Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
faa64af960b64b522bb088e836c9d8cd6254c6c8 fuzz: Add CScriptNum::getint coverage (MarcoFalke)
Pull request description:
Add coverage for
* https://marcofalke.github.io/btc_cov/fuzz.coverage/src/script/script.h.gcov.html#311
* https://marcofalke.github.io/btc_cov/fuzz.coverage/src/script/script.h.gcov.html#511
ACKs for top commit:
practicalswift:
ACK faa64af960b64b522bb088e836c9d8cd6254c6c8 -- more fuzzing coverage is better than less fuzzing coverage :)
Tree-SHA512: 1a66a2edc3740e8c286049f6c27458c59c45b01052e51684eec0e1be63ffcee94b4ba3d41d88ad715ceb3e4754fd997cf03899085982454905e86d0553d58199
|
|
fa0189955ab0f458bac81f534cbd626e1b0ad2c1 fuzz: Extend descriptor fuzz test (MarcoFalke)
Pull request description:
ACKs for top commit:
practicalswift:
ACK fa0189955ab0f458bac81f534cbd626e1b0ad2c1
Tree-SHA512: 6d6a6417f06d90732bbf055ff54102530d6956f3082f1ff65598f790d588170768aee98e4835996876d28bca2a9c62f22fe122c3fc7eafd4b7660696f72f9835
|
|
fa86edf66d4d4ed04758333da45ed1b3b5892602 fuzz: Extend script fuzz test (MarcoFalke)
Pull request description:
ACKs for top commit:
practicalswift:
ACK fa86edf66d4d4ed04758333da45ed1b3b5892602
Tree-SHA512: 611adee9e673183e67f9711e49289fa59e410bb3ac1bb3fcbb7f1ed331bf0d288c7065e256a82eb41a30a4afe53544c836463cf58865d6e40b18795c8716e57c
|
|
acf269e1463c84d51f2eef695089cbf9d03b547f tests: Add proof-of-work fuzzing harness (practicalswift)
Pull request description:
Add proof-of-work fuzzing harness.
Top commit has no ACKs.
Tree-SHA512: dcdfa211cf1ec3018b61f378bb0f95793bbbe5d00e2f4d17f9db2c7263fe8ce919760c56cae7122c62c82e05c90e7056eb1778871674bdb3c42869e5fe4c2b60
|
|
|
|
|
|
|
|
|
|
flatfile.h, merkleblock.h, random.h, serialize.h and span.h
11a520f6793e21e0a8a9301f5ec4c28a48131b85 tests: Add fuzzing harness for functions/classes in random.h (practicalswift)
64d277bbbcbd464b2a795bae011ee808298a42ca tests: Add fuzzing harness for LimitedString (serialize.h) (practicalswift)
f205cf7fef5618aaa96f016fda168eedfd9da437 tests: Add fuzzing harness for functions/classes in span.h (practicalswift)
9718f38f54357f15b8a27e060aed56f91015112d tests: Add fuzzing harness for functions/classes in merkleblock.h (practicalswift)
a16ea051f915eb4c975fe06f89470aa99d99d7e4 tests: Add fuzzing harness for functions/classes in flatfile.h (practicalswift)
Pull request description:
* Add fuzzing harness for functions/classes in `flatfile.h`
* Add fuzzing harness for functions/classes in `merkleblock.h`
* Add fuzzing harness for functions/classes in `span.h`
* Add fuzzing harness for `LimitedString` (`serialize.h`)
* Add fuzzing harness for functions/classes in `random.h`
Top commit has no ACKs.
Tree-SHA512: 6f7e0f946f1062d51216990cde9672b4e896335152548ace3d8711e4969c3e3c8566d01d915b72adcda5c1caa9c2e34da6b7473b55a229f5b77239d3b0ba4b67
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MultiplicationOverflow(...) fuzzing harness
|
|
signature checker
|
|
CFeeRate and various functions
44abf417eb1cd8598084eee1a429ca57c7d0579a tests: Add fuzzing harness for various functions taking std::string as input (practicalswift)
d69145acb76ff12b7c5c1e55ce89e14bc6453904 tests: Add fuzzing harness for MultiplicationOverflow(...) (practicalswift)
7726f3bc4671fbc23e5bc31d0eb9fe381e2f07ef tests: Add fuzzing harness for CFeeRate (practicalswift)
0579a276307d22ae62ecbcaa704e8477274e784d tests: Add fuzzing harness for CBlockHeader (practicalswift)
cb4eec13c03089617a94169b4e30381d87788b56 tests: Add fuzzing harness for count_seconds(...) (practicalswift)
Pull request description:
Add fuzzing harnesses for classes `CBlockHeader`, `CFeeRate` and various functions.
To test this PR:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/block_header
^c (ctrl-c)
$ src/test/fuzz/fee_rate
^c (ctrl-c)
$ src/test/fuzz/integer
^c (ctrl-c)
$ src/test/fuzz/multiplication_overflow
^c (ctrl-c)
$ src/test/fuzz/string
^c (ctrl-c)
```
ACKs for top commit:
MarcoFalke:
ACK 44abf417eb1cd8598084eee1a429ca57c7d0579a 🏉
Tree-SHA512: 2b382a7bc8efdcc6dd8b79f1637f194ecdca3e522c6618ae6c4b0bf6f86d2e79b1bb1c7160522083600616d1ed509b2f577f3a512ea3a7825a0a3794578d9d90
|
|
fa7fea3654203bf7e7bd504589dd564af7fc749d refactor: Remove mempool global from net (MarcoFalke)
Pull request description:
To increase modularisation and simplify testing, remove the mempool global from net in favour of a mempool member.
This is done in the same way it was done for the connection manager global.
ACKs for top commit:
jnewbery:
code review ACK fa7fea3654203bf7e7bd504589dd564af7fc749d
Tree-SHA512: 0e3e1eefa8d6e46367bc6991d5f36c636b15ae4a3bda99b6fe6715db3240771c3d87943c6eb257d69f31929fa2f1d0973e14fc9d1353a27551dbe746eae36857
|
|
|
|
|
|
|
|
|
|
|
|
This refactor does two things:
* Pass mempool in to PeerLogicValidation
* Pass m_mempool around where needed
|
|
|
|
(utxo_snapshot). Increase fuzzing coverage.
08eab0f599a7be7b9b0256bfe9e3a793fe7450db tests: Add fuzzing of CSubNet, CNetAddr and CService related functions (practicalswift)
7a861a62c164ab9b07d6fca09b6a8176e688f1f6 tests: Fuzz HasAllDesirableServiceFlags(...) and MayHaveUsefulAddressDB(...) (practicalswift)
47a263108b05c7039baba5618656898312a7a5ef tests: Fuzz DecodeBase64PSBT(...) (practicalswift)
d3d4892ef45d09edbbe4672b112100743970b2a5 tests: Simplify code by removing unwarranted use of unique_ptr:s (practicalswift)
e57e67057ae76db73f52ddd5480a4ea5b4bf1636 tests: Fuzz DecodeHexBlk(...) (practicalswift)
117a706faba586f2095f97cf630b709b3e29a947 tests: Fuzz RecursiveDynamicUsage(const std::shared_ptr<X>& p) (practicalswift)
81b58a3161c5d558dadd2b7093e4fc9687844cd9 tests: Fuzz operator!= of CService (practicalswift)
c2c58f6f59d38e3d60fe0a8fa45b2a45deee84cc tests: Increase fuzzing coverage of DecompressScript(...) (practicalswift)
9f8d74a8c78457ed49c7ff81bae909c8e003670b tests: Fuzz currently uncovered code path in TxToUniv(...) (practicalswift)
46ef4cfe5f416cb34e889646df3ee241b1d5ae5a tests: Re-arrange test cases in parse_univalue to increase coverage (practicalswift)
516cc6fc7842c13a1d54c6ea2b9e3d335a872125 tests: Remove unit test from fuzzing harness (practicalswift)
7b169cae207ad1301c4edf7d623407d1f377169d tests: Add deserialization fuzzing of SnapshotMetadata (utxo_snapshot), uint160 and uint256 (practicalswift)
Pull request description:
Add deserialization fuzzing of `SnapshotMetadata` (`utxo_snapshot`).
Increase fuzzing coverage.
ACKs for top commit:
MarcoFalke:
ACK 08eab0f599 🗾
Tree-SHA512: 5dca2316d64b9eb1da9bbbb3831de285b1524cbe815e3dba0f9c4eac7f39b403eb26ee0bdd3d9409a1838e7226d783946ec0d251e514a99f68267a95ac56d416
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
high-level fuzzing of the P2P layer.
9220a0fdd0f3dc2c8dd7cbeefac7d11106451b51 tests: Add one specialized ProcessMessage(...) fuzzing binary per message type for optimal results when using coverage-guided fuzzing (practicalswift)
fd1dae10b4a549ba9292d837235d59bd9eebbed3 tests: Add fuzzing harness for ProcessMessage(...) (practicalswift)
Pull request description:
Add fuzzing harness for `ProcessMessage(...)`. Enables high-level fuzzing of the P2P layer.
All code paths reachable from this fuzzer can be assumed to be reachable for an untrusted peer.
Seeded from thin air (an empty corpus) this fuzzer reaches roughly 20 000 lines of code.
To test this PR:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/process_message
…
```
Worth noting about this fuzzing harness:
* To achieve a reasonable number of executions per seconds the state of the fuzzer is unfortunately not entirely reset between `test_one_input` calls. The set-up (`FuzzingSetup` ctor) and tear-down (`~FuzzingSetup`) work is simply too costly to be run on every iteration. There is a trade-off to handle here between a.) achieving high executions/second and b.) giving the fuzzer a totally blank slate for each call. Please let me know if you have any suggestion on how to improve this situation while maintaining >1000 executions/second.
* To achieve optimal results when using coverage-guided fuzzing I've chosen to create one specialised fuzzing binary per message type (`process_message_addr`, `process_message_block`, `process_message_blocktxn `, etc.) and one general fuzzing binary (`process_message`) which handles all messages types. The latter general fuzzer can be seeded with inputs generated by the former specialised fuzzers.
Happy fuzzing friends!
ACKs for top commit:
MarcoFalke:
ACK 9220a0fdd0 🏊
Tree-SHA512: c314ef12b0db17b53cbf3abfb9ecc10ce420fb45b17c1db0b34cabe7c30e453947b3ae462020b0c9f30e2c67a7ef1df68826238687dc2479cd816f0addb530e5
|
|
|