fuzz: Make process_message(s) more deterministic #32822

1. 
   maflcko commented at 3:40 pm on June 27, 2025: member

   process_message(s) are the least stable fuzz targets, according to OSS-Fuzz.

   Tracking issue: #29018.

   Testing

   Needs coverage compilation, as explained in ./contrib/devtools/README.md. And then, using 32 threads:

   0cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- $PWD/bld-cmake/ $PWD/../b-c-qa-assets/fuzz_corpora/ process_messages 32  
   

   Each commit can be reverted to see more non-determinism re-appear.

2. fuzz: Avoid non-determinism in process_message(s) target (PeerMan)

   The PeerManager has several members, such as the FastRandomContext,
   which need to be reset before every run to avoid leaking state from one
   run into the next.
   
   Also, style fixups in p2p_handshake.cpp, where this code is copied from.

   fa71b0a663
3. fuzz: ResetMaxOutboundCycle in process_message(s) targets fa93ec301e
4. fuzz: DisableNextWrite

   This is required in the process_message(s) fuzz targets to avoid leaking
   the next write time from one run to the next. Also, disable it
   completely because it is not needed and due to leveldb-internal
   non-determinism.

   fa30966d7d
5. DrahtBot renamed this:
   fuzz: Make process_message(s) more deterministic
   fuzz: Make process_message(s) more deterministic
   on Jun 27, 2025
6. DrahtBot added the label Tests on Jun 27, 2025
7. 
   DrahtBot commented at 3:40 pm on June 27, 2025: contributor

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Code Coverage & Benchmarks

   For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32822.

   Reviews

   See the guideline for information on the review process. A summary of reviews will appear here.

   Conflicts

   Reviewers, this pull request conflicts with the following ones:

   • #32015 (net: replace manual reference counting of CNode with shared_ptr by vasild)
   • #30988 (Split CConnman by vasild)
   • #30214 (refactor: Improve assumeutxo state representation by ryanofsky)
   • #29418 (rpc: provide per message stats for global traffic via new RPC ‘getnetmsgstats’ by vasild)
   • #28792 (Embed default ASMap as binary dump header file by fjahr)

   If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

8. 
   maflcko commented at 3:42 pm on June 27, 2025: member

   for testing, the single-check doesn’t hit here and can be quite expensive, so it could be disabled via:

    0diff --git a/contrib/devtools/deterministic-fuzz-coverage/src/main.rs b/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
    1index 3eeb121db0..f729740a3a 100644
    2--- a/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
    3+++ b/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
    4@@ -219,13 +219,6 @@ The coverage was not deterministic between runs.
    5         if !entry.is_file() {
    6             Err(format!("{} should be a file", entry.display()))?;
    7         }
    8-        let cov_txt_base = run_single('a', &entry, thread_id)?;
    9-        let cov_txt_repeat = run_single('b', &entry, thread_id)?;
   10-        check_diff(
   11-            &cov_txt_base,
   12-            &cov_txt_repeat,
   13-            &format!("The fuzz target input was {}.", entry.display()),
   14-        )?;
   15         Ok(())
   16     };
   17     thread::scope(|s| -> AppResult {
   

Contributors
maflcko DrahtBot

Labels
Tests