fuzz: Make process_message(s) more deterministic #32822

pull maflcko wants to merge 4 commits into bitcoin:master from maflcko:2506-fuzz-pm changing 8 files +106 −21
  1. maflcko commented at 3:40 pm on June 27, 2025: member

    process_message(s) are the least stable fuzz targets, according to OSS-Fuzz.

    Tracking issue: #29018.

    Testing

    Needs coverage compilation, as explained in ./contrib/devtools/README.md. And then, using 32 threads:

    0cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- $PWD/bld-cmake/ $PWD/../b-c-qa-assets/fuzz_corpora/ process_messages 32

    Each commit can be reverted to see more non-determinism re-appear.

  2. DrahtBot renamed this:
    fuzz: Make process_message(s) more deterministic
    fuzz: Make process_message(s) more deterministic
    on Jun 27, 2025
  3. DrahtBot added the label Tests on Jun 27, 2025
  4. DrahtBot commented at 3:40 pm on June 27, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32822.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK marcofleon, dergoegge
    Stale ACK brunoerg

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #32015 (net: replace manual reference counting of CNode with shared_ptr by vasild)
    • #30988 (Split CConnman by vasild)
    • #30214 (refactor: Improve assumeutxo state representation by ryanofsky)
    • #29418 (rpc: provide per message stats for global traffic via new RPC ‘getnetmsgstats’ by vasild)
    • #28792 (Embed default ASMap as binary dump header file by fjahr)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  5. maflcko commented at 3:42 pm on June 27, 2025: member

    for testing, the single-check doesn’t hit here and can be quite expensive, so it could be disabled via:

     0diff --git a/contrib/devtools/deterministic-fuzz-coverage/src/main.rs b/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
 1index 3eeb121db0..f729740a3a 100644
 2--- a/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
 3+++ b/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
 4@@ -219,13 +219,6 @@ The coverage was not deterministic between runs.
 5         if !entry.is_file() {
 6             Err(format!("{} should be a file", entry.display()))?;
 7         }
 8-        let cov_txt_base = run_single('a', &entry, thread_id)?;
 9-        let cov_txt_repeat = run_single('b', &entry, thread_id)?;
10-        check_diff(
11-            &cov_txt_base,
12-            &cov_txt_repeat,
13-            &format!("The fuzz target input was {}.", entry.display()),
14-        )?;
15         Ok(())
16     };
17     thread::scope(|s| -> AppResult {
  6. dergoegge approved
  7. dergoegge commented at 10:50 am on July 1, 2025: member
    utACK fa30966d7d881f5f299a531bd83a666fa15f4563
  8. fanquake requested review from marcofleon on Jul 1, 2025
  9. maflcko force-pushed on Jul 1, 2025
  10. maflcko force-pushed on Jul 1, 2025
  11. maflcko commented at 4:41 pm on July 1, 2025: member

    Apologies for the force push. However, it seems that the fuzz target actually produces valid block headers, so the chainman state is dirty and needs to be reset as well for those fuzz inputs. I’ve pushed a new commit doing this (after a rebase).

    There is still non-determinism in operator==<transaction_identifier>, however I fail to see the source. I may take a look in the future.

  12. maflcko force-pushed on Jul 2, 2025
  13. brunoerg approved
  14. brunoerg commented at 1:50 pm on July 2, 2025: contributor
    light code review ACK fac673d434b4d32d8c44dcc50a3655ba4a1816de
  15. DrahtBot requested review from dergoegge on Jul 2, 2025
  16. marcofleon commented at 11:50 pm on July 2, 2025: contributor

    tACK fac673d434b4d32d8c44dcc50a3655ba4a1816de

    Running the stability script, there’s significantly less coverage differences with this PR. My only question is why does ResetChainman set mock time in process_messages but not in process_message? Didn’t see an obvious reason, but I could be missing something.

  17. maflcko force-pushed on Jul 3, 2025
  18. maflcko commented at 6:49 am on July 3, 2025: member

    mock time

    My bad and nice catch. Added it there as well. should be trivial to re-review with range-diff

  19. marcofleon commented at 8:49 pm on July 3, 2025: contributor
    ReACK fa501ea5ed874ffcba2b606806460e61a1204bd2
  20. DrahtBot requested review from brunoerg on Jul 3, 2025
  21. brunoerg commented at 2:36 pm on July 10, 2025: contributor
    reACK fa501ea5ed874ffcba2b606806460e61a1204bd2
  22. dergoegge approved
  23. dergoegge commented at 9:47 am on July 11, 2025: member

    utACK fa501ea5ed874ffcba2b606806460e61a1204bd2

    As a follow up (if someone is interested), we could add the block hashes for the blocks with mature coinbases (as well as the mature coinbase prevouts) to the dictionary in qa-assets.

  24. DrahtBot added the label Needs rebase on Jul 11, 2025
  25. dergoegge commented at 12:47 pm on July 17, 2025: member
    This needs a rebase, but should be good to go otherwise.
  26. fuzz: Avoid non-determinism in process_message(s) target (PeerMan) 
    The PeerManager has several members, such as the FastRandomContext,
which need to be reset before every run to avoid leaking state from one
run into the next.

Also, style fixups in p2p_handshake.cpp, where this code is copied from.
    fa11eea405
  27. fuzz: Reset dirty connman state in process_message(s) targets aeeeeec9f7
  28. fuzz: DisableNextWrite 
    This is required in the process_message(s) fuzz targets to avoid leaking
the next write time from one run to the next. Also, disable it
completely because it is not needed and due to leveldb-internal
non-determinism.
    fa9a3de09b
  29. fuzz: Reset chainman state in process_message(s) targets fa1a14a13a
  30. maflcko force-pushed on Jul 18, 2025
  31. DrahtBot removed the label Needs rebase on Jul 18, 2025
  32. maflcko commented at 1:32 pm on July 18, 2025: member
    (rebased)
  33. marcofleon commented at 2:32 pm on July 18, 2025: contributor

    ReACK fa1a14a13a15ecfb7587a94ee86b4ace7c819519

    range-diff 33332cf86a..fa501ea5ed fa11eea405..fa1a14a13a lgtm

  34. DrahtBot requested review from dergoegge on Jul 18, 2025
  35. DrahtBot requested review from brunoerg on Jul 18, 2025
  36. dergoegge approved
  37. dergoegge commented at 9:24 am on July 21, 2025: member
    reACK fa1a14a13a15ecfb7587a94ee86b4ace7c819519


maflcko DrahtBot dergoegge brunoerg marcofleon


brunoerg

Labels
Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-07-23 00:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me