tests: Add descriptor Parse(…) fuzzing harness #17018

pull practicalswift wants to merge 2 commits into bitcoin:master from practicalswift:descriptor_parse changing 4 files +33 −2
  1. practicalswift commented at 8:21 am on October 2, 2019: contributor

    Add Parse(...) (descriptor) fuzzing harness.

    To test this PR:

    We can run test_fuzzing_harnesses.sh (#17000) during ten seconds to quickly verify that the newly added fuzz harness seem to hit relevant code regions, that the fuzzing throughput seems reasonable, etc.

    test_fuzzing_harnesses.sh descriptor 10 runs all fuzzers matching the regexp descriptor giving them ten seconds of runtime each.

     0$ CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=address,fuzzer,undefined
     1$ make
     2$ contrib/devtools/test_fuzzing_harnesses.sh descriptor 10
     3Testing fuzzer descriptor_parse during 10 second(s)
     4A subset of reached functions:
     5        NEW_FUNC[0/17]: 0x55ec8a240c90 in tinyformat::detail::formatImpl(std::ostream&, char const*, tinyformat::detail::FormatArg const*, int) src/./tinyformat.h:791
     6        NEW_FUNC[4/17]: 0x55ec8a2435f0 in tinyformat::detail::printFormatStringLiteral(std::ostream&, char const*) src/./tinyformat.h:564
     7        NEW_FUNC[5/17]: 0x55ec8a2439d0 in tinyformat::detail::streamStateFromFormat(std::ostream&, bool&, int&, char const*, tinyformat::detail::FormatArg const*, int&, int) src/./tinyformat.h:601
     8        NEW_FUNC[6/17]: 0x55ec8a24a3d0 in tinyformat::detail::FormatArg::format(std::ostream&, char const*, char const*, int) const src/./tinyformat.h:513
     9        NEW_FUNC[12/17]: 0x55ec8a29cd70 in void tinyformat::detail::FormatArg::formatImpl<long>(std::ostream&, char const*, char const*, int, void const*) src/./tinyformat.h:530
    10        NEW_FUNC[13/17]: 0x55ec8a29cf50 in void tinyformat::formatValue<long>(std::ostream&, char const*, char const*, int, long const&) src/./tinyformat.h:317
    11        NEW_FUNC[14/17]: 0x55ec8a2ea450 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > tinyformat::format<long>(char const*, long const&) src/./tinyformat.h:976
    12        NEW_FUNC[15/17]: 0x55ec8a346ac0 in void tinyformat::format<long>(std::ostream&, char const*, long const&) src/./tinyformat.h:968
    13        NEW_FUNC[16/17]: 0x55ec8a346d80 in tinyformat::detail::FormatListN<1>::FormatListN<long>(long const&) src/./tinyformat.h:885
    14        NEW_FUNC[0/16]: 0x55ec8a210c90 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > tinyformat::format<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:976
    15        NEW_FUNC[2/16]: 0x55ec8a25c3e0 in void tinyformat::format<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::ostream&, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:968
    16        NEW_FUNC[3/16]: 0x55ec8a25c6a0 in tinyformat::detail::FormatListN<1>::FormatListN<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:885
    17        NEW_FUNC[4/16]: 0x55ec8a25c980 in void tinyformat::detail::FormatArg::formatImpl<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::ostream&, char const*, char const*, int, void const*) src/./tinyformat.h:530
    18        NEW_FUNC[6/16]: 0x55ec8b29cc60 in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:810
    19        NEW_FUNC[8/16]: 0x55ec8b2a4710 in (anonymous namespace)::Expr(Span<char const>&) src/script/descriptor.cpp:657
    20        NEW_FUNC[9/16]: 0x55ec8b2a4d40 in (anonymous namespace)::Func(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, Span<char const>&) src/script/descriptor.cpp:647
    21        NEW_FUNC[15/16]: 0x55ec8b2d7dd0 in Span<char const>::subspan(long) const src/./span.h:33
    22        NEW_FUNC[0/1]: 0x55ec8b2d7830 in Span<char const>::operator[](long) const src/./span.h:31
    23        NEW_FUNC[0/10]: 0x55ec8a2ea090 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > tinyformat::format<char const*>(char const*, char const* const&) src/./tinyformat.h:976
    24        NEW_FUNC[1/10]: 0x55ec8a345d40 in void tinyformat::format<char const*>(std::ostream&, char const*, char const* const&) src/./tinyformat.h:968
    25        NEW_FUNC[2/10]: 0x55ec8a346000 in tinyformat::detail::FormatListN<1>::FormatListN<char const*>(char const* const&) src/./tinyformat.h:885
    26        NEW_FUNC[3/10]: 0x55ec8a3462e0 in void tinyformat::detail::FormatArg::formatImpl<char const*>(std::ostream&, char const*, char const*, int, void const*) src/./tinyformat.h:530
    27        NEW_FUNC[4/10]: 0x55ec8a3464b0 in void tinyformat::formatValue<char const*>(std::ostream&, char const*, char const*, int, char const* const&) src/./tinyformat.h:317
    28        NEW_FUNC[8/10]: 0x55ec8b438ef0 in ParsePrechecks(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/util/strencodings.cpp:267
    29        NEW_FUNC[9/10]: 0x55ec8b4398b0 in ParseUInt32(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned int*) src/util/strencodings.cpp:309
    30        NEW_FUNC[0/3]: 0x55ec8a2e9430 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > tinyformat::format<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:976
    31        NEW_FUNC[1/3]: 0x55ec8a33a6f0 in void tinyformat::format<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::ostream&, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:968
    32        NEW_FUNC[2/3]: 0x55ec8a33aa40 in tinyformat::detail::FormatListN<2>::FormatListN<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/./tinyformat.h:885
    33        NEW_FUNC[1/2]: 0x55ec8b4331b0 in IsHex(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/util/strencodings.cpp:61
    34        NEW_FUNC[13/24]: 0x55ec8b126eb0 in Params() src/chainparams.cpp:384
    35        NEW_FUNC[14/24]: 0x55ec8b19a500 in DecodeDestination(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) src/key_io.cpp:217
    36        NEW_FUNC[15/24]: 0x55ec8b19a610 in (anonymous namespace)::DecodeDestination(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, CChainParams const&) src/key_io.cpp:74
    37        NEW_FUNC[18/24]: 0x55ec8b357160 in IsValidDestination(boost::variant<CNoDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessUnknown> const&) src/script/standard.cpp:325
    38        NEW_FUNC[19/24]: 0x55ec8b36fe40 in DecodeBase58(char const*, std::vector<unsigned char, std::allocator<unsigned char> >&) src/base58.cpp:36
    39stat::number_of_executed_units: 54900
    40stat::average_exec_per_sec:     4990
    41stat::new_units_added:          421
    42stat::slowest_unit_time_sec:    0
    43stat::peak_rss_mb:              412
    44Number of unique code paths taken during fuzzing round: 93
    45
    46Tested fuzz harnesses seem to work as expected.
    
  2. fanquake added the label Tests on Oct 2, 2019
  3. practicalswift force-pushed on Oct 3, 2019
  4. practicalswift force-pushed on Oct 3, 2019
  5. practicalswift force-pushed on Oct 3, 2019
  6. DrahtBot commented at 8:37 pm on October 3, 2019: member

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #17050 (tests: Add fuzzing harnesses for functions parsing scripts, numbers, JSON and HD keypaths (bip32) by practicalswift)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  7. practicalswift force-pushed on Oct 7, 2019
  8. DrahtBot added the label Needs rebase on Oct 10, 2019
  9. practicalswift force-pushed on Oct 10, 2019
  10. DrahtBot removed the label Needs rebase on Oct 10, 2019
  11. MarcoFalke renamed this:
    tests: Add Parse(...) (descriptor) fuzzing harness
    tests: Add descriptor Parse(...) fuzzing harness
    on Oct 15, 2019
  12. MarcoFalke added the label Descriptors on Oct 15, 2019
  13. in src/test/fuzz/descriptor_parse.cpp:13 in 6a3fdc7ad4 outdated
     8+void test_one_input(const std::vector<uint8_t>& buffer)
     9+{
    10+    const std::string descriptor(buffer.begin(), buffer.end());
    11+    FlatSigningProvider signing_provider;
    12+    std::string error;
    13+    Parse(descriptor, signing_provider, error, false);
    


    MarcoFalke commented at 5:57 pm on October 15, 2019:
    Could run with true and false?

    practicalswift commented at 9:44 pm on October 16, 2019:
    Sure! Updated. Please re-review.
  14. in src/test/fuzz/fuzz.cpp:28 in 6a3fdc7ad4 outdated
    24@@ -25,6 +25,7 @@ static bool read_stdin(std::vector<uint8_t>& data)
    25 static void initialize()
    26 {
    27     const static auto verify_handle = MakeUnique<ECCVerifyHandle>();
    28+    SelectParams(CBaseChainParams::REGTEST);
    


    MarcoFalke commented at 6:13 pm on October 15, 2019:

    practicalswift commented at 9:33 pm on October 16, 2019:
    Feedback addressed. Please re-review.
  15. practicalswift force-pushed on Oct 16, 2019
  16. practicalswift force-pushed on Oct 16, 2019
  17. in src/test/fuzz/fuzz.cpp:29 in 7a86e272d7 outdated
    21@@ -22,7 +22,9 @@ static bool read_stdin(std::vector<uint8_t>& data)
    22     return length == 0;
    23 }
    24 
    25-static void initialize()
    26+// Default initialization: Override using a non-weak initialize().
    27+__attribute__((weak))
    28+void initialize()
    29 {
    30     const static auto verify_handle = MakeUnique<ECCVerifyHandle>();
    


    MarcoFalke commented at 7:32 pm on October 18, 2019:
    Can this function body be made empty? Only a few fuzzers need this.

    practicalswift commented at 11:09 am on October 23, 2019:
    Yes, but I’d rather do that in a follow-up PR since some existing fuzzers rely on this. I want to keep this PR Parse(…) only to keep it simple. It will take some investigation to figure our which fuzzers that rely on the current behaviour.
  18. in test/fuzz/test_runner.py:18 in 7a86e272d7 outdated
    11@@ -12,6 +12,10 @@
    12 import subprocess
    13 import logging
    14 
    15+# Fuzzers known to lack a seed corpus in https://github.com/bitcoin-core/qa-assets/tree/master/fuzz_seed_corpus
    16+FUZZERS_MISSING_CORPORA = [
    17+    "descriptor_parse",
    18+]
    


    MarcoFalke commented at 8:55 pm on October 18, 2019:
    can remove this?

    practicalswift commented at 11:12 am on October 23, 2019:
    Done!
  19. MarcoFalke commented at 9:06 pm on October 18, 2019: member
    Thanks for this fuzzer. Reading through the seeds that came out for me is fun: https://github.com/bitcoin-core/qa-assets/commit/29e289fd7f639c41871bb91396b1075bbbab9ef5
  20. MarcoFalke added the label Waiting for author on Oct 22, 2019
  21. tests: Allow for using non-default fuzzing initialization fdef8bbf2f
  22. tests: Add Parse(...) (descriptor) fuzzing harness b5ffa9f3db
  23. practicalswift force-pushed on Oct 23, 2019
  24. practicalswift commented at 11:35 am on October 23, 2019: contributor

    Reading through the seeds that came out for me is fun: bitcoin-core/qa-assets@29e289f

    Those are really nice! Thanks for sharing.

    When fuzzing the Swift compiler a few years ago I discovered some very entertaining crashes using a custom Swift fuzzer I wrote myself: see some of these :)

    I’ve now addressed all feedback in this PR: I think it should be ready to go :)

  25. MarcoFalke removed the label Waiting for author on Oct 23, 2019
  26. MarcoFalke referenced this in commit deb2327b43 on Oct 23, 2019
  27. MarcoFalke merged this on Oct 23, 2019
  28. MarcoFalke closed this on Oct 23, 2019

  29. MarcoFalke referenced this in commit d53828cb79 on Oct 24, 2019
  30. deadalnix referenced this in commit 526a21b26a on Jul 9, 2020
  31. jasonbcox referenced this in commit fed8c74652 on Jul 10, 2020
  32. practicalswift deleted the branch on Apr 10, 2021
  33. kittywhiskers referenced this in commit 4839712e02 on Aug 2, 2021
  34. kittywhiskers referenced this in commit 354fcdf358 on Aug 2, 2021
  35. kittywhiskers referenced this in commit 00350cca94 on Aug 5, 2021
  36. kittywhiskers referenced this in commit 30852b93e8 on Aug 5, 2021
  37. kittywhiskers referenced this in commit 85bcd3e7c6 on Aug 5, 2021
  38. PastaPastaPasta referenced this in commit 4e5c9dec55 on Aug 6, 2021
  39. kittywhiskers referenced this in commit 682f23934e on Aug 8, 2021
  40. kittywhiskers referenced this in commit f47768b94c on Aug 11, 2021
  41. PastaPastaPasta referenced this in commit 90e7119a8b on Aug 11, 2021
  42. 5tefan referenced this in commit 6b5014ac11 on Aug 12, 2021
  43. DrahtBot locked this on Aug 18, 2022

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-21 15:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me