foster/bitcoin-core
0
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-03-09 15:37:00 -04:00
Code Issues Activity

build: add more CMake presets (dev-mode, libfuzzer, libfuzzer-nosan)

Browse source
This commit is contained in:
Pieter Wuille 2024-09-11 11:48:38 -04:00
parent 0725a37494
commit f15e817811
2 changed files with 64 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
CMakePresets.json
View file

@ -35,6 +35,63 @@
"BUILD_GUI": "ON", "BUILD_GUI": "ON",
"WITH_QRENCODE": "OFF" "WITH_QRENCODE": "OFF"
} }
},
{
"name": "libfuzzer",
"displayName": "Build for fuzzing with libfuzzer, and sanitizers enabled",
"binaryDir": "${sourceDir}/build_fuzz",
"cacheVariables": {
"BUILD_FOR_FUZZING": "ON",
"CMAKE_C_COMPILER": "clang",
"CMAKE_C_FLAGS": "-ftrivial-auto-var-init=pattern",
"CMAKE_CXX_COMPILER": "clang++",
"CMAKE_CXX_FLAGS": "-ftrivial-auto-var-init=pattern",
"SANITIZERS": "undefined,address,fuzzer"
}
},
{
"name": "libfuzzer-nosan",
"displayName": "Build for fuzzing with libfuzzer, and sanitizers disabled",
"binaryDir": "${sourceDir}/build_fuzz_nosan",
"cacheVariables": {
"BUILD_FOR_FUZZING": "ON",
"CMAKE_C_COMPILER": "clang",
"CMAKE_CXX_COMPILER": "clang++",
"SANITIZERS": "fuzzer"
}
},
{
"name": "dev-mode",
"displayName": "Developer mode, with all features/dependencies enabled",
"binaryDir": "${sourceDir}/build_dev_mode",
"cacheVariables": {
"BUILD_BENCH": "ON",
"BUILD_CLI": "ON",
"BUILD_DAEMON": "ON",
"BUILD_FUZZ_BINARY": "ON",
"BUILD_GUI": "ON",
"BUILD_GUI_TESTS": "ON",
"BUILD_KERNEL_LIB": "ON",
"BUILD_SHARED_LIBS": "ON",
"BUILD_TESTING": "ON",
"BUILD_TESTS": "ON",
"BUILD_TX": "ON",
"BUILD_UTIL": "ON",
"BUILD_UTIL_CHAINSTATE": "ON",
"BUILD_WALLET_TOOL": "ON",
"ENABLE_EXTERNAL_SIGNER": "ON",
"ENABLE_HARDENING": "ON",
"ENABLE_WALLET": "ON",
"WARN_INCOMPATIBLE_BDB": "OFF",
"WITH_BDB": "ON",
"WITH_MINIUPNPC": "ON",
"WITH_MULTIPROCESS": "ON",
"WITH_NATPMP": "ON",
"WITH_QRENCODE": "ON",
"WITH_SQLITE": "ON",
"WITH_USDT": "ON",
"WITH_ZMQ": "ON"
}
} }
] ]
} }

17
doc/fuzzing.md
View file

@ -7,11 +7,7 @@ To quickly get started fuzzing Bitcoin Core using [libFuzzer](https://llvm.org/d
```sh ```sh
$ git clone https://github.com/bitcoin/bitcoin $ git clone https://github.com/bitcoin/bitcoin
$ cd bitcoin/ $ cd bitcoin/
$ cmake -B build_fuzz \ $ cmake --preset=libfuzzer
-DCMAKE_C_COMPILER="clang" \
-DCMAKE_CXX_COMPILER="clang++" \
-DBUILD_FOR_FUZZING=ON \
-DSANITIZERS=undefined,address,fuzzer
# macOS users: If you have problem with this step then make sure to read "macOS hints for # macOS users: If you have problem with this step then make sure to read "macOS hints for
# libFuzzer" on https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md#macos-hints-for-libfuzzer # libFuzzer" on https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md#macos-hints-for-libfuzzer
$ cmake --build build_fuzz $ cmake --build build_fuzz
@ -19,6 +15,9 @@ $ FUZZ=process_message build_fuzz/src/test/fuzz/fuzz
# abort fuzzing using ctrl-c # abort fuzzing using ctrl-c
``` ```
One can use `--prefix=libfuzzer-nosan` to do the same without common sanitizers enabled.
See [further](#run-without-sanitizers-for-increased-throughput) for more information.
There is also a runner script to execute all fuzz targets. Refer to There is also a runner script to execute all fuzz targets. Refer to
`./test/fuzz/test_runner.py --help` for more details. `./test/fuzz/test_runner.py --help` for more details.
@ -107,8 +106,8 @@ INFO: seed corpus: files: 991 min: 1b max: 1858b total: 288291b rss: 150Mb
Fuzzing on a harness compiled with `-DSANITIZERS=address,fuzzer,undefined` is Fuzzing on a harness compiled with `-DSANITIZERS=address,fuzzer,undefined` is
good for finding bugs. However, the very slow execution even under libFuzzer good for finding bugs. However, the very slow execution even under libFuzzer
will limit the ability to find new coverage. A good approach is to perform will limit the ability to find new coverage. A good approach is to perform
occasional long runs without the additional bug-detectors (just occasional long runs without the additional bug-detectors
`-DSANITIZERS=fuzzer`) and then merge new inputs into a corpus as described in (`--preset=libfuzzer-nosan`) and then merge new inputs into a corpus as described in
the qa-assets repo the qa-assets repo
(https://github.com/bitcoin-core/qa-assets/blob/main/.github/PULL_REQUEST_TEMPLATE.md). (https://github.com/bitcoin-core/qa-assets/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
Patience is useful; even with improved throughput, libFuzzer may need days and Patience is useful; even with improved throughput, libFuzzer may need days and
@ -145,11 +144,9 @@ You may also need to take care of giving the correct path for `clang` and
Full configuration step that was tested on macOS with `brew` installed `llvm`: Full configuration step that was tested on macOS with `brew` installed `llvm`:
```sh ```sh
$ cmake -B build_fuzz \ $ cmake --preset=libfuzzer \
-DCMAKE_C_COMPILER="$(brew --prefix llvm)/bin/clang" \ -DCMAKE_C_COMPILER="$(brew --prefix llvm)/bin/clang" \
-DCMAKE_CXX_COMPILER="$(brew --prefix llvm)/bin/clang++" \ -DCMAKE_CXX_COMPILER="$(brew --prefix llvm)/bin/clang++" \
-DBUILD_FOR_FUZZING=ON \
-DSANITIZERS=undefined,address,fuzzer \
-DAPPEND_LDFLAGS=-Wl,-no_warn_duplicate_libraries -DAPPEND_LDFLAGS=-Wl,-no_warn_duplicate_libraries
``` ```