From 92bad90e6cb8960014de1f92c60df5c3e91c0abe Mon Sep 17 00:00:00 2001 From: fanquake Date: Tue, 27 Feb 2024 09:03:11 +0000 Subject: [PATCH] Merge bitcoin/bitcoin#28178: fuzz: Generate with random libFuzzer settings fa3a4102ef0ae06d8930d7a7b567759e2a5b5fde fuzz: Set -rss_limit_mb=8000 for generate as well (MarcoFalke) fa4e396e1da8e5b04a5f906b95017b969ea37bae fuzz: Generate with random libFuzzer settings (MarcoFalke) Pull request description: Sometimes a libFuzzer setting like `-use_value_profile=1` helps [0], sometimes it hurts [1]. [0] https://github.com/bitcoin/bitcoin/pull/20789#issuecomment-752961937 [1] https://github.com/bitcoin/bitcoin/pull/27888#issuecomment-1645976254 By picking a random value, it is ensured that at least some of the runs will have the beneficial configuration set. Also, set `-max_total_time` to prevent slow fuzz targets from getting a larger time share, or possibly peg to a single core for a long time and block the python script from exiting for a long time. This can be improved in the future. For example, the python script can exit after some time (https://github.com/bitcoin/bitcoin/pull/20752#discussion_r549248791). Alternatively, it can measure if coverage progress was made and run for less time if no progress has been made recently anyway, so that more time can be spent on targets that are new or still make progress. ACKs for top commit: murchandamus: utACK fa3a4102ef0ae06d8930d7a7b567759e2a5b5fde dergoegge: utACK fa3a4102ef0ae06d8930d7a7b567759e2a5b5fde brunoerg: light ACK fa3a4102ef0ae06d8930d7a7b567759e2a5b5fde Tree-SHA512: bfd04a76ca09aec612397bae5f3f263a608faa7087697169bd4c506c8195c4d2dd84ddc7fcd3ebbc75771eab618fad840af819114968ca3668fc730092376768 --- test/fuzz/test_runner.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py index 581fb36c53..33ea7b5832 100755 --- a/test/fuzz/test_runner.py +++ b/test/fuzz/test_runner.py @@ -10,6 +10,7 @@ import argparse import configparser import logging import os +import random import subprocess import sys @@ -207,9 +208,13 @@ def generate_corpus(*, fuzz_pool, src_dir, build_dir, corpus_dir, targets): for target in targets: target_corpus_dir = os.path.join(corpus_dir, target) os.makedirs(target_corpus_dir, exist_ok=True) + use_value_profile = int(random.random() < .3) command = [ os.path.join(build_dir, 'src', 'test', 'fuzz', 'fuzz'), - "-runs=100000", + "-rss_limit_mb=8000", + "-max_total_time=6000", + "-reload=0", + f"-use_value_profile={use_value_profile}", target_corpus_dir, ] futures.append(fuzz_pool.submit(job, command, target))