fuzz: Mock GetRand in process_message(s) #28537

pull dergoegge wants to merge 2 commits into bitcoin:master from dergoegge:2023-09-mock-getrand changing 4 files +19 −1
  1. dergoegge commented at 2:59 pm on September 26, 2023: member

    This PR introduces g_mock_get_rand to allow tests to mock GetRand and makes g_mock_get_rand consume from the fuzzed data in the process_message(s) targets.

    Mocking GetRand reduces the non-determinism in these targets and results in more stable fuzzing.

  2. DrahtBot commented at 2:59 pm on September 26, 2023: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept ACK brunoerg

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  3. DrahtBot added the label Tests on Sep 26, 2023
  4. in src/test/fuzz/process_message.cpp:67 in 0ec6ed0dd9 outdated 
    62@@ -62,6 +63,11 @@ FUZZ_TARGET(process_message, .init = initialize_process_message)
63 {
64     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
65 
66+    g_mock_get_rand = [&](uint64_t max) -> uint64_t {
67+        if (fuzzed_data_provider.remaining_bytes() == 0) return 1;
    dergoegge commented at 3:02 pm on September 26, 2023:
    Not having this exception leads to an endless loop here: https://github.com/bitcoin/bitcoin/blob/c9f288244b8d183e09a917025922b99e3368ef78/src/net_processing.cpp#L5225-L5227
    MarcoFalke commented at 2:13 pm on September 27, 2023:
    Shouldn’t this return max - 1, otherwise it may return an invalid value when GetRand(1) is called?
  5. in src/random.cpp:567 in 0ec6ed0dd9 outdated 
    563@@ -564,9 +564,11 @@ void RandAddPeriodic() noexcept { ProcRand(nullptr, 0, RNGLevel::PERIODIC); }
564 void RandAddEvent(const uint32_t event_info) noexcept { GetRNGState().AddEvent(event_info); }
565 
566 bool g_mock_deterministic_tests{false};
    dergoegge commented at 3:02 pm on September 26, 2023:
    Setting g_mock_deterministic_tests is not a great alternative as it makes GetRand always return the same value.
    MarcoFalke commented at 7:59 am on September 27, 2023:
    nit: It is bad enough that there is a single test-only mock in here. Now, having two, it would make sense to remove one of them again. (Maybe in a follow-up)
  6. [test] Allow mocking GetRand 7d785c2f72
  7. [fuzz] Mock GetRand in process_messages(s) 24ddb4ae66
  8. dergoegge force-pushed on Sep 26, 2023
  9. DrahtBot added the label CI failed on Sep 26, 2023
  10. DrahtBot removed the label CI failed on Sep 26, 2023
  11. brunoerg commented at 5:05 pm on September 26, 2023: contributor
    Concept ACK
  12. MarcoFalke commented at 7:57 am on September 27, 2023: member

    Can you add examples where this matters?

    I presume one example would be ping-pong handling?

    Longer term it would be nice to nuke the global GetRand and use a mockable instance everywhere.

  14. MarcoFalke commented at 2:20 pm on September 27, 2023: member

    The examples you linked to should still be non-deterministic, because the feefilter rounder is random, as well as the address relay, no?

    Also, no transactions are ever relayed, so while this makes the coverage data more deterministic, the benefits should be minimal? Considering that this may affect all fuzz inputs, I’d prefer to go the full and complete route instead.

  15. dergoegge marked this as a draft on Sep 27, 2023
  16. dergoegge closed this on Sep 28, 2023
  17. MarcoFalke commented at 10:45 am on September 29, 2023: member

    Would be nice to start using one FastRandomContext in PeerManager (locked by the message thread mutex), or more, if needed. The FRC would be deterministic in tests.

    No need to fix everything, but it shouldn’t be too hard to fix one instance (e.g. ping-pong handling) with the added benefit of not breaking the fuzz input format. Happy to review that.

    In the future, the deterministic seed can be read from the fuzz input (in a breaking fuzz change), and more places can be converted.

  18. dergoegge commented at 1:19 pm on October 2, 2023: member

    Would be nice to start using one FastRandomContext in PeerManager

    This doesn’t solve our problem in the fuzz tests since the peerman is global, so this will only help in fuzz tests that create a new peerman each iteration.


dergoegge DrahtBot MarcoFalke brunoerg

Labels
Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-09-28 22:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me