fuzz: Apply HasTooManySubFrag (et al) to miniscript_string (et al) #30498

issue maflcko openend this issue on July 22, 2024
  1. maflcko commented at 10:47 am on July 22, 2024: member

    Should the check be applied to miniscript_string, for example the miniscript_string/ae395bdc087e233d7f8e1844d4814b2c00cc9d21 input, as well?

    Originally posted by @maflcko in #30197 (comment)

    Seems useful to at least apply to that fuzz target as well. In theory it could be applied to parse_univalue as well (reverting commit a1b8a917b176ee36961203ccee96457d85102e60).

  2. maflcko added the label Tests on Jul 22, 2024
  3. darosior commented at 4:18 pm on July 27, 2024: member
    I said it makes sense, but giving this a closer look i don’t think it’s needed. And it’s the reason why it wasn’t hit by this target before. HasDeepDerivPath does not apply as we do not parse derivation paths in this target. HasTooManySubFrag is not needed as this target does not call any function which involves quadratic algorithms over the number of sub fragments. Similarly, HasTooManyWrappers isn’t needed because we do not call ToScript() on the parsed miniscript.
  4. maflcko commented at 7:37 am on July 29, 2024: member

    Ok, then maybe another limit could be appropriate, because I am not sure if a 120KB string is a real-world use case. (No objection to fuzzing it, but is seems to be taking a long time, which will hurt fuzzing of other inputs in the same target).

    0───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────
    1       │ File: ./miniscript_string/ae395bdc087e233d7f8e1844d4814b2c00cc9d21
    2───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────
    3   1   │ v:and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(and_b(a
    4       │ nd_b(and_b(older(7403566),a:0),a:0),t:or_d(u:thresh(3,u:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:
    5       │ 1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1
    6       │ ,au:1,au:1,au:1,auau:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:1,au:
    7       │ 1,au:1,au:1,au:1,aullllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
    

    https://cirrus-ci.com/task/6370113769701376?logs=ci#L4545:

     0Run miniscript_string with args ['/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz', '-runs=1', PosixPath('/ci_container_base/ci/scratch/qa-assets/fuzz_seed_corpus/miniscript_string')]INFO: Running with entropic power schedule (0xFF, 100).
     1INFO: Seed: 1619189122
     2INFO: Loaded 1 modules   (616236 inline 8-bit counters): 616236 [0x56001e233918, 0x56001e2ca044), 
     3INFO: Loaded 1 PC tables (616236 PCs): 616236 [0x56001e2ca048,0x56001ec31308), 
     4INFO:     1234 files found in /ci_container_base/ci/scratch/qa-assets/fuzz_seed_corpus/miniscript_string
     5INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 262199 bytes
     6INFO: seed corpus: files: 1234 min: 1b max: 262199b total: 3963484b rss: 112Mb
     7[#1024](/bitcoin-bitcoin/1024/)	pulse  cov: 3454 ft: 24651 corp: 751/204Kb exec/s: 256 rss: 292Mb
     8Slowest unit: 19 s:
     9artifact_prefix='./'; Test unit written to ./slow-unit-ae395bdc087e233d7f8e1844d4814b2c00cc9d21
    10[#1235](/bitcoin-bitcoin/1235/)	INITED cov: 3454 ft: 25292 corp: 832/851Kb exec/s: 13 rss: 942Mb
    11[#1235](/bitcoin-bitcoin/1235/)	DONE   cov: 3454 ft: 25292 corp: 832/851Kb lim: 130419 exec/s: 13 rss: 942Mb
    12Done 1235 runs in 92 second(s)
    
    0$ FUZZ=miniscript_string perf record -g --call-graph dwarf  ./src/test/fuzz/fuzz ./miniscript_string/ae395bdc087e233d7f8e1844d4814b2c00cc9d21 
    1$ hotspot ./perf.data
    

    Screenshot from 2024-07-29 09-36-00


maflcko darosior

Labels
Tests


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-27 03:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me