diff options
| author | Pieter Wuille <pieter@wuille.net> | 2024-09-11 11:48:38 -0400 |
|---|---|---|
| committer | Pieter Wuille <pieter@wuille.net> | 2024-09-11 12:51:34 -0400 |
| commit | f15e817811e328423ea489870ead089128a6ef8c (patch) | |
| tree | 2370095efac2d04fbd2eddc23d0f0d922bd82324 /doc | |
| parent | 0725a374941355349bb4bc8a79dad1affb27d3b9 (diff) | |
build: add more CMake presets (dev-mode, libfuzzer, libfuzzer-nosan)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/fuzzing.md | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/doc/fuzzing.md b/doc/fuzzing.md index 50b99c9473..f3647c0840 100644 --- a/doc/fuzzing.md +++ b/doc/fuzzing.md @@ -7,11 +7,7 @@ To quickly get started fuzzing Bitcoin Core using [libFuzzer](https://llvm.org/d ```sh $ git clone https://github.com/bitcoin/bitcoin $ cd bitcoin/ -$ cmake -B build_fuzz \ - -DCMAKE_C_COMPILER="clang" \ - -DCMAKE_CXX_COMPILER="clang++" \ - -DBUILD_FOR_FUZZING=ON \ - -DSANITIZERS=undefined,address,fuzzer +$ cmake --preset=libfuzzer # macOS users: If you have problem with this step then make sure to read "macOS hints for # libFuzzer" on https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md#macos-hints-for-libfuzzer $ cmake --build build_fuzz @@ -19,6 +15,9 @@ $ FUZZ=process_message build_fuzz/src/test/fuzz/fuzz # abort fuzzing using ctrl-c ``` +One can use `--prefix=libfuzzer-nosan` to do the same without common sanitizers enabled. +See [further](#run-without-sanitizers-for-increased-throughput) for more information. + There is also a runner script to execute all fuzz targets. Refer to `./test/fuzz/test_runner.py --help` for more details. @@ -107,8 +106,8 @@ INFO: seed corpus: files: 991 min: 1b max: 1858b total: 288291b rss: 150Mb Fuzzing on a harness compiled with `-DSANITIZERS=address,fuzzer,undefined` is good for finding bugs. However, the very slow execution even under libFuzzer will limit the ability to find new coverage. A good approach is to perform -occasional long runs without the additional bug-detectors (just -`-DSANITIZERS=fuzzer`) and then merge new inputs into a corpus as described in +occasional long runs without the additional bug-detectors +(`--preset=libfuzzer-nosan`) and then merge new inputs into a corpus as described in the qa-assets repo (https://github.com/bitcoin-core/qa-assets/blob/main/.github/PULL_REQUEST_TEMPLATE.md). Patience is useful; even with improved throughput, libFuzzer may need days and @@ -145,11 +144,9 @@ You may also need to take care of giving the correct path for `clang` and Full configuration step that was tested on macOS with `brew` installed `llvm`: ```sh -$ cmake -B build_fuzz \ +$ cmake --preset=libfuzzer \ -DCMAKE_C_COMPILER="$(brew --prefix llvm)/bin/clang" \ -DCMAKE_CXX_COMPILER="$(brew --prefix llvm)/bin/clang++" \ - -DBUILD_FOR_FUZZING=ON \ - -DSANITIZERS=undefined,address,fuzzer \ -DAPPEND_LDFLAGS=-Wl,-no_warn_duplicate_libraries ``` |