diff options
author | MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz> | 2023-07-11 15:48:42 +0200 |
---|---|---|
committer | MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz> | 2023-07-12 15:52:14 +0200 |
commit | fa6245da6061050eb77ad07cd4caf8c596d89dc6 (patch) | |
tree | 1343da4d7efd147901f5fc8e03e791fa597a7acf | |
parent | fa1471e5754484f997ddf9db70888679dcd1d64a (diff) |
fuzz: Generate process_message targets individually
Also, add an "rpc" target without LIMIT_TO_RPC_COMMAND set.
-rwxr-xr-x | test/fuzz/test_runner.py | 49 |
1 files changed, 37 insertions, 12 deletions
diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py index ef1583d446..1ce7c71360 100755 --- a/test/fuzz/test_runner.py +++ b/test/fuzz/test_runner.py @@ -193,27 +193,52 @@ def main(): ) -def generate_corpus(*, fuzz_pool, src_dir, build_dir, corpus_dir, targets): - """Generates new corpus. +def transform_process_message_target(targets, src_dir): + """Add a target per process message, and also keep ("process_message", {}) to allow for + cross-pollination, or unlimited search""" + + p2p_msg_target = "process_message" + if (p2p_msg_target, {}) in targets: + lines = subprocess.run( + ["git", "grep", "--function-context", "g_all_net_message_types{", src_dir / "src" / "protocol.cpp"], + check=True, + stdout=subprocess.PIPE, + text=True, + ).stdout.splitlines() + lines = [l.split("::", 1)[1].split(",")[0].lower() for l in lines if l.startswith("src/protocol.cpp- NetMsgType::")] + assert len(lines) + targets += [(p2p_msg_target, {"LIMIT_TO_MESSAGE_TYPE": m}) for m in lines] + return targets + + +def transform_rpc_target(targets, src_dir): + """Add a target per RPC command, and also keep ("rpc", {}) to allow for cross-pollination, + or unlimited search""" - Run {targets} without input, and outputs the generated corpus to - {corpus_dir}. - """ - logging.info("Generating corpus to {}".format(corpus_dir)) rpc_target = "rpc" - has_rpc = rpc_target in targets - if has_rpc: - targets.remove(rpc_target) - targets = [(t, {}) for t in targets] - if has_rpc: + if (rpc_target, {}) in targets: lines = subprocess.run( - ["git", "grep", "--function-context", "RPC_COMMANDS_SAFE_FOR_FUZZING{", os.path.join(src_dir, "src", "test", "fuzz", "rpc.cpp")], + ["git", "grep", "--function-context", "RPC_COMMANDS_SAFE_FOR_FUZZING{", src_dir / "src" / "test" / "fuzz" / "rpc.cpp"], check=True, stdout=subprocess.PIPE, text=True, ).stdout.splitlines() lines = [l.split("\"", 1)[1].split("\"")[0] for l in lines if l.startswith("src/test/fuzz/rpc.cpp- \"")] + assert len(lines) targets += [(rpc_target, {"LIMIT_TO_RPC_COMMAND": r}) for r in lines] + return targets + + +def generate_corpus(*, fuzz_pool, src_dir, build_dir, corpus_dir, targets): + """Generates new corpus. + + Run {targets} without input, and outputs the generated corpus to + {corpus_dir}. + """ + logging.info("Generating corpus to {}".format(corpus_dir)) + targets = [(t, {}) for t in targets] # expand to add dictionary for target-specific env variables + targets = transform_process_message_target(targets, Path(src_dir)) + targets = transform_rpc_target(targets, Path(src_dir)) def job(command, t, t_env): logging.debug(f"Running '{command}'") |