Merge bitcoin/bitcoin#28178: fuzz: Generate with random libFuzzer settings

fa3a4102ef0ae06d8930d7a7b567759e2a5b5fde fuzz: Set -rss_limit_mb=8000 for generate as well (MarcoFalke)
fa4e396e1da8e5b04a5f906b95017b969ea37bae fuzz: Generate with random libFuzzer settings (MarcoFalke)

Pull request description:

  Sometimes a libFuzzer setting like `-use_value_profile=1` helps [0], sometimes it hurts [1].

  [0] https://github.com/bitcoin/bitcoin/pull/20789#issuecomment-752961937
  [1] https://github.com/bitcoin/bitcoin/pull/27888#issuecomment-1645976254

  By picking a random value, it is ensured that at least some of the runs will have the beneficial configuration set.

  Also, set `-max_total_time` to prevent slow fuzz targets from getting a larger time share, or possibly peg to a single core for a long time and block the python script from exiting for a long time. This can be improved in the future. For example, the python script can exit after some time (https://github.com/bitcoin/bitcoin/pull/20752#discussion_r549248791). Alternatively, it can measure if coverage progress was made and run for less time if no progress has been made recently anyway, so that more time can be spent on targets that are new or still make progress.

ACKs for top commit:
  murchandamus:
    utACK fa3a4102ef0ae06d8930d7a7b567759e2a5b5fde
  dergoegge:
    utACK fa3a4102ef0ae06d8930d7a7b567759e2a5b5fde
  brunoerg:
    light ACK fa3a4102ef0ae06d8930d7a7b567759e2a5b5fde

Tree-SHA512: bfd04a76ca09aec612397bae5f3f263a608faa7087697169bd4c506c8195c4d2dd84ddc7fcd3ebbc75771eab618fad840af819114968ca3668fc730092376768
This commit is contained in:
fanquake 2024-02-27 09:03:11 +00:00 committed by pasta
parent 9b6a05df66
commit 92bad90e6c
No known key found for this signature in database
GPG Key ID: E2F3D7916E722D38

View File

@ -10,6 +10,7 @@ import argparse
import configparser import configparser
import logging import logging
import os import os
import random
import subprocess import subprocess
import sys import sys
@ -207,9 +208,13 @@ def generate_corpus(*, fuzz_pool, src_dir, build_dir, corpus_dir, targets):
for target in targets: for target in targets:
target_corpus_dir = os.path.join(corpus_dir, target) target_corpus_dir = os.path.join(corpus_dir, target)
os.makedirs(target_corpus_dir, exist_ok=True) os.makedirs(target_corpus_dir, exist_ok=True)
use_value_profile = int(random.random() < .3)
command = [ command = [
os.path.join(build_dir, 'src', 'test', 'fuzz', 'fuzz'), os.path.join(build_dir, 'src', 'test', 'fuzz', 'fuzz'),
"-runs=100000", "-rss_limit_mb=8000",
"-max_total_time=6000",
"-reload=0",
f"-use_value_profile={use_value_profile}",
target_corpus_dir, target_corpus_dir,
] ]
futures.append(fuzz_pool.submit(job, command, target)) futures.append(fuzz_pool.submit(job, command, target))