From fa4fa88d7648bfeb75fac941cdff79dcc38affbf Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Mon, 9 Mar 2020 11:21:27 -0400 Subject: [PATCH 1/3] doc: Remove --disable-ccache from docs --- doc/fuzzing.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/fuzzing.md b/doc/fuzzing.md index c34ca4cb59..af82371d58 100644 --- a/doc/fuzzing.md +++ b/doc/fuzzing.md @@ -52,7 +52,7 @@ For macOS you may need to ignore x86 compilation checks when running `make`: To build Bitcoin Core using AFL instrumentation (this assumes that the `AFLPATH` was set as above): ``` -./configure --disable-ccache --disable-shared --enable-tests --enable-fuzz CC=${AFLPATH}/afl-gcc CXX=${AFLPATH}/afl-g++ +./configure --disable-shared --enable-tests --enable-fuzz CC=${AFLPATH}/afl-gcc CXX=${AFLPATH}/afl-g++ export AFL_HARDEN=1 make ``` @@ -60,7 +60,7 @@ make If you are using clang you will need to substitute `afl-gcc` with `afl-clang` and `afl-g++` with `afl-clang++`, so the first line above becomes: ``` -./configure --disable-ccache --disable-shared --enable-tests --enable-fuzz CC=${AFLPATH}/afl-clang CXX=${AFLPATH}/afl-clang++ +./configure --disable-shared --enable-tests --enable-fuzz CC=${AFLPATH}/afl-clang CXX=${AFLPATH}/afl-clang++ ``` We disable ccache because we don't want to pollute the ccache with instrumented @@ -102,7 +102,7 @@ libFuzzer is needed (all found in the `compiler-rt` runtime libraries package). To build all fuzz targets with libFuzzer, run ``` -./configure --disable-ccache --enable-fuzz --with-sanitizers=fuzzer,address,undefined CC=clang CXX=clang++ +./configure --enable-fuzz --with-sanitizers=fuzzer,address,undefined CC=clang CXX=clang++ make ``` @@ -134,5 +134,5 @@ clang does not come first in your path. Full configure that was tested on macOS Catalina with `brew` installed `llvm`: ``` -./configure --disable-ccache --enable-fuzz --with-sanitizers=fuzzer,address,undefined CC=/usr/local/opt/llvm/bin/clang CXX=/usr/local/opt/llvm/bin/clang++ --disable-asm +./configure --enable-fuzz --with-sanitizers=fuzzer,address,undefined CC=/usr/local/opt/llvm/bin/clang CXX=/usr/local/opt/llvm/bin/clang++ --disable-asm ``` From aaaa055ff72a33241a3fdc2308d77bcbf51c262d Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Tue, 19 Feb 2019 15:46:29 -0500 Subject: [PATCH 2/3] fuzz: Add option to merge input dir to test runner --- test/fuzz/test_runner.py | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py index d71a8719dc..9f2c473bd0 100755 --- a/test/fuzz/test_runner.py +++ b/test/fuzz/test_runner.py @@ -18,7 +18,10 @@ FUZZERS_MISSING_CORPORA = [ def main(): - parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) + parser = argparse.ArgumentParser( + formatter_class=argparse.ArgumentDefaultsHelpFormatter, + description='''Run the fuzz targets with all inputs from the seed_dir once.''', + ) parser.add_argument( "-l", "--loglevel", @@ -50,6 +53,10 @@ def main(): nargs='*', help='The target(s) to run. Default is to run all targets.', ) + parser.add_argument( + '--m_dir', + help='Merge inputs from this directory into the seed_dir. Needs /target subdirectory.', + ) args = parser.parse_args() @@ -112,6 +119,14 @@ def main(): logging.error("subprocess timed out: Currently only libFuzzer is supported") sys.exit(1) + if args.m_dir: + merge_inputs( + corpus=args.seed_dir, + test_list=test_list_selection, + build_dir=config["environment"]["BUILDDIR"], + merge_dir=args.m_dir, + ) + run_once( corpus=args.seed_dir, test_list=test_list_selection, @@ -121,6 +136,22 @@ def main(): ) +def merge_inputs(*, corpus, test_list, build_dir, merge_dir): + logging.info("Merge the inputs in the passed dir into the seed_dir. Passed dir {}".format(merge_dir)) + for t in test_list: + args = [ + os.path.join(build_dir, 'src', 'test', 'fuzz', t), + '-merge=1', + os.path.join(corpus, t), + os.path.join(merge_dir, t), + ] + os.makedirs(os.path.join(corpus, t), exist_ok=True) + os.makedirs(os.path.join(merge_dir, t), exist_ok=True) + logging.debug('Run {} with args {}'.format(t, args)) + output = subprocess.run(args, check=True, stderr=subprocess.PIPE, universal_newlines=True).stderr + logging.debug('Output: {}'.format(output)) + + def run_once(*, corpus, test_list, build_dir, export_coverage, use_valgrind): for t in test_list: corpus_path = os.path.join(corpus, t) From fa3fa27c45618bcd8e325b27728b5f6c175d1a03 Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Tue, 10 Mar 2020 11:24:56 -0400 Subject: [PATCH 3/3] fuzz: Remove option --export_coverage from test_runner The coverage statistics are not stable across clang versions --- test/fuzz/test_runner.py | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py index 9f2c473bd0..1492932f2a 100755 --- a/test/fuzz/test_runner.py +++ b/test/fuzz/test_runner.py @@ -29,11 +29,6 @@ def main(): default="INFO", help="log events at this level and higher to the console. Can be set to DEBUG, INFO, WARNING, ERROR or CRITICAL. Passing --loglevel DEBUG will output all logs to console.", ) - parser.add_argument( - '--export_coverage', - action='store_true', - help='If true, export coverage information to files in the seed corpus', - ) parser.add_argument( '--valgrind', action='store_true', @@ -131,7 +126,6 @@ def main(): corpus=args.seed_dir, test_list=test_list_selection, build_dir=config["environment"]["BUILDDIR"], - export_coverage=args.export_coverage, use_valgrind=args.valgrind, ) @@ -152,7 +146,7 @@ def merge_inputs(*, corpus, test_list, build_dir, merge_dir): logging.debug('Output: {}'.format(output)) -def run_once(*, corpus, test_list, build_dir, export_coverage, use_valgrind): +def run_once(*, corpus, test_list, build_dir, use_valgrind): for t in test_list: corpus_path = os.path.join(corpus, t) if t in FUZZERS_MISSING_CORPORA: @@ -177,13 +171,6 @@ def run_once(*, corpus, test_list, build_dir, export_coverage, use_valgrind): logging.info(e.stderr) logging.info("Target \"{}\" failed with exit code {}: {}".format(t, e.returncode, " ".join(args))) sys.exit(1) - if not export_coverage: - continue - for l in output.splitlines(): - if 'INITED' in l: - with open(os.path.join(corpus, t + '_coverage'), 'w', encoding='utf-8') as cov_file: - cov_file.write(l) - break def parse_test_list(makefile):