Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fuzz: include seed corpora in tree as regression tests #6106

Merged
merged 6 commits into from
Apr 9, 2023
Merged

fuzz: include seed corpora in tree as regression tests #6106

merged 6 commits into from
Apr 9, 2023

Conversation

morehouse
Copy link
Contributor

@morehouse morehouse commented Mar 20, 2023
edited by rustyrussell

This PR:

  • adds an initial seed corpus for each fuzz target under /tests/fuzz/corpora
  • adds a make check-fuzz target to do a regression test of each fuzz target on its seed corpus
  • updates documentation to encourage contributions to the seed corpora

This is a first step towards improving our fuzzing practices. See #6083.

Tested:

$ DEVELOPER=1 EXPERIMENTAL_FEATURES=1 ASAN=1 UBSAN=1 VALGRIND=0 CC=clang ./configure --disable-rust --enable-fuzzing
$ make check-fuzz

Note that some of the seeds currently cause failures. I've created #6096 and #6099 to fix those.

Changelog-None

@morehouse morehouse force-pushed the check_fuzz branch 2 times, most recently from 583924b to bf63b64 Compare March 20, 2023 18:10
@rustyrussell rustyrussell mentioned this pull request Mar 23, 2023
Merged
@morehouse
fuzz: add initial seed corpora
a90bb24 
These corpora were generated with default libFuzzer flags with 30+ hours
of CPU time, and then minimized with:
  ./fuzz-TARGET -merge=1 -shuffle=0 -prefer_small=1 -use_value_profile=1 corpora/fuzz-TARGET UNMINIMIZED_CORPUS
@morehouse
fuzz: improve corpus merging
bdbc1e7 
The following arguments were copied from Bitcoin Core's corpus merging
script https://github.com/bitcoin/bitcoin/blob/master/test/fuzz/test_runner.py:

-shuffle=0
-prefer_small=1
-use_value_profile=1
@morehouse
fuzz: add check-fuzz.sh
76c5e04 
The script runs each fuzz target on its seed corpus and prints any
failures.
@morehouse
make: add check-fuzz target
6480e4a 
The target builds and runs each fuzz target on its seed corpus.
@morehouse
doc: document "make check-fuzz"
d6ccf0b
@morehouse
doc: add section about improving fuzzing corpora
ed20f87 
We want to encourage contributions to the seed corpora that improve
coverage.
@morehouse
Copy link
Contributor Author

Updated with 30+ CPU-hours of fuzzing for each seed corpus, and improved corpus merging parameters copied from Bitcoin Core.

rustyrussell
rustyrussell approved these changes Apr 7, 2023
View reviewed changes
Copy link
Contributor

@rustyrussell rustyrussell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack ed20f87

@rustyrussell rustyrussell merged commit ca80dee into ElementsProject:master Apr 9, 2023
27 checks passed
@morehouse morehouse deleted the check_fuzz branch April 10, 2023 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rustyrussell rustyrussell rustyrussell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@morehouse @rustyrussell