I use macOS for by Bitcoin Core development. I've found fuzzing to be hard to run on mac. This repo contains a simple set of scripts so you don't have to constantly fiddle with docker.
Steps:
- Build the docker image:
./build-image.sh
- Export
$BITCOIN_REPO
and$QA_ASSETS_REPO
in your shell and point them to the bitcoin core repository and the qa-assets repository locally. - Run the docker container:
./run_container.sh
. You can now build and run in ubuntu. In that container, you'll find bitcoin core in/bitcoin
and qa-assets in/qa-assets
.
CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=address,fuzzer,undefined
FUZZ=<fuzz_test_name> src/test/fuzz/fuzz /qa-assets/fuzz_seed_corpus/<fuzz_test_name>
CC=clang CXX=clang++ ./configure CXXFLAGS="-O0 -g" CFLAGS="-O0 -g" --enable-fuzz --with-sanitizers=ad dress,fuzzer,undefined
FUZZ=<fuzz_test_name> lldb src/test/fuzz/fuzz
lldb> run /qa-assets/fuzz_seed_corpus/<fuzz_test_name>
You can set a breakpoint in lldb using br set -f <file> -l <line> -i <ignore_count>
You can see how often that breakpoint is hit using br l
NOTE: you only need to use the file name like p2p_transport_serialization.cpp
and NOT the fully qualified relative file name like src/text/fuzz/p2p_transport-serialization.cpp
Since ./run_container.sh
allocated 3 CPUs, make -j 3
seems to work well.