mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-25 02:33:24 -03:00
fuzz: parse the command line arguments in fuzz tests
Retrieve the command line arguments from the fuzzer and save them for later retrieval by `BasicTestingSetup` so that we gain extra flexibility of passing any config options on the test command line, e.g.: ``` FUZZ=addrman ./src/test/fuzz/fuzz --checkaddrman=5 ``` A fuzz test should call `MakeNoLogFileContext<>()` in its initialize function in order to invoke the constructor of `BasicTestingSetup`, which sets `gArgs`.
This commit is contained in:
parent
92a0f7e58d
commit
6f7c7567c5
2 changed files with 32 additions and 1 deletions
|
@ -71,6 +71,15 @@ block^@M-^?M-^?M-^?M-^?M-^?nM-^?M-^?
|
|||
|
||||
In this case the fuzzer managed to create a `block` message which when passed to `ProcessMessage(...)` increased coverage.
|
||||
|
||||
It is possible to specify `bitcoind` arguments to the `fuzz` executable.
|
||||
Depending on the test, they may be ignored or consumed and alter the behavior
|
||||
of the test. Just make sure to use double-dash to distinguish them from the
|
||||
fuzzer's own arguments:
|
||||
|
||||
```sh
|
||||
$ FUZZ=address_deserialize_v2 src/test/fuzz/fuzz -runs=1 fuzz_seed_corpus/address_deserialize_v2 --checkaddrman=5 --printtoconsole=1
|
||||
```
|
||||
|
||||
## Fuzzing corpora
|
||||
|
||||
The project's collection of seed corpora is found in the [`bitcoin-core/qa-assets`](https://github.com/bitcoin-core/qa-assets) repo.
|
||||
|
|
|
@ -20,7 +20,28 @@
|
|||
|
||||
const std::function<void(const std::string&)> G_TEST_LOG_FUN{};
|
||||
|
||||
const std::function<std::vector<const char*>()> G_TEST_COMMAND_LINE_ARGUMENTS{};
|
||||
/**
|
||||
* A copy of the command line arguments that start with `--`.
|
||||
* First `LLVMFuzzerInitialize()` is called, which saves the arguments to `g_args`.
|
||||
* Later, depending on the fuzz test, `G_TEST_COMMAND_LINE_ARGUMENTS()` may be
|
||||
* called by `BasicTestingSetup` constructor to fetch those arguments and store
|
||||
* them in `BasicTestingSetup::m_node::args`.
|
||||
*/
|
||||
static std::vector<const char*> g_args;
|
||||
|
||||
static void SetArgs(int argc, char** argv) {
|
||||
for (int i = 1; i < argc; ++i) {
|
||||
// Only take into account arguments that start with `--`. The others are for the fuzz engine:
|
||||
// `fuzz -runs=1 fuzz_seed_corpus/address_deserialize_v2 --checkaddrman=5`
|
||||
if (strlen(argv[i]) > 2 && argv[i][0] == '-' && argv[i][1] == '-') {
|
||||
g_args.push_back(argv[i]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const std::function<std::vector<const char*>()> G_TEST_COMMAND_LINE_ARGUMENTS = []() {
|
||||
return g_args;
|
||||
};
|
||||
|
||||
std::map<std::string_view, std::tuple<TypeTestOneInput, TypeInitialize, TypeHidden>>& FuzzTargets()
|
||||
{
|
||||
|
@ -98,6 +119,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
|
|||
// This function is used by libFuzzer
|
||||
extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv)
|
||||
{
|
||||
SetArgs(*argc, *argv);
|
||||
initialize();
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue