test: Build fuzz targets into seperate executables
Summary:
Currently our fuzzer is a single binary that decides on the first few bits of the buffer what target to pick. This is ineffective as the fuzzer needs to "learn" how the fuzz targets are organized and could get easily confused. Not to mention that the (seed) corpus can not be categorized by target, since targets might "leak" into each other. Also the corpus would potentially become invalid if we ever wanted to remove a target... Solve that by building each fuzz target into their own executable.
Backport of core PR15043:
https://github.com/bitcoin/bitcoin/pull/15043/files
Depends on D4614.
Test Plan:
mkdir -p /tmp/fuzz/inputs mkdir -p /tmp/fuzz/outputs mkdir -p /tmp/archive pushd /tmp/archive wget https://download.visucore.com/bitcoin/bitcoin_fuzzy_in.tar.xz tar xvJf bitcoin_fuzzy_in.tar.xz mv bitcoin_fuzzy_in/* /tmp/fuzz/inputs/ popd mkdir build && cd build ./configure --disable-ccache --disable-shared --enable-tests \ --enable-fuzz CC=afl-clang-fast CXX=afl-clang-fast++ make afl-fuzz -i /tmp/fuzz/inputs -o tmp/fuzz/outputs \ -m512 -- src/test/fuzz/address_deserialize
Escape with CTRL+C
rm -rf * ./configure --disable-ccache --enable-fuzz \ --with-sanitizers=fuzzer,address CC=clang CXX=clang++ pushd src make test/fuzz/address_deserialize popd ./src/test/fuzz/address_deserialize /tmp/fuzz/inputs
Escape with CTRL+C
mkdir -p ../buildcmake && cd ../buildcmake cmake -GNinja .. -DCCACHE=OFF -DENABLE_SANITIZERS="fuzzer;address" ninja fuzz-address_deserialize ./src/test/fuzz/address_deserialize /tmp/fuzz/inputs
Escape with CTRL+C
ninja bitcoin-fuzzers
Check all the fuzzers are built.
Reviewers: #bitcoin_abc, deadalnix
Reviewed By: #bitcoin_abc, deadalnix
Differential Revision: https://reviews.bitcoinabc.org/D4615