fuzz: addrman, add coverage for network field in Select(), Size() and GetAddr() #27549

pull brunoerg wants to merge 1 commits into bitcoin:master from brunoerg:2023-04-fuzz-addrman-select changing 1 files +11 −3
  1. brunoerg commented at 3:05 pm on May 1, 2023: contributor
    This PR adds fuzz coverage for network field in Select(), Size() and GetAddr(), there was only call to them without passing a network. https://marcofalke.github.io/b-c-cov/fuzz.coverage/src/addrman.cpp.gcov.html
  2. DrahtBot commented at 3:05 pm on May 1, 2023: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK amitiuttarwar, mzumsande, achow101
    Concept ACK pablomartin4btc

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #25284 (net: Use serialization parameters for CAddress serialization by MarcoFalke)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  3. DrahtBot added the label Tests on May 1, 2023
  4. in src/test/fuzz/addrman.cpp:306 in 0d4fe13aa7 outdated
    302@@ -303,6 +303,8 @@ FUZZ_TARGET_INIT(addrman, initialize_addrman)
    303         /*max_addresses=*/fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096),
    304         /*max_pct=*/fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096),
    305         /*network=*/std::nullopt);
    306+    const std::optional<Network> network{fuzzed_data_provider.PickValueInArray({Network::NET_IPV4, Network::NET_IPV6, Network::NET_INTERNAL, Network::NET_ONION, Network::NET_I2P})};
    


    maflcko commented at 8:40 am on May 2, 2023:
    Any reason to not use ALL_NETWORKS?

    brunoerg commented at 1:42 pm on May 2, 2023:
    Well, since it already imports test/fuzz/util/net.h there is no reason, gonna change it!
  5. mzumsande commented at 11:49 am on May 2, 2023: contributor
    Concept ACK. I noticed this too, so a recently added commit from #27213, https://github.com/bitcoin/bitcoin/pull/27213/commits/8f91e5898b3571e0802f2197981c54dda9ee71fa, also includes this - plus coverage for the other network-specific functions (GetAddr(), Size()). I think it’s fine to do it in a separate PR too, but while at it, it would be good to also add coverage for these other functions.
  6. fuzz: addrman, add coverage for `network` field in `Select()`, `Size()` and `GetAddr()`
    Co-authored-by: Amiti Uttarwar <amiti@uttarwar.org>
    Co-authored-by: Martin Zumsande <mzumsande@gmail.com>
    35a2175ad8
  7. brunoerg force-pushed on May 2, 2023
  8. brunoerg renamed this:
    fuzz: addrman, add coverage for `network` field in `Select()`
    fuzz: addrman, add coverage for `network` field in `Select()`, `Size()` and `GetAddr()`
    on May 2, 2023
  9. brunoerg commented at 4:02 pm on May 2, 2023: contributor

    Force-pushed addressing #27549#pullrequestreview-1408940288

    Added coverage for Size() and GetAddr(), since I got code from https://github.com/bitcoin/bitcoin/commit/8f91e5898b3571e0802f2197981c54dda9ee71fa, I added @mzumsande and @amitiuttarwar as co-authors. PR description has been updated.

  10. amitiuttarwar commented at 7:55 pm on May 24, 2023: contributor
    it looks like this PR provides the same coverage as 8f91e5898b3571e0802f2197981c54dda9ee71fa in #27213. I’ll remove the commit there so 27213 can focus on discussing the changes to node behavior
  11. amitiuttarwar commented at 7:56 pm on May 24, 2023: contributor
    for the record, ACK 35a2175ad8bec92b409ae2202c124e39b2f3f838 - only small changes from the version (previously) proposed in 27213
  12. maflcko requested review from mzumsande on May 25, 2023
  13. maflcko requested review from dergoegge on May 25, 2023
  14. in src/test/fuzz/addrman.cpp:314 in 35a2175ad8
    312+        network);
    313+    (void)const_addr_man.Select(fuzzed_data_provider.ConsumeBool(), network);
    314+    std::optional<bool> in_new;
    315+    if (fuzzed_data_provider.ConsumeBool()) {
    316+        in_new = fuzzed_data_provider.ConsumeBool();
    317+    }
    


    pablomartin4btc commented at 12:06 pm on June 25, 2023:

    I was going to propose:

    0    bool in_new{fuzzed_data_provider.ConsumeBool()};
    

    But then I checked also the definition of theAddrMan::Size()function consuming in_new as and argument and I see in the comments that it would interpret the 3 states:

    0/**
    1 * Return size information about addrman.
    2 *
    3 * [@param](/bitcoin-bitcoin/contributor/param/)[in] net              Select addresses only from specified network (nullopt = all)
    4 * [@param](/bitcoin-bitcoin/contributor/param/)[in] in_new           Select addresses only from one table (true = new, false = tried, nullopt = both)
    5 * [@return](/bitcoin-bitcoin/contributor/return/)                     Number of unique addresses that match specified options.
    6 */ 
    

    edit: just thinking, we never use the false alternative here (tried table), perhaps this is not an issue.

  15. in src/test/fuzz/addrman.cpp:305 in 35a2175ad8
    298@@ -299,12 +299,20 @@ FUZZ_TARGET_INIT(addrman, initialize_addrman)
    299             });
    300     }
    301     const AddrMan& const_addr_man{addr_man};
    302+    std::optional<Network> network;
    303+    if (fuzzed_data_provider.ConsumeBool()) {
    304+        network = fuzzed_data_provider.PickValueInArray(ALL_NETWORKS);
    305+    }
    


    pablomartin4btc commented at 12:17 pm on June 25, 2023:

    Do we really need this?

    Next line calling AddrMan::GetAddr() function passes std::nullopt as the network argument (meaning ALL_NETWORKS), so as AddrMan::Size() also interprets the same for the network argument and since even ConsumesBool() when returns false it would be std::nullopt (meaning ALL_NETWORKS), why to bother with this, just pass std::nullopt below when you call AddrMan::Size(), unless I’m missing something here.


    mzumsande commented at 8:05 pm on June 26, 2023:

    Next line calling AddrMan::GetAddr() function passes std::nullopt as the network argument

    no, it now passes network as the network argument, which, depending on the fuzzing seed, could be std::nullopt or any network.

    The goal of this PR is to give the fuzzer the possibility to reach network-specific code paths. If there was a bug within these, it wouldn’t be able to find it before, because they just weren’t invoked.

  16. in src/test/fuzz/addrman.cpp:315 in 35a2175ad8
    313+    (void)const_addr_man.Select(fuzzed_data_provider.ConsumeBool(), network);
    314+    std::optional<bool> in_new;
    315+    if (fuzzed_data_provider.ConsumeBool()) {
    316+        in_new = fuzzed_data_provider.ConsumeBool();
    317+    }
    318+    (void)const_addr_man.Size(network, in_new);
    


    pablomartin4btc commented at 12:19 pm on June 25, 2023:

    As I explained my reasoning of this above in my first comment on the initialisation of the network variable:

    0    (void)const_addr_man.Size(/*network=*/std::nullopt, in_new);
    
  17. pablomartin4btc commented at 1:28 pm on June 25, 2023: member

    Tested ACK: FUZZ=addrman ./src/test/fuzz/fuzz

    Tried also with a few seeds added last month by @Xekyo: e.g.: FUZZ=addrman ./src/test/fuzz/fuzz ../qa-assets/fuzz_seed_corpus/addrman/1b02be22a08f8e28c192cb1c86f074158d18a691

  18. mzumsande commented at 8:10 pm on June 26, 2023: contributor
    Code Review ACK 35a2175ad8bec92b409ae2202c124e39b2f3f838, haven’t tested this yet, but I will let the fuzzer run for a while now.
  19. achow101 commented at 11:06 pm on July 13, 2023: member
    ACK 35a2175ad8bec92b409ae2202c124e39b2f3f838
  20. achow101 merged this on Jul 13, 2023
  21. achow101 closed this on Jul 13, 2023

  22. sidhujag referenced this in commit cfae9e3c2d on Jul 15, 2023
  23. sidhujag referenced this in commit 2a3c49bf42 on Jul 15, 2023
  24. bitcoin locked this on Jul 12, 2024

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-25 15:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me