructure Bugs]: https://bugs.chromium.org/p/chromium/issues/list?q=label:LibFuzzer-Infra
+[Fuzzing on Chrome OS]: https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md
--- a/testing/libfuzzer/getting_started.md
+++ b/testing/libfuzzer/getting_started.md
 # Getting Started with libFuzzer in Chromium
 *** note
-**Prerequisites:** libFuzzer in Chromium is supported on Linux, Mac, and Windows
+**Prerequisites:** libFuzzer in Chromium is supported on Linux, Chrome OS, Mac,
-only.
+and Windows.
 ***
 This document will walk you through:
@@ -24,6 +24,8 @@ for speed, coverage and other parameters.
 # AddressSanitizer is the default config we recommend testing with.
 # Linux:
 tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Linux ASan' out/libfuzzer
+# Chrome OS:
+tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Chrome OS ASan' out/libfuzzer
 # Mac:
 tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Mac ASan' out/libfuzzer
 # Windows:

--- a/testing/libfuzzer/reference.md
+++ b/testing/libfuzzer/reference.md
@@ -35,6 +35,7 @@ running:
 |Linux ASan Debug | `tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Linux ASan Debug' out/Directory` |
 |Linux MSan \[[*](#MSan)\] | `tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Linux MSan' out/Directory` |
 |Linux UBSan \[[*](#UBSan)\]| `tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Linux UBSan' out/Directory` |
+|Chrome OS ASan | `tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Chrome OS ASan' out/Directory` |
 |Mac ASan | `tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Mac ASan' out/Directory` |
 |Windows ASan | `python tools\mb\mb.py gen -m chromium.fuzz -b "Libfuzzer Upload Windows ASan" out\Directory` |
@@ -56,6 +57,19 @@ Configuration example:
 gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true' --check
 ```
+### Chrome OS
+Chrome OS is supported by libFuzzer with `is_asan` configuration.
+Configuration example:
+```bash
+gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true target_os="chromeos"' --check
+```
+To do a Chrome OS build on Linux (not just for libFuzzer), your `.gclient` file
+must be configured appropriately, see the [Chrome OS build docs] for more
+details.
 ### Mac
 Mac is supported by libFuzzer with `is_asan` configuration.
@@ -144,4 +158,5 @@ fuzzer_test("my_fuzzer") {
 [Undefined Behavior Sanitizer]: http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
 [reproduce tool]: https://github.com/google/clusterfuzz-tools
 [these instructions]: https://www.chromium.org/developers/testing/memorysanitizer#TOC-Running-on-other-distros-using-Docker
+[Chrome OS build docs]: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/chromeos_build_instructions.md#updating-your-gclient-config