HomePhabricator

test: Build fuzz targets into seperate executables

Description

test: Build fuzz targets into seperate executables

Summary:

Currently our fuzzer is a single binary that decides on the first few
bits of the buffer what target to pick. This is ineffective as the
fuzzer needs to "learn" how the fuzz targets are organized and could get
easily confused. Not to mention that the (seed) corpus can not be
categorized by target, since targets might "leak" into each other. Also
the corpus would potentially become invalid if we ever wanted to remove
a target...

Solve that by building each fuzz target into their own executable.

Backport of core PR15043:
https://github.com/bitcoin/bitcoin/pull/15043/files

Depends on D4614.

Test Plan:

mkdir -p /tmp/fuzz/inputs
mkdir -p /tmp/fuzz/outputs
mkdir -p /tmp/archive
pushd /tmp/archive
wget https://download.visucore.com/bitcoin/bitcoin_fuzzy_in.tar.xz
tar xvJf bitcoin_fuzzy_in.tar.xz
mv bitcoin_fuzzy_in/* /tmp/fuzz/inputs/
popd

mkdir build && cd build
./configure --disable-ccache --disable-shared --enable-tests \
  --enable-fuzz CC=afl-clang-fast CXX=afl-clang-fast++
make
afl-fuzz -i /tmp/fuzz/inputs -o tmp/fuzz/outputs \
  -m512 -- src/test/fuzz/address_deserialize

Escape with CTRL+C

rm -rf *
./configure --disable-ccache --enable-fuzz \
  --with-sanitizers=fuzzer,address CC=clang CXX=clang++
pushd src
make test/fuzz/address_deserialize
popd
./src/test/fuzz/address_deserialize /tmp/fuzz/inputs

Escape with CTRL+C

mkdir -p ../buildcmake && cd ../buildcmake
cmake -GNinja .. -DCCACHE=OFF -DENABLE_SANITIZERS="fuzzer;address"
ninja fuzz-address_deserialize
./src/test/fuzz/address_deserialize /tmp/fuzz/inputs

Escape with CTRL+C

ninja bitcoin-fuzzers

Check all the fuzzers are built.

Reviewers: #bitcoin_abc, deadalnix

Reviewed By: #bitcoin_abc, deadalnix

Differential Revision: https://reviews.bitcoinabc.org/D4615

Details

Provenance
MarcoFalke <falke.marco@gmail.com>Authored on Jan 25 2019, 23:42
FabienCommitted on Feb 10 2020, 13:50
FabienPushed on Feb 10 2020, 13:50
Reviewer
Restricted Project
Differential Revision
D4615: test: Build fuzz targets into seperate executables
Parents
rABCf04d82a889c2: docs: Spelling error fix on fuzzing.md
Branches
Unknown
Tags
Unknown