aboutsummaryrefslogtreecommitdiff
path: root/doc/fuzzing.md
AgeCommit message (Collapse)Author
2023-07-03docs: fixup honggfuzz patchfanquake
Closes #28019.
2023-02-08doc: use arch agnostic clang path in fuzzing doc (macOS)fanquake
2022-12-31doc: Correct linked Microsoft URLsSuriyaa Sundararuban
2022-01-11fuzz: parse the command line arguments in fuzz testsVasil Dimov
Retrieve the command line arguments from the fuzzer and save them for later retrieval by `BasicTestingSetup` so that we gain extra flexibility of passing any config options on the test command line, e.g.: ``` FUZZ=addrman ./src/test/fuzz/fuzz --checkaddrman=5 ``` A fuzz test should call `MakeNoLogFileContext<>()` in its initialize function in order to invoke the constructor of `BasicTestingSetup`, which sets `gArgs`.
2021-11-10Add a brief overview of fuzzing/Bitcoin Core fuzzingAlex Groce
- Google's repo - Our report - John's advice on fuzz-friendly development
2021-10-01Merge bitcoin/bitcoin#22585: fuzz: add guide to fuzzing with Eclipser v1.xW. J. van der Laan
6e1150ea3b82d1ab557d4b74aa652b8d974876aa fuzz: add guide to fuzzing with Eclipser v1.x (Alex Groce) Pull request description: MarcoFalke and practicalswift here's an Eclipser guide, reconstructed from their documentation and my docker history getting it up and running. It might be good if someone confirmed it actually works for them in a fresh ubuntu 20.04. ACKs for top commit: practicalswift: ACK 6e1150ea3b82d1ab557d4b74aa652b8d974876aa Tree-SHA512: ca855932fd7a2c1d1005d572ab5fabc26f42d779f9baf279783f08a43dd72ec60f57239135d30c2a82781e593626fec2c96bb19fb91e1b777cef2d83a54eba35
2021-09-02test: Update test README and lint scriptMarcoFalke
2021-08-06fuzz: add guide to fuzzing with Eclipser v1.xAlex Groce
2021-07-28Document faster throughput configurationAlex Groce
2021-05-25doc: describe in fuzzing.md how to reproduce a CI crashJon Atack
and add/improve a few headers
2021-05-14doc: Fix OSS-Fuzz linksMarcoFalke
2021-05-05doc: add OSS-Fuzz section to fuzzing.md docAdam Jonas
Co-authored-by: Russell Yanofsky <russ@yanofsky.org>
2021-03-09doc: Update fuzzing docs for afl-clang-ltoMarcoFalke
2021-02-17Merge #20380: doc: Add instructions on how to fuzz the P2P layer using ↵MarcoFalke
Honggfuzz NetDriver fd0be92cff6a4b5e343e6ddae7481868354b9869 doc: Add instructions on how to fuzz the P2P layer using Honggfuzz NetDriver (practicalswift) Pull request description: Add instructions on how to fuzz the P2P layer using [Honggfuzz NetDriver](http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html). Honggfuzz NetDriver allows for very easy fuzzing of TCP servers such as Bitcoin Core without having to write any custom fuzzing harness. The `bitcoind` server process is largely fuzzed without modification. This makes the fuzzing highly realistic: a bug reachable by the fuzzer is likely also remotely triggerable by an untrusted peer. Top commit has no ACKs. Tree-SHA512: 9e98cb30f00664c00c8ff9fd224ff9822bff3fd849652172df48dbaeade1dd1a5fc67ae53203f1966a1d4210671b35656009a2d8b84affccf3ddf1fd86124f6e
2020-12-10fuzz: Link all targets onceMarcoFalke
2020-11-12doc: Add instructions on how to fuzz the P2P layer using Honggfuzz NetDriverpracticalswift
2020-07-05doc: afl fuzzing comment about afl-gcc and afl-g++nsa
This commit includes a short comment in doc/fuzzing.md that gives guidance on compiling Bitcoin Core with AFL instrumentation using afl-gcc and afl-g++.
2020-06-05build: turn on --enable-c++17 by --enable-fuzzVasil Dimov
Fuzzing code uses C++17 specific code (e.g. std::optional), so it is not possible to compile with --enable-fuzz and without --enable-c++17. Thus, turn on --enable-c++17 whenever --enable-fuzz is used.
2020-05-11doc: add c++17-enable to fuzzing instructionsMartin Zumsande
2020-04-22doc: Document how to fuzz Bitcoin Core using honggfuzzpracticalswift
2020-03-18doc: Add fuzzing quickstart guides for libFuzzer and afl-fuzz. Simplify ↵practicalswift
instructions.
2020-03-09doc: Remove --disable-ccache from docsMarcoFalke
2020-01-29doc: Improve fuzzing docs for macOS usersFabian Jahr
2019-10-30docs: Add undefined to --with-sanitizers=fuzzer,addresspracticalswift
2019-07-08Update doc and CI configqmma
2019-02-13qa: Add test/fuzz/test_runner.pyMarcoFalke
2019-01-29test: Build fuzz targets into seperate executablesMarcoFalke
2019-01-16docs: Spelling error fix on fuzzing.mdbenthecarman
2019-01-05build: Allow to configure --with-sanitizers=fuzzerMarcoFalke
2017-05-19[test] Speed up fuzzing by ~200x when using afl-fuzzpracticalswift
Enable the `afl-clang-fast++` features deferred forkserver (`__AFL_INIT`) and persistent mode (`__AFL_LOOP(1000)`). Before this patch: ``` $ afl-fuzz -i input -o output -m512 -- src/test/test_bitcoin_fuzzy [*] Validating target binary... [!] WARNING: The target binary is pretty slow! See /usr/local/share/doc/afl/perf_tips.txt. [+] Here are some useful stats: Test case count : 1 favored, 0 variable, 1 total Bitmap range : 1072 to 1072 bits (average: 1072.00 bits) Exec timing : 20.4k to 20.4k us (average: 20.4k us) … exec speed : 57.58/sec (slow!) exec speed : 48.35/sec (slow!) exec speed : 53.78/sec (slow!) ``` After this patch: ``` $ afl-fuzz -i input -o output -m512 -- src/test/test_bitcoin_fuzzy [*] Validating target binary... [+] Persistent mode binary detected. [+] Deferred forkserver binary detected. [+] Here are some useful stats: Test case count : 1 favored, 0 variable, 1 total Bitmap range : 24 to 24 bits (average: 24.00 bits) Exec timing : 114 to 114 us (average: 114 us) … exec speed : 15.9k/sec exec speed : 13.1k/sec exec speed : 15.1k/sec ```
2016-12-15doc: Add bare-bones documentation for fuzzingWladimir J. van der Laan