Commit graph

28 commits

Author SHA1 Message Date
Vasil Dimov
6f7c7567c5
fuzz: parse the command line arguments in fuzz tests
Retrieve the command line arguments from the fuzzer and save them for
later retrieval by `BasicTestingSetup` so that we gain extra flexibility
of passing any config options on the test command line, e.g.:

```
FUZZ=addrman ./src/test/fuzz/fuzz --checkaddrman=5
```

A fuzz test should call `MakeNoLogFileContext<>()` in its initialize
function in order to invoke the constructor of `BasicTestingSetup`,
which sets `gArgs`.
2022-01-11 11:53:34 +01:00
Alex Groce
6cac99ac07
Add a brief overview of fuzzing/Bitcoin Core fuzzing
- Google's repo
- Our report
- John's advice on fuzz-friendly development
2021-11-10 11:10:04 -07:00
W. J. van der Laan
29b030bca3
Merge : fuzz: add guide to fuzzing with Eclipser v1.x
6e1150ea3b fuzz: add guide to fuzzing with Eclipser v1.x (Alex Groce)

Pull request description:

  MarcoFalke and practicalswift here's an Eclipser guide, reconstructed from their documentation and my docker history getting it up and running.  It might be good if someone confirmed it actually works for them in a fresh ubuntu 20.04.

ACKs for top commit:
  practicalswift:
    ACK 6e1150ea3b

Tree-SHA512: ca855932fd7a2c1d1005d572ab5fabc26f42d779f9baf279783f08a43dd72ec60f57239135d30c2a82781e593626fec2c96bb19fb91e1b777cef2d83a54eba35
2021-10-01 10:25:07 +02:00
MarcoFalke
fa050bbc0a
test: Update test README and lint script 2021-09-02 10:26:35 +02:00
Alex Groce
6e1150ea3b fuzz: add guide to fuzzing with Eclipser v1.x 2021-08-06 08:51:30 -07:00
Alex Groce
8a4f0fcd3f
Document faster throughput configuration 2021-07-28 13:03:08 -07:00
Jon Atack
d8f1ea7227
doc: describe in fuzzing.md how to reproduce a CI crash
and add/improve a few headers
2021-05-25 15:18:50 +02:00
MarcoFalke
fadd98d02f
doc: Fix OSS-Fuzz links 2021-05-14 08:15:03 +02:00
Adam Jonas
47c3ea021e doc: add OSS-Fuzz section to fuzzing.md doc
Co-authored-by: Russell Yanofsky <russ@yanofsky.org>
2021-05-05 10:10:56 -04:00
MarcoFalke
fab633d2db
doc: Update fuzzing docs for afl-clang-lto 2021-03-09 19:00:10 +01:00
MarcoFalke
7f831346cb
Merge : doc: Add instructions on how to fuzz the P2P layer using Honggfuzz NetDriver
fd0be92cff doc: Add instructions on how to fuzz the P2P layer using Honggfuzz NetDriver (practicalswift)

Pull request description:

  Add instructions on how to fuzz the P2P layer using [Honggfuzz NetDriver](http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html).

  Honggfuzz NetDriver allows for very easy fuzzing of TCP servers such as Bitcoin Core without having to write any custom fuzzing harness. The `bitcoind` server process is largely fuzzed without modification.

  This makes the fuzzing highly realistic: a bug reachable by the fuzzer is likely also remotely triggerable by an untrusted peer.

Top commit has no ACKs.

Tree-SHA512: 9e98cb30f00664c00c8ff9fd224ff9822bff3fd849652172df48dbaeade1dd1a5fc67ae53203f1966a1d4210671b35656009a2d8b84affccf3ddf1fd86124f6e
2021-02-17 09:50:56 +01:00
MarcoFalke
44444ba759
fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
practicalswift
fd0be92cff doc: Add instructions on how to fuzz the P2P layer using Honggfuzz NetDriver 2020-11-12 20:20:29 +00:00
nsa
2b78a11b48 doc: afl fuzzing comment about afl-gcc and afl-g++
This commit includes a short comment in doc/fuzzing.md that gives
guidance on compiling Bitcoin Core with AFL instrumentation using
afl-gcc and afl-g++.
2020-07-05 20:55:11 -04:00
Vasil Dimov
0012471391
build: turn on --enable-c++17 by --enable-fuzz
Fuzzing code uses C++17 specific code (e.g. std::optional), so it is not
possible to compile with --enable-fuzz and without --enable-c++17.

Thus, turn on --enable-c++17 whenever --enable-fuzz is used.
2020-06-05 11:50:34 +02:00
Martin Zumsande
872aa25fa1 doc: add c++17-enable to fuzzing instructions 2020-05-11 01:18:17 +02:00
practicalswift
bb1ec36fb1 doc: Document how to fuzz Bitcoin Core using honggfuzz 2020-04-22 15:22:36 +00:00
practicalswift
33dd764984 doc: Add fuzzing quickstart guides for libFuzzer and afl-fuzz. Simplify instructions. 2020-03-18 22:32:01 +00:00
MarcoFalke
fa4fa88d76
doc: Remove --disable-ccache from docs 2020-03-09 11:13:48 -04:00
Fabian Jahr
b6c3e84e87
doc: Improve fuzzing docs for macOS users 2020-01-29 00:46:21 +01:00
practicalswift
595cc9bcaf docs: Add undefined to --with-sanitizers=fuzzer,address 2019-10-30 13:34:10 +00:00
qmma
84edfc72e5
Update doc and CI config 2019-07-08 20:28:58 -04:00
MarcoFalke
fa7ca8ef58
qa: Add test/fuzz/test_runner.py 2019-02-13 17:12:28 -05:00
MarcoFalke
2ca632e5b4 test: Build fuzz targets into seperate executables 2019-01-29 19:03:06 -05:00
benthecarman
31097b7b02
docs: Spelling error fix on fuzzing.md 2019-01-16 20:25:51 -06:00
MarcoFalke
fad058a79f
build: Allow to configure --with-sanitizers=fuzzer 2019-01-05 19:06:03 +01:00
practicalswift
693247b82b [test] Speed up fuzzing by ~200x when using afl-fuzz
Enable the `afl-clang-fast++` features deferred forkserver (`__AFL_INIT`) and persistent mode (`__AFL_LOOP(1000)`).

Before this patch:

```
$ afl-fuzz -i input -o output -m512 -- src/test/test_bitcoin_fuzzy
[*] Validating target binary...
[!] WARNING: The target binary is pretty slow! See /usr/local/share/doc/afl/perf_tips.txt.
[+] Here are some useful stats:

    Test case count : 1 favored, 0 variable, 1 total
       Bitmap range : 1072 to 1072 bits (average: 1072.00 bits)
        Exec timing : 20.4k to 20.4k us (average: 20.4k us)
…
exec speed : 57.58/sec (slow!)
exec speed : 48.35/sec (slow!)
exec speed : 53.78/sec (slow!)
```

After this patch:

```
$ afl-fuzz -i input -o output -m512 -- src/test/test_bitcoin_fuzzy
[*] Validating target binary...
[+] Persistent mode binary detected.
[+] Deferred forkserver binary detected.
[+] Here are some useful stats:

    Test case count : 1 favored, 0 variable, 1 total
       Bitmap range : 24 to 24 bits (average: 24.00 bits)
        Exec timing : 114 to 114 us (average: 114 us)
…
exec speed : 15.9k/sec
exec speed : 13.1k/sec
exec speed : 15.1k/sec
```
2017-05-19 07:28:46 +02:00
Wladimir J. van der Laan
8b15434b59 doc: Add bare-bones documentation for fuzzing 2016-12-15 13:29:03 +01:00