tests: Add descriptor Parse(…) fuzzing harness #17018

1. 
   practicalswift commented at 8:21 am on October 2, 2019: contributor

   Add Parse(...) (descriptor) fuzzing harness.

   To test this PR:

   We can run test_fuzzing_harnesses.sh (#17000) during ten seconds to quickly verify that the newly added fuzz harness seem to hit relevant code regions, that the fuzzing throughput seems reasonable, etc.

   test_fuzzing_harnesses.sh descriptor 10 runs all fuzzers matching the regexp descriptor giving them ten seconds of runtime each.

    0$ CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=address,fuzzer,undefined
    1$ make
    2$ contrib/devtools/test_fuzzing_harnesses.sh descriptor 10
    3Testing fuzzer descriptor_parse during 10 second(s)
    4A subset of reached functions:
    5        NEW_FUNC[0/17]: 0x55ec8a240c90 in tinyformat::detail::formatImpl(std::ostream&, char const*, tinyformat::detail::FormatArg const*, int) src/./tinyformat.h:791
    6        NEW_FUNC[4/17]: 0x55ec8a2435f0 in tinyformat::detail::printFormatStringLiteral(std::ostream&, char const*) src/./tinyformat.h:564
    7        NEW_FUNC[5/17]: 0x55ec8a2439d0 in tinyformat::detail::streamStateFromFormat(std::ostream&, bool&, int&, char const*, tinyformat::detail::FormatArg const*, int&, int) src/./tinyformat.h:601
    8        NEW_FUNC[6/17]: 0x55ec8a24a3d0 in tinyformat::detail::FormatArg::format(std::ostream&, char const*, char const*, int) const src/./tinyformat.h:513
    9        NEW_FUNC[12/17]: 0x55ec8a29cd70 in void tinyformat::detail::FormatArg::formatImpl<long>(std::ostream&, char const*, char const*, int, void const*) src/./tinyformat.h:530
   10        NEW_FUNC[13/17]: 0x55ec8a29cf50 in void tinyformat::formatValue<long>(std::ostream&, char const*, char const*, int, long const&) src/./tinyformat.h:317
   11        NEW_FUNC[14/17]: 0x55ec8a2ea450 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > tinyformat::format<long>(char const*, long const&) src/./tinyformat.h:976
   12        NEW_FUNC[15/17]: 0x55ec8a346ac0 in void tinyformat::format<long>(std::ostream&, char const*, long const&) src/./tinyformat.h:968
   13        NEW_FUNC[16/17]: 0x55ec8a346d80 in tinyformat::detail::FormatListN<1>::FormatListN<long>(long const&) src/./tinyformat.h:885
   14        NEW_FUNC[0/16]: 0x55ec8a210c90 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > tinyformat::format<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:976
   15        NEW_FUNC[2/16]: 0x55ec8a25c3e0 in void tinyformat::format<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::ostream&, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:968
   16        NEW_FUNC[3/16]: 0x55ec8a25c6a0 in tinyformat::detail::FormatListN<1>::FormatListN<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:885
   17        NEW_FUNC[4/16]: 0x55ec8a25c980 in void tinyformat::detail::FormatArg::formatImpl<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::ostream&, char const*, char const*, int, void const*) src/./tinyformat.h:530
   18        NEW_FUNC[6/16]: 0x55ec8b29cc60 in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:810
   19        NEW_FUNC[8/16]: 0x55ec8b2a4710 in (anonymous namespace)::Expr(Span<char const>&) src/script/descriptor.cpp:657
   20        NEW_FUNC[9/16]: 0x55ec8b2a4d40 in (anonymous namespace)::Func(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, Span<char const>&) src/script/descriptor.cpp:647
   21        NEW_FUNC[15/16]: 0x55ec8b2d7dd0 in Span<char const>::subspan(long) const src/./span.h:33
   22        NEW_FUNC[0/1]: 0x55ec8b2d7830 in Span<char const>::operator[](long) const src/./span.h:31
   23        NEW_FUNC[0/10]: 0x55ec8a2ea090 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > tinyformat::format<char const*>(char const*, char const* const&) src/./tinyformat.h:976
   24        NEW_FUNC[1/10]: 0x55ec8a345d40 in void tinyformat::format<char const*>(std::ostream&, char const*, char const* const&) src/./tinyformat.h:968
   25        NEW_FUNC[2/10]: 0x55ec8a346000 in tinyformat::detail::FormatListN<1>::FormatListN<char const*>(char const* const&) src/./tinyformat.h:885
   26        NEW_FUNC[3/10]: 0x55ec8a3462e0 in void tinyformat::detail::FormatArg::formatImpl<char const*>(std::ostream&, char const*, char const*, int, void const*) src/./tinyformat.h:530
   27        NEW_FUNC[4/10]: 0x55ec8a3464b0 in void tinyformat::formatValue<char const*>(std::ostream&, char const*, char const*, int, char const* const&) src/./tinyformat.h:317
   28        NEW_FUNC[8/10]: 0x55ec8b438ef0 in ParsePrechecks(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/util/strencodings.cpp:267
   29        NEW_FUNC[9/10]: 0x55ec8b4398b0 in ParseUInt32(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned int*) src/util/strencodings.cpp:309
   30        NEW_FUNC[0/3]: 0x55ec8a2e9430 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > tinyformat::format<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:976
   31        NEW_FUNC[1/3]: 0x55ec8a33a6f0 in void tinyformat::format<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::ostream&, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:968
   32        NEW_FUNC[2/3]: 0x55ec8a33aa40 in tinyformat::detail::FormatListN<2>::FormatListN<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:885
   33        NEW_FUNC[1/2]: 0x55ec8b4331b0 in IsHex(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/util/strencodings.cpp:61
   34        NEW_FUNC[13/24]: 0x55ec8b126eb0 in Params() src/chainparams.cpp:384
   35        NEW_FUNC[14/24]: 0x55ec8b19a500 in DecodeDestination(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/key_io.cpp:217
   36        NEW_FUNC[15/24]: 0x55ec8b19a610 in (anonymous namespace)::DecodeDestination(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, CChainParams const&) src/key_io.cpp:74
   37        NEW_FUNC[18/24]: 0x55ec8b357160 in IsValidDestination(boost::variant<CNoDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessUnknown> const&) src/script/standard.cpp:325
   38        NEW_FUNC[19/24]: 0x55ec8b36fe40 in DecodeBase58(char const*, std::vector<unsigned char, std::allocator<unsigned char> >&) src/base58.cpp:36
   39stat::number_of_executed_units: 54900
   40stat::average_exec_per_sec:     4990
   41stat::new_units_added:          421
   42stat::slowest_unit_time_sec:    0
   43stat::peak_rss_mb:              412
   44Number of unique code paths taken during fuzzing round: 93
   45
   46Tested fuzz harnesses seem to work as expected.
   

2. fanquake added the label Tests on Oct 2, 2019
3. practicalswift force-pushed on Oct 3, 2019
4. practicalswift force-pushed on Oct 3, 2019
5. practicalswift force-pushed on Oct 3, 2019
6. 
   DrahtBot commented at 8:37 pm on October 3, 2019: member

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Conflicts

   Reviewers, this pull request conflicts with the following ones:

   • #17050 (tests: Add fuzzing harnesses for functions parsing scripts, numbers, JSON and HD keypaths (bip32) by practicalswift)

   If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

7. practicalswift force-pushed on Oct 7, 2019
8. DrahtBot added the label Needs rebase on Oct 10, 2019
9. practicalswift force-pushed on Oct 10, 2019
10. DrahtBot removed the label Needs rebase on Oct 10, 2019
11. MarcoFalke renamed this:
    tests: Add Parse(...) (descriptor) fuzzing harness
    tests: Add descriptor Parse(...) fuzzing harness
    on Oct 15, 2019
12. MarcoFalke added the label Descriptors on Oct 15, 2019
13. in src/test/fuzz/descriptor_parse.cpp:13 in 6a3fdc7ad4 outdated

     8+void test_one_input(const std::vector<uint8_t>& buffer)
     9+{
    10+    const std::string descriptor(buffer.begin(), buffer.end());
    11+    FlatSigningProvider signing_provider;
    12+    std::string error;
    13+    Parse(descriptor, signing_provider, error, false);
    

    ---

    ---

    

    MarcoFalke commented at 5:57 pm on October 15, 2019:

    Could run with true and false?

    ---

    

    practicalswift commented at 9:44 pm on October 16, 2019:

    Sure! Updated. Please re-review.
14. in src/test/fuzz/fuzz.cpp:28 in 6a3fdc7ad4 outdated

    24@@ -25,6 +25,7 @@ static bool read_stdin(std::vector<uint8_t>& data)
    25 static void initialize()
    26 {
    27     const static auto verify_handle = MakeUnique<ECCVerifyHandle>();
    28+    SelectParams(CBaseChainParams::REGTEST);
    

    ---

    ---

    

    MarcoFalke commented at 6:13 pm on October 15, 2019:

    #17071 (review)

    ---

    

    practicalswift commented at 9:33 pm on October 16, 2019:

    Feedback addressed. Please re-review.
15. practicalswift force-pushed on Oct 16, 2019
16. practicalswift force-pushed on Oct 16, 2019
17. in src/test/fuzz/fuzz.cpp:29 in 7a86e272d7 outdated

    21@@ -22,7 +22,9 @@ static bool read_stdin(std::vector<uint8_t>& data)
    22     return length == 0;
    23 }
    24 
    25-static void initialize()
    26+// Default initialization: Override using a non-weak initialize().
    27+__attribute__((weak))
    28+void initialize()
    29 {
    30     const static auto verify_handle = MakeUnique<ECCVerifyHandle>();
    

    ---

    ---

    

    MarcoFalke commented at 7:32 pm on October 18, 2019:

    Can this function body be made empty? Only a few fuzzers need this.

    ---

    

    practicalswift commented at 11:09 am on October 23, 2019:

    Yes, but I’d rather do that in a follow-up PR since some existing fuzzers rely on this. I want to keep this PR Parse(…) only to keep it simple. It will take some investigation to figure our which fuzzers that rely on the current behaviour.
18. in test/fuzz/test_runner.py:18 in 7a86e272d7 outdated

    11@@ -12,6 +12,10 @@
    12 import subprocess
    13 import logging
    14 
    15+# Fuzzers known to lack a seed corpus in https://github.com/bitcoin-core/qa-assets/tree/master/fuzz_seed_corpus
    16+FUZZERS_MISSING_CORPORA = [
    17+    "descriptor_parse",
    18+]
    

    ---

    ---

    

    MarcoFalke commented at 8:55 pm on October 18, 2019:

    can remove this?

    ---

    

    practicalswift commented at 11:12 am on October 23, 2019:

    Done!
19. 
    MarcoFalke commented at 9:06 pm on October 18, 2019: member

    Thanks for this fuzzer. Reading through the seeds that came out for me is fun: https://github.com/bitcoin-core/qa-assets/commit/29e289fd7f639c41871bb91396b1075bbbab9ef5
20. MarcoFalke added the label Waiting for author on Oct 22, 2019
21. tests: Allow for using non-default fuzzing initialization fdef8bbf2f
22. tests: Add Parse(...) (descriptor) fuzzing harness b5ffa9f3db
23. practicalswift force-pushed on Oct 23, 2019
24. 
    practicalswift commented at 11:35 am on October 23, 2019: contributor

    Reading through the seeds that came out for me is fun: bitcoin-core/qa-assets@29e289f

    Those are really nice! Thanks for sharing.

    When fuzzing the Swift compiler a few years ago I discovered some very entertaining crashes using a custom Swift fuzzer I wrote myself: see some of these :)

    I’ve now addressed all feedback in this PR: I think it should be ready to go :)

25. MarcoFalke removed the label Waiting for author on Oct 23, 2019
26. MarcoFalke referenced this in commit deb2327b43 on Oct 23, 2019
27. MarcoFalke merged this on Oct 23, 2019
28. MarcoFalke closed this on Oct 23, 2019

    ---

29. MarcoFalke referenced this in commit d53828cb79 on Oct 24, 2019
30. deadalnix referenced this in commit 526a21b26a on Jul 9, 2020
31. jasonbcox referenced this in commit fed8c74652 on Jul 10, 2020
32. practicalswift deleted the branch on Apr 10, 2021
33. kittywhiskers referenced this in commit 4839712e02 on Aug 2, 2021
34. kittywhiskers referenced this in commit 354fcdf358 on Aug 2, 2021
35. kittywhiskers referenced this in commit 00350cca94 on Aug 5, 2021
36. kittywhiskers referenced this in commit 30852b93e8 on Aug 5, 2021
37. kittywhiskers referenced this in commit 85bcd3e7c6 on Aug 5, 2021
38. PastaPastaPasta referenced this in commit 4e5c9dec55 on Aug 6, 2021
39. kittywhiskers referenced this in commit 682f23934e on Aug 8, 2021
40. kittywhiskers referenced this in commit f47768b94c on Aug 11, 2021
41. PastaPastaPasta referenced this in commit 90e7119a8b on Aug 11, 2021
42. 5tefan referenced this in commit 6b5014ac11 on Aug 12, 2021
43. DrahtBot locked this on Aug 18, 2022

Contributors
practicalswift DrahtBot MarcoFalke

Labels
Tests Descriptors