Skip to content

fuzz: execute each file in dir without fuzz engine #22763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

fuzz: execute each file in dir without fuzz engine #22763

wants to merge 2 commits into from

Conversation

prakash1512
Copy link
Contributor

Rebased PR #21496

Fixes #21461

This supports whole directory runs of the fuzzing seeds without needing a fuzzing library.

Reviewers are also requested look at the issue #76 in bitcoin-core/qa-assets.

Testing instructions:
To build without libFuzzer, exclude the sanitizers.

CC=clang CXX=clang++ ./configure BDB_LIBS="-L${BDB_PREFIX}/lib -ldb_cxx-4.8" BDB_CFLAGS="-I${BDB_PREFIX}/include" --without-gui --with-zmq --enable-fuzz

Tests:

# clean and build
make clean
make -j "$(($(nproc)+1))"

# get qa-assets if you don't have already
git clone https://github.com/bitcoin-core/qa-assets

# existing way to feed 1 at a time, still supported
FUZZ=process_message src/test/fuzz/fuzz < qa-assets/fuzz_seed_corpus/process_message/1258dd51f2a5f3221b33a306279ef7290c5fca6d

# new with this PR: one at a time
FUZZ=process_message src/test/fuzz/fuzz qa-assets/fuzz_seed_corpus/process_message/1258dd51f2a5f3221b33a306279ef7290c5fca6d

# or multiple files at the same time
FUZZ=process_message src/test/fuzz/fuzz qa-assets/fuzz_seed_corpus/process_message/1258dd51f2a5f3221b33a306279ef7290c5fca6d qa-assets/fuzz_seed_corpus/process_message/322a92239d967fba9ef3035aca3cb3090da344b2 qa-assets/fuzz_seed_corpus/process_message/32c460293ac230ebe269a92c7941518d8b76c95a

# new with this PR: whole directory at a time
FUZZ=process_message src/test/fuzz/fuzz qa-assets/fuzz_seed_corpus/process_message

# or mix of files and directories at the same time
FUZZ=process_message src/test/fuzz/fuzz qa-assets/fuzz_seed_corpus/process_message/1258dd51f2a5f3221b33a306279ef7290c5fca6d qa-assets/fuzz_seed_corpus/process_message/322a92239d967fba9ef3035aca3cb3090da344b2 qa-assets/fuzz_seed_corpus/process_message/32c460293ac230ebe269a92c7941518d8b76c95a qa-assets/fuzz_seed_corpus/process_message/

# new with this PR: wildcard support
FUZZ=process_messages src/test/fuzz/fuzz qa-assets/fuzz_seed_corpus/process_messages/* 

# new with this PR: run all seeds in all targets, one target/directory at a time 
for D in qa-assets/fuzz_seed_corpus/*; do [ -d "${D}" ] && echo "${D##*/}" && FUZZ="${D##*/}" src/test/fuzz/fuzz qa-assets/fuzz_seed_corpus/"${D##*/}"; done

@DrahtBot DrahtBot added the Tests label Aug 21, 2021
ajtowns
ajtowns reviewed Oct 15, 2021
View reviewed changes
Copy link
Contributor

@ajtowns ajtowns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the two commits here should be squashed together? Otherwise a clearer explanation of what they're both doing in the commit message is needed.

Concept ACK, and have tested the patch works reasonably against current master.

src/test/fuzz/fuzz.cpp
buffer.clear();
}
}
std::cout << "tested " << tested << " files\n";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this message would be much better if it included the name of the fuzzer doing the testing. (Need to copy it into a global from initialize to make that happen)

Reporting the time taken might also be good?

@DrahtBot
Copy link
Contributor

DrahtBot commented Feb 3, 2022

🐙 This pull request conflicts with the target branch and needs rebase.

Want to unsubscribe from rebase notifications on this pull request? Just convert this pull request to a "draft".

@bitcoin bitcoin deleted a comment from nosakhare1717 Feb 4, 2022
@ajtowns ajtowns mentioned this pull request Mar 4, 2022
Merged
@maflcko
Copy link
Member

maflcko commented Mar 4, 2022

##24472

@maflcko maflcko closed this Mar 4, 2022
maflcko pushed a commit to maflcko/bitcoin-core that referenced this pull request Mar 17, 2022
Merge bitcoin#24472: fuzz: execute each file in dir without fuzz engine
bf2c0fb 
f59bee3 fuzz: execute each file in dir without fuzz engine (Anthony Towns)

Pull request description:

  Phony fuzzing (phuzzing)! Run the fuzz testing code against known inputs to detect errors. Advantage is you can easily test using the existing qa-assets datasets without having to compile with fuzzing enabled; disadvantage is that it doesn't do any actual fuzzing.

  Example usage:

  ```
  $ for a in ${QA_ASSETS}/fuzz_seed_corpus/*; do echo ${a##*/}; done | xargs -P8 -I {} /bin/sh -c "FUZZ={} test/fuzz/fuzz ${QA_ASSETS}/fuzz_seed_corpus/{}"
  No fuzzer for address_deserialize.
  No fuzzer for addrdb.
  No fuzzer for banentry_deserialize.
  addition_overflow: succeeded against 848 files in 0s.
  asmap: succeeded against 981 files in 0s.
  checkqueue: succeeded against 211 files in 0s.
  ...
  ```

  (`-P8` says run 8 of the tasks in parallel)

  If there are failures, the first one will be reported and the program will abort with output like:

  ```
  fuzz: test/fuzz/versionbits.cpp:336: void (anonymous namespace)::versionbits_fuzz_target(FuzzBufferType): Assertion `exp_state != ThresholdState::FAILED' failed.
  Error processing seed "corpus/versionbits/35345ae8e722234095810b1117a29b63af7621af"
  ```

  Rebase of bitcoin#22763, which was a rebase of bitcoin#21496, but also reports the name of the fuzzer and the time taken.

  Fixes bitcoin#21461

Top commit has no ACKs.

Tree-SHA512: d8d046d4a309652eb13de42116276bf992480bc887ad3535a8ff18b354cb24826bc562b06af63802ec945c637f046563b6a5601d6321b46a5543127daafea09b
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Mar 18, 2022
Merge bitcoin#24472: fuzz: execute each file in dir without fuzz engine
16b7f5f 
f59bee3 fuzz: execute each file in dir without fuzz engine (Anthony Towns)

Pull request description:

  Phony fuzzing (phuzzing)! Run the fuzz testing code against known inputs to detect errors. Advantage is you can easily test using the existing qa-assets datasets without having to compile with fuzzing enabled; disadvantage is that it doesn't do any actual fuzzing.

  Example usage:

  ```
  $ for a in ${QA_ASSETS}/fuzz_seed_corpus/*; do echo ${a##*/}; done | xargs -P8 -I {} /bin/sh -c "FUZZ={} test/fuzz/fuzz ${QA_ASSETS}/fuzz_seed_corpus/{}"
  No fuzzer for address_deserialize.
  No fuzzer for addrdb.
  No fuzzer for banentry_deserialize.
  addition_overflow: succeeded against 848 files in 0s.
  asmap: succeeded against 981 files in 0s.
  checkqueue: succeeded against 211 files in 0s.
  ...
  ```

  (`-P8` says run 8 of the tasks in parallel)

  If there are failures, the first one will be reported and the program will abort with output like:

  ```
  fuzz: test/fuzz/versionbits.cpp:336: void (anonymous namespace)::versionbits_fuzz_target(FuzzBufferType): Assertion `exp_state != ThresholdState::FAILED' failed.
  Error processing seed "corpus/versionbits/35345ae8e722234095810b1117a29b63af7621af"
  ```

  Rebase of bitcoin#22763, which was a rebase of bitcoin#21496, but also reports the name of the fuzzer and the time taken.

  Fixes bitcoin#21461

Top commit has no ACKs.

Tree-SHA512: d8d046d4a309652eb13de42116276bf992480bc887ad3535a8ff18b354cb24826bc562b06af63802ec945c637f046563b6a5601d6321b46a5543127daafea09b
@bitcoin bitcoin locked and limited conversation to collaborators Mar 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
2 more reviewers

@ajtowns ajtowns ajtowns left review comments

@nosakhare1717 nosakhare1717 nosakhare1717 approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
Needs rebase Tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fuzz: Make it possible to execute each file in a directory without fuzz engine
5 participants
@prakash1512 @DrahtBot @maflcko @ajtowns @nosakhare1717