fuzz: Make partially_downloaded_block more deterministic #32158

pull maflcko wants to merge 3 commits into bitcoin:master from maflcko:2503-fuzz-det changing 3 files +72 −16
  1. maflcko commented at 2:04 pm on March 28, 2025: member

    This should make the partially_downloaded_block fuzz target even more deterministic.

    Follow-up to #31841. Tracking issue: #29018.

    This bundles several changes:

    • First, speed up the deterministic-fuzz-coverage helper by introducing parallelism.
    • Then, a fix to remove spawned test threads or spawn them deterministically. (While testing this, high parallelism and thread contention may be needed)

    Testing

    It can be tested via (setting 32 parallel threads):

    0cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- $PWD/bld-cmake/ $PWD/../b-c-qa-assets/fuzz_corpora/ partially_downloaded_block 32

    Locally, on a failure, the output would look like:

    0 ....
1-  150|      0|            m_worker_threads.emplace_back([this, n]() {
2-  151|      0|                util::ThreadRename(strprintf("scriptch.%i", n));
3+  150|      1|            m_worker_threads.emplace_back([this, n]() {
4+  151|      1|                util::ThreadRename(strprintf("scriptch.%i", n));
5 ...

    This likely indicates that the script threads were started after the fuzz init function returned.

    Similarly, for the scheduler thread, it would look like:

    0 ...
1   227|      0|        m_node.scheduler = std::make_unique<CScheduler>();
2-  228|      1|        m_node.scheduler->m_service_thread = std::thread(util::TraceThread, "scheduler", [&] { m_node.scheduler->serviceQueue(); });
3+  228|      0|        m_node.scheduler->m_service_thread = std::thread(util::TraceThread, "scheduler", [&] { m_node.scheduler->serviceQueue(); });
4   229|      0|        m_node.validation_signals =
5 ...
  2. contrib: Add optional parallelism to deterministic-fuzz-coverage fa9206b067
  3. contrib: Use -Xdemangler=llvm-cxxfilt in deterministic-*-coverage 
    This makes the result more readable.
    fa82da7041
  4. test: Avoid script check worker threads while fuzzing 
    Threads may execute their function any time after they are spawned, so
coverage could be non-deterministic.

Fix this,

* for the script check worker threads by disabling them while fuzzing.
* for the scheduler thread by waiting for it to fully start and run the
  service queue.
    fa1e2995d9
  5. DrahtBot commented at 2:04 pm on March 28, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32158.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK Prabhat1308

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #32113 (fuzz: enable running fuzz test cases in Debug mode by ajtowns)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  6. DrahtBot added the label Tests on Mar 28, 2025
  7. fanquake requested review from dergoegge on Mar 29, 2025
  8. fanquake requested review from marcofleon on Mar 29, 2025
  9. maflcko commented at 10:34 am on March 29, 2025: member
    I’ve run cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- $PWD/bld-cmake/ $PWD/../b-c-qa-assets/fuzz_corpora/ partially_downloaded_block 128 for about 300 times and it passed. So hopefully this is good enough for now. (In theory the scheduler thread may still be woken spuriously, even if there is no work, but the only solution to that would be to disable it completely for all fuzz targets that don’t need it.)
  10. Prabhat1308 commented at 8:34 pm on March 29, 2025: none

    tACK fa1e299

    Tested 10 runs with each 32 and 128 parallel threads on MacOS. Steps followed

    0cmake -B build -DCMAKE_C_COMPILER="$(brew --prefix llvm)/bin/clang" \ 
1   -DCMAKE_CXX_COMPILER="$(brew --prefix llvm)/bin/clang++" \
2   -DCMAKE_C_FLAGS="-fprofile-instr-generate -fcoverage-mapping" \
3   -DCMAKE_CXX_FLAGS="-fprofile-instr-generate -fcoverage-mapping" \
4   -DBUILD_FOR_FUZZING=ON
5   
6   cmake --build build -j$(sysctl -n hw.ncpu) 
7   
8   cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- $PWD/build/ $PWD/qa-assets/fuzz_corpora/ partially_downloaded_block 32/128


maflcko DrahtBot Prabhat1308


dergoegge marcofleon

Labels
Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-03-31 09:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me