85 lines (64 sloc) 3.8 KB


Naming things is hard, so this page tries to reduce confusion around fuzzing-related terminology.


Or test corpus, or fuzzing corpus.
A set of test inputs. In most contexts, it refers to a set of minimal test inputs that generate maximal code coverage.

Fuzz Target

Or Target Function, or Fuzzing Target Function, or Fuzzing Entry Point.
A function to which we apply fuzzing. A specific signature is required for OSS-Fuzz. Examples: openssl, re2, SQLite.

A fuzz target can be used to reproduce bug reports. It is recommended to use it for regression testing as well (see ideal integration).


The most overloaded term and used in a variety of contexts, which makes it bad. Sometimes, "Fuzzer" is referred to a fuzz target, a fuzzing engine, a mutation engine, a test generator or a fuzzer build.

Fuzzing Engine

A tool that tries to find interesting inputs for a fuzz target by executing it. Examples: libFuzzer, AFL, honggfuzz, etc

See related terms Mutation Engine and Test Generator.

Job type

Or Fuzzer Build.
A ClusterFuzz-specific term. This refers to a build that contains all the fuzz targets for a given project, is run with a specific fuzzing engine, in a specific build mode (e.g. with enabled/disabled assertions), and optionally combined with a sanitizer.

For example, we have a "libfuzzer_asan_sqlite" job type, indicating a build of all sqlite3 fuzz targets using libFuzzer and ASan.

Mutation Engine

A tool that takes a set of testcases as input and creates their mutated versions. It is just a generator and does not feed the mutations to fuzz target. Example: radamsa (a generic test mutator).


A project is an open source software project that is integrated with OSS-Fuzz. Each project has a single set of configuration files (example: expat) and may have one or more fuzz targets (example: openssl).


Or a testcase.
A test input that causes a specific bug to reproduce.


A dynamic testing tool that can detect bugs during program execution. Examples: ASan, DFSan, LSan, MSan, TSan, UBSan.

Test Generator

A tool that generates testcases from scratch according to some rules or grammar. Examples: csmith (a test generator for C language), cross_fuzz (a cross-document DOM binding test generator).

Test Input

A sequence of bytes that is used as input to a fuzz target. Typically, a test input is stored in a separate file.