test: migrate to some per-symbol ubsan suppressions #28865

1. 
   fanquake commented at 5:41 pm on November 13, 2023: member

   Now that the symbolizer should be hanging around (#28814), migrate some file-wide suppressions to be symbol specific. Should assist in catching new issues that may otherwise go unnoticed due to file-wide suppression.

   Only tested (so far) on aarch64 using the native ASAN & FUZZ CI.

2. 
   DrahtBot commented at 5:41 pm on November 13, 2023: contributor

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Code Coverage

   For detailed information about the code coverage, see the test coverage report.

   Reviews

   See the guideline for information on the review process.

   Type	Reviewers
   ACK	maflcko, dergoegge

   If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

   Conflicts

   Reviewers, this pull request conflicts with the following ones:

   • #28875 (build: Pass sanitize flags to instrument libsecp256k1 code by hebasto)
   • #28690 (build: Introduce internal kernel library by TheCharlatan)

   If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

3. 
   maflcko commented at 11:00 am on November 14, 2023: member

   Should be fine, if CI passes. Can easily be reverted, if it turns out failing locally.
4. test: migrate to some per-symbol ubsan suppressions

   Tested on aarch64 using the ASAN CI job. Currently unable to test on
   x86_64 due to AppArmor & podman issues.

   fd30e9688e
5. fanquake force-pushed on Nov 14, 2023
6. fanquake renamed this:
   [WIP] test: migrate to some per-symbol ubsan suppressions
   test: migrate to some per-symbol ubsan suppressions
   on Nov 14, 2023
7. DrahtBot added the label Tests on Nov 14, 2023
8. fanquake marked this as ready for review on Nov 14, 2023
9. 
   fanquake commented at 3:59 pm on November 14, 2023: member

   Pushed up a few more changes.
10. 
    maflcko commented at 4:02 pm on November 14, 2023: member

    lgtm ACK fd30e9688e15fe6e0f8b64202a6e9c7d96333394
11. fanquake requested review from dergoegge on Nov 14, 2023
12. dergoegge approved
13. 
    dergoegge commented at 4:46 pm on November 14, 2023: member

    utACK fd30e9688e15fe6e0f8b64202a6e9c7d96333394 (if CI is green)

    Good stuff

14. fanquake merged this on Nov 15, 2023
15. fanquake closed this on Nov 15, 2023

    ---

16. fanquake deleted the branch on Nov 15, 2023
17. in test/sanitizer_suppressions/ubsan:62 in fd30e9688e

    64-implicit-integer-sign-change:compat/stdin.cpp
    65+implicit-integer-sign-change:SetStdinEcho
    66 implicit-integer-sign-change:compressor.h
    67 implicit-integer-sign-change:crypto/
    68-implicit-integer-sign-change:policy/fees.cpp
    69+implicit-integer-sign-change:TxConfirmStats::removeTx
    

    ---

    ---

    

    maflcko commented at 8:55 am on November 29, 2023:

    This now causes (locally):

     0# FUZZ=policy_estimator UBSAN_OPTIONS="suppressions=/root/fuzz_dir/scratch/fuzz_gen/code/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1" /root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz -runs=1 /root/fuzz_dir/scratch/fuzz_gen/code/crash-* 
     1INFO: Running with entropic power schedule (0xFF, 100).
     2INFO: Seed: 3432838904
     3INFO: Loaded 1 modules   (545951 inline 8-bit counters): 545951 [0x55cbc06c70a8, 0x55cbc074c547), 
     4INFO: Loaded 1 PC tables (545951 PCs): 545951 [0x55cbc074c548,0x55cbc0fa0f38), 
     5/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz: Running 14 inputs 1 time(s) each.
     6Running: /root/fuzz_dir/scratch/fuzz_gen/code/crash-154b42214e70781a9c1ad72d3f2693913dcf8c06
     7policy/fees.cpp:632:27: runtime error: implicit conversion from type 'unsigned int' of value 4294574080 (32-bit, unsigned) to type 'int' changed the value to -393216 (32-bit, signed)
     8    [#0](/bitcoin-bitcoin/0/) 0x55cbbe10daee in CBlockPolicyEstimator::processBlockTx(unsigned int, CTxMemPoolEntry const*) src/policy/fees.cpp:632:27
     9    [#1](/bitcoin-bitcoin/1/) 0x55cbbe10e361 in CBlockPolicyEstimator::processBlock(unsigned int, std::vector<CTxMemPoolEntry const*, std::allocator<CTxMemPoolEntry const*>>&) src/policy/fees.cpp:680:13
    10    [#2](/bitcoin-bitcoin/2/) 0x55cbbd84af48 in policy_estimator_fuzz_target(Span<unsigned char const>)::$_1::operator()() const src/test/fuzz/policy_estimator.cpp:69:40
    11    [#3](/bitcoin-bitcoin/3/) 0x55cbbd84af48 in unsigned long CallOneOf<policy_estimator_fuzz_target(Span<unsigned char const>)::$_0, policy_estimator_fuzz_target(Span<unsigned char const>)::$_1, policy_estimator_fuzz_target(Span<unsigned char const>)::$_2, policy_estimator_fuzz_target(Span<unsigned char const>)::$_3>(FuzzedDataProvider&, policy_estimator_fuzz_target(Span<unsigned char const>)::$_0, policy_estimator_fuzz_target(Span<unsigned char const>)::$_1, policy_estimator_fuzz_target(Span<unsigned char const>)::$_2, policy_estimator_fuzz_target(Span<unsigned char const>)::$_3) src/./test/fuzz/util.h:43:27
    12    [#4](/bitcoin-bitcoin/4/) 0x55cbbd84af48 in policy_estimator_fuzz_target(Span<unsigned char const>) src/test/fuzz/policy_estimator.cpp:38:9
    13    [#5](/bitcoin-bitcoin/5/) 0x55cbbda1cc18 in std::function<void (Span<unsigned char const>)>::operator()(Span<unsigned char const>) const /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_function.h:591:9
    14    [#6](/bitcoin-bitcoin/6/) 0x55cbbda1cc18 in LLVMFuzzerTestOneInput src/test/fuzz/fuzz.cpp:178:5
    15    [#7](/bitcoin-bitcoin/7/) 0x55cbbd26a944 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x190e944) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
    16    [#8](/bitcoin-bitcoin/8/) 0x55cbbd253916 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x18f7916) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
    17    [#9](/bitcoin-bitcoin/9/) 0x55cbbd25945a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x18fd45a) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
    18    [#10](/bitcoin-bitcoin/10/) 0x55cbbd284026 in main (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x1928026) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
    19    [#11](/bitcoin-bitcoin/11/) 0x7fe4aa8280cf  (/lib/x86_64-linux-gnu/libc.so.6+0x280cf) (BuildId: 96ab1a8f3b2c9a2ed37c7388615e6a726d037e89)
    20    [#12](/bitcoin-bitcoin/12/) 0x7fe4aa828188 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28188) (BuildId: 96ab1a8f3b2c9a2ed37c7388615e6a726d037e89)
    21    [#13](/bitcoin-bitcoin/13/) 0x55cbbd24e494 in _start (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x18f2494) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
    22
    23SUMMARY: UndefinedBehaviorSanitizer: implicit-integer-sign-change policy/fees.cpp:632:27 in 
    

    0# base64 /root/fuzz_dir/scratch/fuzz_gen/code/crash-154b42214e70781a9c1ad72d3f2693913dcf8c06 
    1AQEAAAAAADkFlVwAAQEAAAAAADkFlZVcACTDSSsP3746IAZrH48khwMAAQEB/QEALQAACwAAAAAA
    2FgAAAAAAAQAABgAAAAAAAAAAAAAAAAAAACcQAAAAAAAAAAAAAAAAAAAAAAD6AAAAOQWVXAABAQAA
    3AAAAOQWVlVwAIMNJKw/fvjogBmsfjySHAwABAQH9AQAtAAALAAAAAAAAAAABAAAGAAAAAAAAAAAA
    4AAAAAAAAJxAAAAAAAAAAAAAAAAAAAAAAAPr/AAAAAAAAAAAAAAQAAAAA/wAAAAAAAAAAAAAEAAAA
    5AAEBAeAIAVwBXAAA/jbSBvwBKABSKBwBYgEB2wAEkvXInHYAAAAAAAAAvgAAAAAA/9//6v8e/xIk
    6MgAlAiUAOw==
    

    ---

    

    fanquake commented at 9:42 am on November 29, 2023:

    Open a PR to add a new suppression? Otherwise I can.

    ---

    

    maflcko commented at 9:59 am on November 29, 2023:

    https://github.com/bitcoin/bitcoin/pull/28966

Contributors
fanquake DrahtBot maflcko dergoegge

Labels
Tests