aboutsummaryrefslogtreecommitdiff
path: root/test/fuzz
AgeCommit message (Collapse)Author
2024-04-06fuzz: Introduce `BITCOINFUZZ` environment variableHennadii Stepanov
The `BITCOINFUZZ` environment variable allows to override the default path to the fuzz binary. It complements the already existing set of variables used by tests: - BITCOIND - BITCOINCLI - BITCOINUTIL - BITCOINWALLET
2024-04-06fuzz, refactor: Deduplicate fuzz binary path creationHennadii Stepanov
2024-03-07[fuzz] Apply fuzz env (suppressions, etc.) when fetching harness listdergoegge
2024-02-05fuzz: Set -rss_limit_mb=8000 for generate as wellMarcoFalke
This is set by merge, so set it here as well, to avoid OOM.
2024-02-05fuzz: Generate with random libFuzzer settingsMarcoFalke
2024-01-29Merge bitcoin/bitcoin#29329: fuzz: Print coverage summary after run_oncefanquake
fab97d81ce3740509dbbe9270ca67a1b65b00c72 fuzz: Print coverage summary after run_once (MarcoFalke) Pull request description: This can be used to quickly check the coverage effects of a code change or qa-assets change. ACKs for top commit: dergoegge: ACK fab97d81ce3740509dbbe9270ca67a1b65b00c72 Tree-SHA512: 0ac913c14698f39e76e0e7bf124f182220031796d6443edb34c6e4615e128157cf746da661b216c4640a41964e977249712445ca9c005b1b4a3737adabdb4a7d
2024-01-29fuzz: Print coverage summary after run_onceMarcoFalke
2024-01-26fuzz: also set MSAN_SYMBOLIZER_PATHfanquake
2024-01-24fuzz: Exit and log stderr for parse_test_list errorsdergoegge
2023-11-07fuzz: explicitly specify llvm-symbolizer path in runnerfanquake
It's not completely clear to me why this needs to be explicitly specified in some environments, and not in others, while at the same time that `llvm-symbolizer` is already in PATH, but this has fixed the 2 issues outlined in #28147. Use `LLVM_SYMBOLIZER_PATH` as the env var, as that is somewhat also used inside LLVM, but not consistently, i.e it's checked for in the asan_symbolize script, but not in in the ubsan_symbolize script, or from in compiler-rt.
2023-10-20fuzz: Increase merge -rss_limit_mbMarcoFalke
2023-10-16fuzz: Allow multiple --m_dir argsMarcoFalke
2023-10-13fuzz: Merge with -set_cover_merge=1MarcoFalke
2023-10-12test: Fuzz merge with -use_value_profile=0 for nowMarcoFalke
2023-07-22fuzz: Re-enable symbolize=1 in ASAN_OPTIONSMarcoFalke
2023-07-12fuzz: Generate process_message targets individuallyMarcoFalke
Also, add an "rpc" target without LIMIT_TO_RPC_COMMAND set.
2023-07-07Merge bitcoin/bitcoin#28015: fuzz: Generate rpc fuzz targets individuallyfanquake
fa1e27fe8ec42764d0250c82a83d774c15798c4a fuzz: Generate rpc fuzz targets individually (MarcoFalke) Pull request description: The `rpc` fuzz target was added more than two years ago in e45863166f5e44cc2c380f4667812fcd3cddc73b. However, the bug https://github.com/bitcoin/bitcoin/issues/27913 was only found recently. Thus, it is pretty clear that fuzz engines can't deal with a search space that is too broad and can be extended in too many directions. Fix that by limiting the search space to each RPC method name and then iterate over all names, instead of letting the fuzz engine do the iteration. With this, the bug can be found in seconds, as opposed to years of CPU time (or never). ACKs for top commit: brunoerg: ACK fa1e27fe8ec42764d0250c82a83d774c15798c4a dergoegge: ACK fa1e27fe8ec42764d0250c82a83d774c15798c4a Tree-SHA512: 45ccba842367650d010320603153276b1b303deda9ba8c6bb31a4d2473b00aa5bca866db95f541485d65efd8276e2575026968c037872ef344fa33cf45bcdcd7
2023-06-28fuzz: Generate rpc fuzz targets individuallyMarcoFalke
2023-06-22test: Run fuzz tests on macOSMarcoFalke
Also, fix a few bugs: * Error: RPC command "enumeratesigners" not found in RPC_COMMANDS_SAFE_FOR_FUZZING or RPC_COMMANDS_NOT_SAFE_FOR_FUZZING. Please update test/fuzz/rpc.cpp. * in run_once: ...format(" ".join(result.args), ... TypeError: sequence item 2: expected str instance, PosixPath found
2023-06-20ci: Run fuzz target even if input folder is emptyMarcoFalke
2023-01-18scripted-diff: Use new python 3.7 keywordsMarcoFalke
-BEGIN VERIFY SCRIPT- sed -i 's/universal_newlines/text/g' $(git grep -l universal_newlines) -END VERIFY SCRIPT-
2021-11-10scripted-diff: Bump copyright headersMarcoFalke
The previous diff touched most files in ./test/, so bump the headers to avoid having to touch them again for a bump later. -BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./test/ -END VERIFY SCRIPT-
2021-03-08doc: Rename fuzz seed_dir to corpus_dirMarcoFalke
2021-02-11Merge #21023: fuzz: Disable shuffle when merge=1MarcoFalke
fabeb5b9c7f678ab3bc24c1860f8514ac52bb56f fuzz: Disable shuffle when merge=1 (MarcoFalke) Pull request description: This should hopefully help make the deletion of fuzz inputs more deterministic. My tests (N=1) revealed that without this patch 7000 files differ (https://github.com/bitcoin-core/qa-assets/pull/44#issuecomment-768841467). With this patch, "only" 2000 files differ. ACKs for top commit: practicalswift: cr ACK fabeb5b9c7f678ab3bc24c1860f8514ac52bb56f: `-shuffle=0` and `-prefer_small=1` make sense Tree-SHA512: 21a701f52450d402a91dd6e0b33d564c63a9c3b919738eb9a80c24d48fc5b964088e325470738f39af0d595612c844acc7bf0941590cc2dc8c6f6ee4cb69c861
2021-01-28fuzz: Disable shuffle when merge=1MarcoFalke
2021-01-26ci: Fuzz with integer sanitizerMarcoFalke
2021-01-21test: Work around libFuzzer deadlockMarcoFalke
2020-12-24doc: [test] Remove outdated comment in fuzz runnerMarcoFalke
2020-12-10fuzz: Link all targets onceMarcoFalke
2020-08-23test/fuzz: add a seed corpus generation option to the test_runnerAntoine Poinsot
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-05-10fuzz: Pass down MAKEJOBS to test_runnerMarcoFalke
2020-04-17fuzz: Run in parallelMarcoFalke
2020-04-16scripted-diff: Bump copyright headersMarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2020-04-09test: Set -use_value_profile=1 when merging fuzz inputsMarcoFalke
2020-04-03fuzz: Avoid running over all inputs after merging themMarcoFalke
2020-03-18Merge #18300: fuzz: Add option to merge input dir to test runnerMarcoFalke
fa3fa27c45618bcd8e325b27728b5f6c175d1a03 fuzz: Remove option --export_coverage from test_runner (MarcoFalke) aaaa055ff72a33241a3fdc2308d77bcbf51c262d fuzz: Add option to merge input dir to test runner (MarcoFalke) fa4fa88d7648bfeb75fac941cdff79dcc38affbf doc: Remove --disable-ccache from docs (MarcoFalke) Pull request description: This is mainly useful for myself to merge pull requests like https://github.com/bitcoin-core/qa-assets/pull/4 I thought it wouldn't hurt to share the code. Also remove the `--disable-ccache` from the docs to speed up builds when developing fuzzers. Top commit has no ACKs. Tree-SHA512: 818d85a90db86a7f4e8b001cc88342e5b28b02029d2bd4174440b28a8c4cc29b5406bd6348f72ddf909bb3d0f9bf7b1011976f6480e4418c8b7da5ecccae93e8
2020-03-10fuzz: Remove option --export_coverage from test_runnerMarcoFalke
The coverage statistics are not stable across clang versions
2020-03-09tests: Remove FUZZERS_MISSING_CORPORApracticalswift
2020-03-09tests: Add basic fuzzing harness for CNetAddr/CService/CSubNet related ↵practicalswift
functions (netaddress.h)
2020-03-09fuzz: Add option to merge input dir to test runnerMarcoFalke
2020-03-09tests: Reset FUZZERS_MISSING_CORPORA to enable regression fuzzing for more ↵practicalswift
harnesses
2020-03-07tests: Add key_io fuzzing harnesspracticalswift
2020-03-06build: Add locale fuzzer to FUZZERS_MISSING_CORPORApracticalswift
2020-03-05Merge #17972: tests: Add fuzzing harness for CKey and key related functionsMarcoFalke
f4691b6c217ab843e6e66fa0ad34d83137499a89 tests: Add fuzzing harness for CKey related functions (practicalswift) Pull request description: Add fuzzing harness for `CKey` and key related functions. **How to test this PR** ``` $ make distclean $ ./autogen.sh $ CC=clang CXX=clang++ ./configure --enable-fuzz \ --with-sanitizers=address,fuzzer,undefined $ make $ src/test/fuzz/key … #4096 pulse cov: 5736 ft: 6960 corp: 27/833b lim: 67 exec/s: 2048 rss: 122Mb #8192 pulse cov: 5736 ft: 6960 corp: 27/833b lim: 103 exec/s: 2048 rss: 143Mb #13067 NEW cov: 5736 ft: 6965 corp: 28/865b lim: 154 exec/s: 2177 rss: 166Mb L: 32/32 MS: 1 ChangeBit- #16384 pulse cov: 5736 ft: 6965 corp: 28/865b lim: 182 exec/s: 2048 rss: 181Mb #32768 pulse cov: 5736 ft: 6965 corp: 28/865b lim: 347 exec/s: 2184 rss: 258Mb … ``` Top commit has no ACKs. Tree-SHA512: 5b17ffb70c31966d3eac06d2258c127ae671d28d6cdf4e6ac20b45cd59ad32f80952c9c749930b97d317c72d5f840a3b75d466fd28fb6c351424a72c3e41bcbc
2020-03-05tests: Add fuzzing harness for CKey related functionspracticalswift
2020-03-05Merge #17996: tests: Add fuzzing harness for serialization/deserialization ↵MarcoFalke
of floating-points and integrals 9ff41f64198e8ddb969544fc1a5328763f1fa183 tests: Add float to FUZZERS_MISSING_CORPORA (temporarily) (practicalswift) 8f6fb0a85ae6399c8fb4f205ad35c319c42294f1 tests: Add serialization/deserialization fuzzing for integral types (practicalswift) 3c82b92d2e01e409cc46261bffcf3643102f0b94 tests: Add fuzzing harness for functions taking floating-point types as input (practicalswift) c2bd5888607d283a229c9361747a93c83dfea0de Add missing includes (practicalswift) Pull request description: Add simple fuzzing harness for functions with floating-point parameters (such as `ser_double_to_uint64(double)`, etc.). Add serialization/deserialization fuzzing for integral types. Add missing includes. To test this PR: ``` $ make distclean $ ./autogen.sh $ CC=clang CXX=clang++ ./configure --enable-fuzz \ --with-sanitizers=address,fuzzer,undefined $ make $ src/test/fuzz/float … ``` Top commit has no ACKs. Tree-SHA512: 9b5a0c4838ad18d715c7398e557d2a6d0fcc03aa842f76d7a8ed716170a28f17f249eaede4256998aa3417afe2935e0ffdfaa883727d71ae2d2d18a41ced24b5
2020-03-05tests: Add float to FUZZERS_MISSING_CORPORA (temporarily)practicalswift
2020-03-02test: Bump timeouts to accomodate really slow disksMarcoFalke
2020-02-28Merge #17771: tests: Add fuzzing harness for V1TransportDeserializer (P2P ↵MarcoFalke
transport) 2f63ffd15caeb79867e56c8cedbe2c702952db9e tests: Add fuzzing harness for V1TransportDeserializer (P2P transport) (practicalswift) Pull request description: Add fuzzing harness for `V1TransportDeserializer` (P2P transport). **Testing this PR** Run: ``` $ make distclean $ ./autogen.sh $ CC=clang CXX=clang++ ./configure --enable-fuzz \ --with-sanitizers=address,fuzzer,undefined $ make $ src/test/fuzz/p2p_transport_deserializer … ``` ACKs for top commit: MarcoFalke: ACK 2f63ffd15caeb79867e56c8cedbe2c702952db9e Tree-SHA512: 8507d4a0414d16f1b8cc9649e3e638f74071dddc990d7e5d7e6faf77697f50bdaf133e49e2371edd29068a069a074469ef53148c6bfc9950510460b81d87646a
2020-02-25tests: Add fuzzing harness for rolling bloom filter class CRollingBloomFilterpracticalswift