Page MenuHomePhabricator

test: Build fuzz targets into seperate executables
ClosedPublic

Authored by Fabien on Dec 2 2019, 16:39.

Details

Summary
Currently our fuzzer is a single binary that decides on the first few
bits of the buffer what target to pick. This is ineffective as the
fuzzer needs to "learn" how the fuzz targets are organized and could get
easily confused. Not to mention that the (seed) corpus can not be
categorized by target, since targets might "leak" into each other. Also
the corpus would potentially become invalid if we ever wanted to remove
a target...

Solve that by building each fuzz target into their own executable.

Backport of core PR15043:
https://github.com/bitcoin/bitcoin/pull/15043/files

Depends on D4614.

Test Plan
mkdir -p /tmp/fuzz/inputs
mkdir -p /tmp/fuzz/outputs
mkdir -p /tmp/archive
pushd /tmp/archive
wget https://download.visucore.com/bitcoin/bitcoin_fuzzy_in.tar.xz
tar xvJf bitcoin_fuzzy_in.tar.xz
mv bitcoin_fuzzy_in/* /tmp/fuzz/inputs/
popd

mkdir build && cd build
./configure --disable-ccache --disable-shared --enable-tests \
  --enable-fuzz CC=afl-clang-fast CXX=afl-clang-fast++
make
afl-fuzz -i /tmp/fuzz/inputs -o tmp/fuzz/outputs \
  -m512 -- src/test/fuzz/address_deserialize

Escape with CTRL+C

rm -rf *
./configure --disable-ccache --enable-fuzz \
  --with-sanitizers=fuzzer,address CC=clang CXX=clang++
pushd src
make test/fuzz/address_deserialize
popd
./src/test/fuzz/address_deserialize /tmp/fuzz/inputs

Escape with CTRL+C

mkdir -p ../buildcmake && cd ../buildcmake
cmake -GNinja .. -DCCACHE=OFF -DENABLE_SANITIZERS="fuzzer;address"
ninja fuzz-address_deserialize
./src/test/fuzz/address_deserialize /tmp/fuzz/inputs

Escape with CTRL+C

ninja bitcoin-fuzzers

Check all the fuzzers are built.

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

deadalnix added inline comments.
doc/fuzzing.md
1 ↗(On Diff #14610)

Still needs o be changed to Bitcoin ABC

This revision is now accepted and ready to land.Dec 6 2019, 11:15
This revision was landed with ongoing or failed builds.Feb 10 2020, 13:50
This revision was automatically updated to reflect the committed changes.