Commit graph

69 commits

Author SHA1 Message Date
MarcoFalke
fa3a4102ef
fuzz: Set -rss_limit_mb=8000 for generate as well
This is set by merge, so set it here as well, to avoid OOM.
2024-02-05 16:21:23 +01:00
MarcoFalke
fa4e396e1d
fuzz: Generate with random libFuzzer settings 2024-02-05 16:13:37 +01:00
fanquake
759195040a
Merge bitcoin/bitcoin#29329: fuzz: Print coverage summary after run_once
fab97d81ce fuzz: Print coverage summary after run_once (MarcoFalke)

Pull request description:

  This can be used to quickly check the coverage effects of a code change or qa-assets change.

ACKs for top commit:
  dergoegge:
    ACK fab97d81ce

Tree-SHA512: 0ac913c14698f39e76e0e7bf124f182220031796d6443edb34c6e4615e128157cf746da661b216c4640a41964e977249712445ca9c005b1b4a3737adabdb4a7d
2024-01-29 16:24:51 +00:00
MarcoFalke
fab97d81ce
fuzz: Print coverage summary after run_once 2024-01-29 15:24:29 +01:00
fanquake
cf937b2068
fuzz: also set MSAN_SYMBOLIZER_PATH 2024-01-26 13:56:09 +00:00
dergoegge
9d09c873a5 fuzz: Exit and log stderr for parse_test_list errors 2024-01-24 11:42:30 +00:00
fanquake
49d953281d
fuzz: explicitly specify llvm-symbolizer path in runner
It's not completely clear to me why this needs to be explicitly
specified in some environments, and not in others, while at the same time
that `llvm-symbolizer` is already in PATH, but this has fixed the 2 issues
outlined in #28147.

Use `LLVM_SYMBOLIZER_PATH` as the env var, as that is somewhat also used
inside LLVM, but not consistently, i.e it's checked for in the asan_symbolize
script, but not in in the ubsan_symbolize script, or from in compiler-rt.
2023-11-07 16:57:23 +00:00
MarcoFalke
fa21535551
fuzz: Increase merge -rss_limit_mb 2023-10-20 18:16:59 +02:00
MarcoFalke
faa5e061c2
fuzz: Allow multiple --m_dir args 2023-10-16 16:04:02 +02:00
MarcoFalke
fa858d63a0
fuzz: Merge with -set_cover_merge=1 2023-10-13 18:09:29 +02:00
MarcoFalke
faa190b1ef
test: Fuzz merge with -use_value_profile=0 for now 2023-10-12 16:44:41 +02:00
MarcoFalke
faa8c1be26
fuzz: Re-enable symbolize=1 in ASAN_OPTIONS 2023-07-22 08:26:34 +02:00
MarcoFalke
fa6245da60
fuzz: Generate process_message targets individually
Also, add an "rpc" target without LIMIT_TO_RPC_COMMAND set.
2023-07-12 15:52:14 +02:00
fanquake
cf4da5ec29
Merge bitcoin/bitcoin#28015: fuzz: Generate rpc fuzz targets individually
fa1e27fe8e fuzz: Generate rpc fuzz targets individually (MarcoFalke)

Pull request description:

  The `rpc` fuzz target was added more than two years ago in e45863166f. However, the bug https://github.com/bitcoin/bitcoin/issues/27913 was only found recently. Thus, it is pretty clear that fuzz engines can't deal with a search space that is too broad and can be extended in too many directions.

  Fix that by limiting the search space to each RPC method name and then iterate over all names, instead of letting the fuzz engine do the iteration.

  With this, the bug can be found in seconds, as opposed to years of CPU time (or never).

ACKs for top commit:
  brunoerg:
    ACK fa1e27fe8e
  dergoegge:
    ACK fa1e27fe8e

Tree-SHA512: 45ccba842367650d010320603153276b1b303deda9ba8c6bb31a4d2473b00aa5bca866db95f541485d65efd8276e2575026968c037872ef344fa33cf45bcdcd7
2023-07-07 11:26:22 +01:00
MarcoFalke
fa1e27fe8e
fuzz: Generate rpc fuzz targets individually 2023-06-28 17:50:45 +02:00
MarcoFalke
fae7c50d20
test: Run fuzz tests on macOS
Also, fix a few bugs:

* Error: RPC command "enumeratesigners" not found in RPC_COMMANDS_SAFE_FOR_FUZZING or RPC_COMMANDS_NOT_SAFE_FOR_FUZZING. Please update test/fuzz/rpc.cpp.
* in run_once: ...format(" ".join(result.args), ... TypeError: sequence item 2: expected str instance, PosixPath found
2023-06-22 13:54:17 +02:00
MarcoFalke
0000f55293
ci: Run fuzz target even if input folder is empty 2023-06-20 18:19:01 +02:00
MarcoFalke
fa8fe5b696
scripted-diff: Use new python 3.7 keywords
-BEGIN VERIFY SCRIPT-
 sed -i 's/universal_newlines/text/g' $(git grep -l universal_newlines)
-END VERIFY SCRIPT-
2023-01-18 13:00:34 +01:00
MarcoFalke
fac23c2114
scripted-diff: Bump copyright headers
The previous diff touched most files in ./test/, so bump the headers to
avoid having to touch them again for a bump later.

-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./test/
-END VERIFY SCRIPT-
2021-11-10 11:10:24 +01:00
MarcoFalke
fad0ae6bb8
doc: Rename fuzz seed_dir to corpus_dir 2021-03-08 15:23:51 +01:00
MarcoFalke
dd0521b640
Merge #21023: fuzz: Disable shuffle when merge=1
fabeb5b9c7 fuzz: Disable shuffle when merge=1 (MarcoFalke)

Pull request description:

  This should hopefully help make the deletion of fuzz inputs more deterministic.

  My tests (N=1) revealed that without this patch 7000 files differ (https://github.com/bitcoin-core/qa-assets/pull/44#issuecomment-768841467). With this patch, "only" 2000 files differ.

ACKs for top commit:
  practicalswift:
    cr ACK fabeb5b9c7: `-shuffle=0` and `-prefer_small=1` make sense

Tree-SHA512: 21a701f52450d402a91dd6e0b33d564c63a9c3b919738eb9a80c24d48fc5b964088e325470738f39af0d595612c844acc7bf0941590cc2dc8c6f6ee4cb69c861
2021-02-11 10:34:45 +01:00
MarcoFalke
fabeb5b9c7
fuzz: Disable shuffle when merge=1 2021-01-28 14:38:48 +01:00
MarcoFalke
faff3991a9
ci: Fuzz with integer sanitizer 2021-01-26 12:50:43 +01:00
MarcoFalke
fa39c8a3e8
test: Work around libFuzzer deadlock 2021-01-21 08:30:49 +01:00
MarcoFalke
fa511042b0
doc: [test] Remove outdated comment in fuzz runner 2020-12-24 08:20:54 +01:00
MarcoFalke
44444ba759
fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
Antoine Poinsot
15ae4a17c4
test/fuzz: add a seed corpus generation option to the test_runner
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-08-23 23:09:26 +02:00
MarcoFalke
3333cb9699
fuzz: Pass down MAKEJOBS to test_runner 2020-05-10 07:49:09 -04:00
MarcoFalke
fa66280396
fuzz: Run in parallel 2020-04-17 15:43:23 -04:00
MarcoFalke
fa488f131f
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
2020-04-16 13:33:09 -04:00
MarcoFalke
fa5e973b44
test: Set -use_value_profile=1 when merging fuzz inputs 2020-04-09 00:51:51 +08:00
MarcoFalke
facc332dc5
fuzz: Avoid running over all inputs after merging them 2020-04-03 08:30:40 +08:00
MarcoFalke
5c9d408b2d
Merge #18300: fuzz: Add option to merge input dir to test runner
fa3fa27c45 fuzz: Remove option --export_coverage from test_runner (MarcoFalke)
aaaa055ff7 fuzz: Add option to merge input dir to test runner (MarcoFalke)
fa4fa88d76 doc: Remove --disable-ccache from docs (MarcoFalke)

Pull request description:

  This is mainly useful for myself to merge pull requests like https://github.com/bitcoin-core/qa-assets/pull/4

  I thought it wouldn't hurt to share the code.

  Also remove the `--disable-ccache` from the docs to speed up builds when developing fuzzers.

Top commit has no ACKs.

Tree-SHA512: 818d85a90db86a7f4e8b001cc88342e5b28b02029d2bd4174440b28a8c4cc29b5406bd6348f72ddf909bb3d0f9bf7b1011976f6480e4418c8b7da5ecccae93e8
2020-03-18 15:51:44 -04:00
MarcoFalke
fa3fa27c45
fuzz: Remove option --export_coverage from test_runner
The coverage statistics are not stable across clang versions
2020-03-10 11:15:11 -04:00
practicalswift
6590395f60 tests: Remove FUZZERS_MISSING_CORPORA 2020-03-09 17:20:52 +00:00
practicalswift
815c7a6793 tests: Add basic fuzzing harness for CNetAddr/CService/CSubNet related functions (netaddress.h) 2020-03-09 15:16:36 +00:00
MarcoFalke
aaaa055ff7
fuzz: Add option to merge input dir to test runner 2020-03-09 11:13:57 -04:00
practicalswift
bf06641819 tests: Reset FUZZERS_MISSING_CORPORA to enable regression fuzzing for more harnesses 2020-03-09 14:30:18 +00:00
practicalswift
c7ea12d098 tests: Add key_io fuzzing harness 2020-03-07 13:39:25 +00:00
practicalswift
0d0bc3b5c1 build: Add locale fuzzer to FUZZERS_MISSING_CORPORA 2020-03-06 23:29:23 +00:00
MarcoFalke
3f826598a4
Merge #17972: tests: Add fuzzing harness for CKey and key related functions
f4691b6c21 tests: Add fuzzing harness for CKey related functions (practicalswift)

Pull request description:

  Add fuzzing harness for `CKey` and key related functions.

  **How to test this PR**

  ```
  $ make distclean
  $ ./autogen.sh
  $ CC=clang CXX=clang++ ./configure --enable-fuzz \
        --with-sanitizers=address,fuzzer,undefined
  $ make
  $ src/test/fuzz/key
  …
  #4096   pulse  cov: 5736 ft: 6960 corp: 27/833b lim: 67 exec/s: 2048 rss: 122Mb
  #8192   pulse  cov: 5736 ft: 6960 corp: 27/833b lim: 103 exec/s: 2048 rss: 143Mb
  #13067  NEW    cov: 5736 ft: 6965 corp: 28/865b lim: 154 exec/s: 2177 rss: 166Mb L: 32/32 MS: 1 ChangeBit-
  #16384  pulse  cov: 5736 ft: 6965 corp: 28/865b lim: 182 exec/s: 2048 rss: 181Mb
  #32768  pulse  cov: 5736 ft: 6965 corp: 28/865b lim: 347 exec/s: 2184 rss: 258Mb
  …
  ```

Top commit has no ACKs.

Tree-SHA512: 5b17ffb70c31966d3eac06d2258c127ae671d28d6cdf4e6ac20b45cd59ad32f80952c9c749930b97d317c72d5f840a3b75d466fd28fb6c351424a72c3e41bcbc
2020-03-05 16:43:16 -05:00
practicalswift
f4691b6c21 tests: Add fuzzing harness for CKey related functions 2020-03-05 21:11:10 +00:00
MarcoFalke
a2b5aae9f3
Merge #17996: tests: Add fuzzing harness for serialization/deserialization of floating-points and integrals
9ff41f6419 tests: Add float to FUZZERS_MISSING_CORPORA (temporarily) (practicalswift)
8f6fb0a85a tests: Add serialization/deserialization fuzzing for integral types (practicalswift)
3c82b92d2e tests: Add fuzzing harness for functions taking floating-point types as input (practicalswift)
c2bd588860 Add missing includes (practicalswift)

Pull request description:

  Add simple fuzzing harness for functions with floating-point parameters (such as `ser_double_to_uint64(double)`, etc.).

  Add serialization/deserialization fuzzing for integral types.

  Add missing includes.

  To test this PR:

  ```
  $ make distclean
  $ ./autogen.sh
  $ CC=clang CXX=clang++ ./configure --enable-fuzz \
        --with-sanitizers=address,fuzzer,undefined
  $ make
  $ src/test/fuzz/float
  …
  ```

Top commit has no ACKs.

Tree-SHA512: 9b5a0c4838ad18d715c7398e557d2a6d0fcc03aa842f76d7a8ed716170a28f17f249eaede4256998aa3417afe2935e0ffdfaa883727d71ae2d2d18a41ced24b5
2020-03-05 15:41:30 -05:00
practicalswift
9ff41f6419 tests: Add float to FUZZERS_MISSING_CORPORA (temporarily) 2020-03-05 20:35:26 +00:00
MarcoFalke
fa6df0de53
test: Bump timeouts to accomodate really slow disks 2020-03-02 16:25:05 -05:00
MarcoFalke
324a6dfeaf
Merge #17771: tests: Add fuzzing harness for V1TransportDeserializer (P2P transport)
2f63ffd15c tests: Add fuzzing harness for V1TransportDeserializer (P2P transport) (practicalswift)

Pull request description:

  Add fuzzing harness for `V1TransportDeserializer` (P2P transport).

  **Testing this PR**

  Run:

  ```
  $ make distclean
  $ ./autogen.sh
  $ CC=clang CXX=clang++ ./configure --enable-fuzz \
        --with-sanitizers=address,fuzzer,undefined
  $ make
  $ src/test/fuzz/p2p_transport_deserializer
  …
  ```

ACKs for top commit:
  MarcoFalke:
    ACK 2f63ffd15c

Tree-SHA512: 8507d4a0414d16f1b8cc9649e3e638f74071dddc990d7e5d7e6faf77697f50bdaf133e49e2371edd29068a069a074469ef53148c6bfc9950510460b81d87646a
2020-02-28 02:35:14 +07:00
practicalswift
eabbbe409f tests: Add fuzzing harness for rolling bloom filter class CRollingBloomFilter 2020-02-25 17:04:03 +00:00
practicalswift
2a6a6ea0f5 tests: Add fuzzing harness for bloom filter class CBloomFilter 2020-02-25 17:04:03 +00:00
practicalswift
f2472f6460 tests: Improve test runner output in case of target errors 2020-02-19 14:27:19 +00:00
practicalswift
5ea81449f3 tests: Add support for excluding fuzz targets using -x/--exclude 2020-02-19 14:10:22 +00:00