Page MenuHomePhabricator

[tests] Add libFuzzer support.
Changes PlannedPublic

Authored by Fabien on Nov 29 2019, 17:28.


Group Reviewers
Restricted Project

This is a backport of core PR10440:

I added some modifications to the CMake files to support enabling the
libFuzzer support easily (it requires manual compilation otherwise).
This is natively supported by ECM, but will try to apply to every build
with a main() which is not the desired behavior as it should only
apply to the test_bitcoin_fuzzy target.

Test Plan

Build with Clang >= 6.0:

cmake -GNinja .. -DENABLE_SANITIZERS=fuzzer
ninja test_bitcoin_fuzzy

Stop it with CTRL+C when you're bored, as it will run indefinitely.

Diff Detail

rABC Bitcoin ABC
Lint OK
No Unit Test Coverage
Build Status
Buildable 8342
Build 14703: Bitcoin ABC Buildbot
Build 14702: arc lint + arc unit

Event Timeline

Fabien created this revision.Nov 29 2019, 17:28
Herald added a reviewer: Restricted Project. · View Herald TranscriptNov 29 2019, 17:28
Fabien updated this revision to Diff 14516.Nov 29 2019, 20:38

Add missing static.

deadalnix requested changes to this revision.Dec 1 2019, 22:35
deadalnix added inline comments.

Does building that target without the sanitizer makes any sense at all? Also, are you sure that it doesn't have all to be build with the sanitizer?

This revision now requires changes to proceed.Dec 1 2019, 22:35
Fabien requested review of this revision.Dec 2 2019, 07:35
Fabien added inline comments.

The reason for not setting the option by default is that there are 2 possible ways to use the executable for fuzzing:

    • You can build against an AFL compiler, such as afl-clang-fast then use afl-fuzz to manage the instrumented binary (this is the method described in the documentation)
  • Or you can use clang's integrated libFuzzer which is what is done by passing the -fsanitize=fuzzer option. I don't think you can do both at the same time, as I don't expect the afl-* enabled compilers to support libFuzzer.

Regarding your second question, there is no need for building anything else with the fuzzer sanitizer (see
But you can (should ?) build with other sanitizers such as ASAN for example, then run with an abort on error option (don't remember the exact syntax). That would allow you to catch the vectors that trigger ASAN faults.

Fabien planned changes to this revision.Dec 9 2019, 15:06