Page MenuHomePhabricator
Differential D8005

tests: Add fuzzing harness for ProcessMessage(...). Enables high-level fuzzing of the P2P layer.
ClosedPublic
Actions

Authored by Fabien on Oct 20 2020, 14:30.

Details

Reviewers
deadalnix
Group Reviewers
Restricted Project
Commits
rABC946eb500935b: tests: Add fuzzing harness for ProcessMessage(...). Enables high-level fuzzing…
Summary
Add fuzzing harness for ProcessMessage(...). Enables high-level fuzzing
of the P2P layer.

All code paths reachable from this fuzzer can be assumed to be reachable
for an untrusted peer.

Seeded from thin air (an empty corpus) this fuzzer reaches roughly 20
000 lines of code.

To test this PR:

$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
      --with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/process_message
…

Worth noting about this fuzzing harness:

    To achieve a reasonable number of executions per seconds the state
of the fuzzer is unfortunately not entirely reset between test_one_input
calls. The set-up (FuzzingSetup ctor) and tear-down (~FuzzingSetup) work
is simply too costly to be run on every iteration. There is a trade-off
to handle here between a.) achieving high executions/second and b.)
giving the fuzzer a totally blank slate for each call. Please let me
know if you have any suggestion on how to improve this situation while
maintaining >1000 executions/second.
    To achieve optimal results when using coverage-guided fuzzing I've
chosen to create one specialised fuzzing binary per message type
(process_message_addr, process_message_block, process_message_blocktxn ,
etc.) and one general fuzzing binary (process_message) which handles all
messages types. The latter general fuzzer can be seeded with inputs
generated by the former specialised fuzzers.

Happy fuzzing friends!

Backport od core PR17989.

Depends on D8004 (test plan only, fixes a fuzz fixture issue).

Test Plan
ninja bitcoin-fuzzers
./src/test/fuzz/process_message
./src/test/fuzz/process_message_getheaders # Or any other message

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Fabien created this revision.Oct 20 2020, 14:30
Herald added a reviewer: Restricted Project. · View Herald TranscriptOct 20 2020, 14:30
Fabien requested review of this revision.Oct 20 2020, 14:30
teamcity edited the summary of this revision. (Show Details)Oct 20 2020, 14:31
deadalnix requested changes to this revision.Oct 20 2020, 14:40
deadalnix added a subscriber: deadalnix.
deadalnix added inline comments.
src/test/fuzz/process_message.cpp
40 ↗(On Diff #24832)

Move that declaration in net_processing.h so mismatch between declaration and implementation can be detected.

This revision now requires changes to proceed.Oct 20 2020, 14:40
Harbormaster completed remote builds in B13525: Diff 24832.Oct 20 2020, 15:04
Fabien updated this revision to Diff 24837.Oct 20 2020, 15:18

Move declaration to header

deadalnix accepted this revision.Oct 20 2020, 15:27
This revision is now accepted and ready to land.Oct 20 2020, 15:27
Fabien updated this revision to Diff 24841.Oct 20 2020, 15:37

Rebase

Harbormaster completed remote builds in B13527: Diff 24837.Oct 20 2020, 15:54
teamcity added a comment.Oct 20 2020, 15:54
Build Bitcoin ABC Diffs / Diff Testing (build-clang-tidy) failed.

Tail of the build log:

[350/411] bitcoin: testing sync_tests
[351/411] Running utility command for check-bitcoin-op_reversebytes_tests
[352/411] bitcoin: testing torcontrol_tests
[353/411] Running utility command for check-bitcoin-sync_tests
[354/411] Running utility command for check-bitcoin-torcontrol_tests
[355/411] bitcoin: testing settings_tests
[356/411] bitcoin: testing timedata_tests
[357/411] Running utility command for check-bitcoin-settings_tests
[358/411] Running utility command for check-bitcoin-timedata_tests
[359/411] bitcoin: testing uint256_tests
[360/411] bitcoin: testing undo_tests
[361/411] Running utility command for check-bitcoin-uint256_tests
[362/411] Running utility command for check-bitcoin-undo_tests
[363/411] bitcoin: testing sigencoding_tests
[364/411] Running utility command for check-bitcoin-sigencoding_tests
[365/411] bitcoin: testing walletdb_tests
[366/411] bitcoin: testing compilerbug_tests
[367/411] Running utility command for check-bitcoin-walletdb_tests
[368/411] Running utility command for check-bitcoin-compilerbug_tests
[369/411] bitcoin: testing checkpoints_tests
[370/411] bitcoin: testing serialize_tests
[371/411] Running utility command for check-bitcoin-checkpoints_tests
[372/411] Running utility command for check-bitcoin-serialize_tests
[373/411] bitcoin: testing txvalidationcache_tests
[374/411] bitcoin: testing validationinterface_tests
[375/411] Running utility command for check-bitcoin-txvalidationcache_tests
[376/411] Running utility command for check-bitcoin-validationinterface_tests
[377/411] bitcoin: testing radix_tests
[378/411] Running utility command for check-bitcoin-radix_tests
[379/411] bitcoin: testing script_standard_tests
[380/411] Running utility command for check-bitcoin-script_standard_tests
[381/411] bitcoin: testing blockcheck_tests
[382/411] bitcoin: testing blockstatus_tests
[383/411] bitcoin: testing crypto_tests
[384/411] Running utility command for check-bitcoin-blockcheck_tests
[385/411] Running utility command for check-bitcoin-blockstatus_tests
[386/411] Running utility command for check-bitcoin-crypto_tests
[387/411] bitcoin: testing ref_tests
[388/411] Running utility command for check-bitcoin-ref_tests
[389/411] bitcoin: testing bswap_tests
[390/411] bitcoin: testing script_tests
[391/411] Running utility command for check-bitcoin-bswap_tests
[392/411] Running utility command for check-bitcoin-script_tests
[393/411] bitcoin: testing validation_block_tests
[394/411] bitcoin: testing validation_tests
[395/411] Running utility command for check-bitcoin-validation_block_tests
[396/411] Running utility command for check-bitcoin-validation_tests
[397/411] bitcoin: testing cuckoocache_tests
[398/411] Running utility command for check-bitcoin-cuckoocache_tests
[399/411] bitcoin: testing monolith_opcodes_tests
[400/411] bitcoin: testing skiplist_tests
[401/411] Running utility command for check-bitcoin-monolith_opcodes_tests
[402/411] Running utility command for check-bitcoin-skiplist_tests
[403/411] bitcoin: testing util_tests
[404/411] Running utility command for check-bitcoin-util_tests
[405/411] bitcoin: testing transaction_tests
[406/411] Running utility command for check-bitcoin-transaction_tests
[407/411] bitcoin: testing coins_tests
[408/411] Running utility command for check-bitcoin-coins_tests
Build build-clang-tidy timed out after 1800.0s
Harbormaster completed remote builds in B13530: Diff 24841.Oct 20 2020, 16:10
Closed by commit rABC946eb500935b: tests: Add fuzzing harness for ProcessMessage(...). Enables high-level fuzzing… (authored by practicalswift <practicalswift@users.noreply.github.com>, committed by Fabien). · Explain WhyOct 20 2020, 18:03
This revision was automatically updated to reflect the committed changes.
Fabien added a commit: rABC946eb500935b: tests: Add fuzzing harness for ProcessMessage(...). Enables high-level fuzzing….

Revision Contents
Changeset List

PathSize
src/
5 lines
9 lines
test/
fuzz/
43 lines
129 lines
util/
5 lines

Diff 24859

View Options

src/net_processing.h

Loading...
View Options

src/net_processing.cpp

Loading...
View Options

src/test/fuzz/CMakeLists.txt

Loading...
View Options

src/test/fuzz/process_message.cpp

Loading...
View Options

src/test/util/setup_common.cpp

Loading...