Age | Commit message (Collapse) | Author |
|
The `BITCOINFUZZ` environment variable allows to override the default
path to the fuzz binary.
It complements the already existing set of variables used by tests:
- BITCOIND
- BITCOINCLI
- BITCOINUTIL
- BITCOINWALLET
|
|
|
|
|
|
This is set by merge, so set it here as well, to avoid OOM.
|
|
|
|
fab97d81ce3740509dbbe9270ca67a1b65b00c72 fuzz: Print coverage summary after run_once (MarcoFalke)
Pull request description:
This can be used to quickly check the coverage effects of a code change or qa-assets change.
ACKs for top commit:
dergoegge:
ACK fab97d81ce3740509dbbe9270ca67a1b65b00c72
Tree-SHA512: 0ac913c14698f39e76e0e7bf124f182220031796d6443edb34c6e4615e128157cf746da661b216c4640a41964e977249712445ca9c005b1b4a3737adabdb4a7d
|
|
|
|
|
|
|
|
It's not completely clear to me why this needs to be explicitly
specified in some environments, and not in others, while at the same time
that `llvm-symbolizer` is already in PATH, but this has fixed the 2 issues
outlined in #28147.
Use `LLVM_SYMBOLIZER_PATH` as the env var, as that is somewhat also used
inside LLVM, but not consistently, i.e it's checked for in the asan_symbolize
script, but not in in the ubsan_symbolize script, or from in compiler-rt.
|
|
|
|
|
|
|
|
|
|
|
|
Also, add an "rpc" target without LIMIT_TO_RPC_COMMAND set.
|
|
fa1e27fe8ec42764d0250c82a83d774c15798c4a fuzz: Generate rpc fuzz targets individually (MarcoFalke)
Pull request description:
The `rpc` fuzz target was added more than two years ago in e45863166f5e44cc2c380f4667812fcd3cddc73b. However, the bug https://github.com/bitcoin/bitcoin/issues/27913 was only found recently. Thus, it is pretty clear that fuzz engines can't deal with a search space that is too broad and can be extended in too many directions.
Fix that by limiting the search space to each RPC method name and then iterate over all names, instead of letting the fuzz engine do the iteration.
With this, the bug can be found in seconds, as opposed to years of CPU time (or never).
ACKs for top commit:
brunoerg:
ACK fa1e27fe8ec42764d0250c82a83d774c15798c4a
dergoegge:
ACK fa1e27fe8ec42764d0250c82a83d774c15798c4a
Tree-SHA512: 45ccba842367650d010320603153276b1b303deda9ba8c6bb31a4d2473b00aa5bca866db95f541485d65efd8276e2575026968c037872ef344fa33cf45bcdcd7
|
|
|
|
Also, fix a few bugs:
* Error: RPC command "enumeratesigners" not found in RPC_COMMANDS_SAFE_FOR_FUZZING or RPC_COMMANDS_NOT_SAFE_FOR_FUZZING. Please update test/fuzz/rpc.cpp.
* in run_once: ...format(" ".join(result.args), ... TypeError: sequence item 2: expected str instance, PosixPath found
|
|
|
|
-BEGIN VERIFY SCRIPT-
sed -i 's/universal_newlines/text/g' $(git grep -l universal_newlines)
-END VERIFY SCRIPT-
|
|
The previous diff touched most files in ./test/, so bump the headers to
avoid having to touch them again for a bump later.
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./test/
-END VERIFY SCRIPT-
|
|
|
|
fabeb5b9c7f678ab3bc24c1860f8514ac52bb56f fuzz: Disable shuffle when merge=1 (MarcoFalke)
Pull request description:
This should hopefully help make the deletion of fuzz inputs more deterministic.
My tests (N=1) revealed that without this patch 7000 files differ (https://github.com/bitcoin-core/qa-assets/pull/44#issuecomment-768841467). With this patch, "only" 2000 files differ.
ACKs for top commit:
practicalswift:
cr ACK fabeb5b9c7f678ab3bc24c1860f8514ac52bb56f: `-shuffle=0` and `-prefer_small=1` make sense
Tree-SHA512: 21a701f52450d402a91dd6e0b33d564c63a9c3b919738eb9a80c24d48fc5b964088e325470738f39af0d595612c844acc7bf0941590cc2dc8c6f6ee4cb69c861
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
|
|
|
|
|
|
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
|
|
|
|
|
|
fa3fa27c45618bcd8e325b27728b5f6c175d1a03 fuzz: Remove option --export_coverage from test_runner (MarcoFalke)
aaaa055ff72a33241a3fdc2308d77bcbf51c262d fuzz: Add option to merge input dir to test runner (MarcoFalke)
fa4fa88d7648bfeb75fac941cdff79dcc38affbf doc: Remove --disable-ccache from docs (MarcoFalke)
Pull request description:
This is mainly useful for myself to merge pull requests like https://github.com/bitcoin-core/qa-assets/pull/4
I thought it wouldn't hurt to share the code.
Also remove the `--disable-ccache` from the docs to speed up builds when developing fuzzers.
Top commit has no ACKs.
Tree-SHA512: 818d85a90db86a7f4e8b001cc88342e5b28b02029d2bd4174440b28a8c4cc29b5406bd6348f72ddf909bb3d0f9bf7b1011976f6480e4418c8b7da5ecccae93e8
|
|
The coverage statistics are not stable across clang versions
|
|
|
|
functions (netaddress.h)
|
|
|
|
harnesses
|
|
|
|
|
|
f4691b6c217ab843e6e66fa0ad34d83137499a89 tests: Add fuzzing harness for CKey related functions (practicalswift)
Pull request description:
Add fuzzing harness for `CKey` and key related functions.
**How to test this PR**
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/key
…
#4096 pulse cov: 5736 ft: 6960 corp: 27/833b lim: 67 exec/s: 2048 rss: 122Mb
#8192 pulse cov: 5736 ft: 6960 corp: 27/833b lim: 103 exec/s: 2048 rss: 143Mb
#13067 NEW cov: 5736 ft: 6965 corp: 28/865b lim: 154 exec/s: 2177 rss: 166Mb L: 32/32 MS: 1 ChangeBit-
#16384 pulse cov: 5736 ft: 6965 corp: 28/865b lim: 182 exec/s: 2048 rss: 181Mb
#32768 pulse cov: 5736 ft: 6965 corp: 28/865b lim: 347 exec/s: 2184 rss: 258Mb
…
```
Top commit has no ACKs.
Tree-SHA512: 5b17ffb70c31966d3eac06d2258c127ae671d28d6cdf4e6ac20b45cd59ad32f80952c9c749930b97d317c72d5f840a3b75d466fd28fb6c351424a72c3e41bcbc
|
|
|
|
of floating-points and integrals
9ff41f64198e8ddb969544fc1a5328763f1fa183 tests: Add float to FUZZERS_MISSING_CORPORA (temporarily) (practicalswift)
8f6fb0a85ae6399c8fb4f205ad35c319c42294f1 tests: Add serialization/deserialization fuzzing for integral types (practicalswift)
3c82b92d2e01e409cc46261bffcf3643102f0b94 tests: Add fuzzing harness for functions taking floating-point types as input (practicalswift)
c2bd5888607d283a229c9361747a93c83dfea0de Add missing includes (practicalswift)
Pull request description:
Add simple fuzzing harness for functions with floating-point parameters (such as `ser_double_to_uint64(double)`, etc.).
Add serialization/deserialization fuzzing for integral types.
Add missing includes.
To test this PR:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/float
…
```
Top commit has no ACKs.
Tree-SHA512: 9b5a0c4838ad18d715c7398e557d2a6d0fcc03aa842f76d7a8ed716170a28f17f249eaede4256998aa3417afe2935e0ffdfaa883727d71ae2d2d18a41ced24b5
|
|
|
|
|
|
transport)
2f63ffd15caeb79867e56c8cedbe2c702952db9e tests: Add fuzzing harness for V1TransportDeserializer (P2P transport) (practicalswift)
Pull request description:
Add fuzzing harness for `V1TransportDeserializer` (P2P transport).
**Testing this PR**
Run:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/p2p_transport_deserializer
…
```
ACKs for top commit:
MarcoFalke:
ACK 2f63ffd15caeb79867e56c8cedbe2c702952db9e
Tree-SHA512: 8507d4a0414d16f1b8cc9649e3e638f74071dddc990d7e5d7e6faf77697f50bdaf133e49e2371edd29068a069a074469ef53148c6bfc9950510460b81d87646a
|
|
|