fuzz: Make process_message(s) more deterministic #32822

pull maflcko wants to merge 3 commits into bitcoin:master from maflcko:2506-fuzz-pm changing 8 files +57 −9
  1. maflcko commented at 3:40 pm on June 27, 2025: member

    process_message(s) are the least stable fuzz targets, according to OSS-Fuzz.

    Tracking issue: #29018.

    Testing

    Needs coverage compilation, as explained in ./contrib/devtools/README.md. And then, using 32 threads:

    0cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- $PWD/bld-cmake/ $PWD/../b-c-qa-assets/fuzz_corpora/ process_messages 32  
    

    Each commit can be reverted to see more non-determinism re-appear.

  2. fuzz: Avoid non-determinism in process_message(s) target (PeerMan)
    The PeerManager has several members, such as the FastRandomContext,
    which need to be reset before every run to avoid leaking state from one
    run into the next.
    
    Also, style fixups in p2p_handshake.cpp, where this code is copied from.
    fa71b0a663
  3. fuzz: ResetMaxOutboundCycle in process_message(s) targets fa93ec301e
  4. fuzz: DisableNextWrite
    This is required in the process_message(s) fuzz targets to avoid leaking
    the next write time from one run to the next. Also, disable it
    completely because it is not needed and due to leveldb-internal
    non-determinism.
    fa30966d7d
  5. DrahtBot renamed this:
    fuzz: Make process_message(s) more deterministic
    fuzz: Make process_message(s) more deterministic
    on Jun 27, 2025
  6. DrahtBot added the label Tests on Jun 27, 2025
  7. DrahtBot commented at 3:40 pm on June 27, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32822.

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #32015 (net: replace manual reference counting of CNode with shared_ptr by vasild)
    • #30988 (Split CConnman by vasild)
    • #30214 (refactor: Improve assumeutxo state representation by ryanofsky)
    • #29418 (rpc: provide per message stats for global traffic via new RPC ‘getnetmsgstats’ by vasild)
    • #28792 (Embed default ASMap as binary dump header file by fjahr)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  8. maflcko commented at 3:42 pm on June 27, 2025: member

    for testing, the single-check doesn’t hit here and can be quite expensive, so it could be disabled via:

     0diff --git a/contrib/devtools/deterministic-fuzz-coverage/src/main.rs b/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
     1index 3eeb121db0..f729740a3a 100644
     2--- a/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
     3+++ b/contrib/devtools/deterministic-fuzz-coverage/src/main.rs
     4@@ -219,13 +219,6 @@ The coverage was not deterministic between runs.
     5         if !entry.is_file() {
     6             Err(format!("{} should be a file", entry.display()))?;
     7         }
     8-        let cov_txt_base = run_single('a', &entry, thread_id)?;
     9-        let cov_txt_repeat = run_single('b', &entry, thread_id)?;
    10-        check_diff(
    11-            &cov_txt_base,
    12-            &cov_txt_repeat,
    13-            &format!("The fuzz target input was {}.", entry.display()),
    14-        )?;
    15         Ok(())
    16     };
    17     thread::scope(|s| -> AppResult {
    


maflcko DrahtBot

Labels
Tests


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-07-01 00:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me