fuzz: Improve stability for txorphan and mini_miner harnesses #30306

pull dergoegge wants to merge 1 commits into bitcoin:master from dergoegge:2024-06-itercomp-stab changing 2 files +2 −2
  1. dergoegge commented at 9:17 AM on June 19, 2024: member

    See #29018.

    Stability for txorphan is now >90%. mini_miner needs further investigation, stability still low (although slightly improved by this PR) at ~62%.

  2. Don't use iterator addresses in IteratorComparator
    The addresses of the iterator values are non-deterministic (i.e. they
depend on where the values were allocated). This causes stability issues
when fuzzing (e.g. in the `txorphan` and `mini_miner` harnesses), due
the orders (derived from IteratorComparator) not being deterministic.

Improve stability by comparing the first element in the iterator value
pair instead of using the the value addresses.
    e009bf681c
  3. DrahtBot commented at 9:17 AM on June 19, 2024: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage

    For detailed information about the code coverage, see the test coverage report.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK marcofleon, glozow

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  4. DrahtBot added the label Tests on Jun 19, 2024
  5. in src/node/mini_miner.h:66 in e009bf681c 
      62 | @@ -63,7 +63,7 @@ struct IteratorComparator
  63 |      template<typename I>
  64 |      bool operator()(const I& a, const I& b) const
  65 |      {
  66 | -        return &(*a) < &(*b);
  67 | +        return a->first < b->first;
    maflcko commented at 9:47 AM on June 19, 2024:

    Can you explain this a bit more? IIUC the entries/iterators are pushed into a vector, so the order should be deterministic, no? If not, maybe the order should be made deterministic? Otherwise, the hot-loop may of calculating the ancestor set may take a longer time due to having to compare more memory (pointer vs uint256)?

    dergoegge commented at 10:04 AM on June 19, 2024:

    For both MiniMiner and TxOrphange, IteratorComparator is used for a std::set that holds iterators into a std::map. I don't know how std::map allocates memory internally but it doesn't seem to be one continuous vector.

    The stability for txorphan definitely goes up by this change:

    (the first column indicates afll+'s stability metric, these links will stop working at some point)

    maflcko commented at 10:12 AM on June 19, 2024:

    Ah sorry. I was confused by std::vector<MockEntryMap::iterator> m_entries;, but the iterator isn't into the vector, but into the map itself. Discussion can be closed.

    maflcko commented at 10:14 AM on June 19, 2024:

    (the first column indicates afll+'s stability metric, these links will stop working at some point)

    Nice. If you don't mind, could share the steps to create the stats.txt file?

    dergoegge commented at 10:23 AM on June 19, 2024:

    It's part of the output from my fuzzing setup, which is closed source atm.

    However, measuring stability is easily possible by just running afll++.

  6. in src/txorphanage.h:95 in e009bf681c 
      91 | @@ -92,7 +92,7 @@ class TxOrphanage {
  92 |          template<typename I>
  93 |          bool operator()(const I& a, const I& b) const
  94 |          {
  95 | -            return &(*a) < &(*b);
  96 | +            return a->first < b->first;
    maflcko commented at 9:53 AM on June 19, 2024:

    I wonder if the set could just be made a vector, because duplicates shouldn't happen?

    dergoegge commented at 10:21 AM on June 19, 2024:

    Maybe but this sounds like more effort than I wanted to spend on this.

    I don't think the comparison change here is gonna have any noticeable impact on performance tbh. In most cases the first 8 byte of the txids are already gonna differ, so the performance should be similar to comparing the pointers (assuming 8 byte addresses) most of the time.

  7. maflcko commented at 9:53 AM on June 19, 2024: member

    left some questions

  8. marcofleon commented at 12:20 PM on June 20, 2024: contributor

    Tested ACK e009bf681c0e38a6451afa594ba3c7c8861f61c3. Using afl++, stability for txorphan went from 82% to ~94% and for mini_miner it went from 84% to 97%. I ran them both using the corpora in qa-assets.

  9. glozow commented at 7:45 AM on July 1, 2024: member

    utACK e009bf681c0e38a6451afa594ba3c7c8861f61c3

    Didn't check stability, but using txid seems fine.

  10. fanquake merged this on Jul 1, 2024
  11. fanquake closed this on Jul 1, 2024
  12. Fabcien referenced this in commit 0fafd7b709 on Jul 19, 2024
  13. roqqit referenced this in commit 0d319003dd on Aug 1, 2024
  14. bitcoin locked this on Jul 1, 2025
Contributors
dergoeggeDrahtBotmaflckomarcofleonglozow
Labels
Tests
Linked (view graph)
#29018 fuzz: Fix stability, determinism issues
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-28 21:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me