首页 发现 帮助
注册 登录
skyfffire
/
core-chain
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: dcaaec12e8
分支列表 标签列表
core-chain
/
tests
/
fuzzers
John 476d5200f7 [R4R]offline block prune (#543) 3 年之前
..
abi 7202b410b0 tests/fuzzers/abi: fixed one-off panic with int.Min64 value (#22233) 4 年之前
bitutil b13e9c4e3d tests/fuzzers: fix false positive in bitutil fuzzer (#22076) 4 年之前
bls12381 476d5200f7 [R4R]offline block prune (#543) 3 年之前
bn256 9e5bb84c0e tests/fuzzers: crypto/bn256 and crypto/bls12381 tests against gnark-crypto (#22755) 4 年之前
difficulty efe6dd2904 consensus/ethash: implement faster difficulty calculators (#21976) 4 年之前
keystore 0703c91fba tests/fuzzers: improve the fuzzers (#21829) 5 年之前
les bc47993692 tests/fuzzers: fix goroutine leak in les fuzzer (#22455) 4 年之前
rangeproof fae165a5de core, eth, ethdb, trie: simplify range proofs 4 年之前
rlp 0703c91fba tests/fuzzers: improve the fuzzers (#21829) 5 年之前
runtime b9012a039b common,crypto: move fuzzers out of core (#22029) 4 年之前
stacktrie 0703c91fba tests/fuzzers: improve the fuzzers (#21829) 5 年之前
trie 81678971db trie, tests/fuzzers: implement a stacktrie fuzzer + stacktrie fixes (#21799) 5 年之前
txfetcher 0703c91fba tests/fuzzers: improve the fuzzers (#21829) 5 年之前
vflux 6d7c9566df les, tests: fix les clientpool (#22756) 4 年之前
README.md 4f2784b38f all: fix typos in comments (#21118) 5 年之前

README.md

Fuzzers

To run a fuzzer locally, you need go-fuzz installed.

First build a fuzzing-binary out of the selected package:

(cd ./rlp && CGO_ENABLED=0 go-fuzz-build .)

That command should generate a rlp-fuzz.zip in the rlp/ directory. If you are already in that directory, you can do

[user@work rlp]$ go-fuzz
2019/11/26 13:36:54 workers: 6, corpus: 3 (3s ago), crashers: 0, restarts: 1/0, execs: 0 (0/sec), cover: 0, uptime: 3s
2019/11/26 13:36:57 workers: 6, corpus: 3 (6s ago), crashers: 0, restarts: 1/0, execs: 0 (0/sec), cover: 1054, uptime: 6s
2019/11/26 13:37:00 workers: 6, corpus: 3 (9s ago), crashers: 0, restarts: 1/8358, execs: 25074 (2786/sec), cover: 1054, uptime: 9s
2019/11/26 13:37:03 workers: 6, corpus: 3 (12s ago), crashers: 0, restarts: 1/8497, execs: 50986 (4249/sec), cover: 1054, uptime: 12s
2019/11/26 13:37:06 workers: 6, corpus: 3 (15s ago), crashers: 0, restarts: 1/9330, execs: 74640 (4976/sec), cover: 1054, uptime: 15s
2019/11/26 13:37:09 workers: 6, corpus: 3 (18s ago), crashers: 0, restarts: 1/9948, execs: 99482 (5527/sec), cover: 1054, uptime: 18s
2019/11/26 13:37:12 workers: 6, corpus: 3 (21s ago), crashers: 0, restarts: 1/9428, execs: 122568 (5836/sec), cover: 1054, uptime: 21s
2019/11/26 13:37:15 workers: 6, corpus: 3 (24s ago), crashers: 0, restarts: 1/9676, execs: 145152 (6048/sec), cover: 1054, uptime: 24s
2019/11/26 13:37:18 workers: 6, corpus: 3 (27s ago), crashers: 0, restarts: 1/9855, execs: 167538 (6205/sec), cover: 1054, uptime: 27s
2019/11/26 13:37:21 workers: 6, corpus: 3 (30s ago), crashers: 0, restarts: 1/9645, execs: 192901 (6430/sec), cover: 1054, uptime: 30s
2019/11/26 13:37:24 workers: 6, corpus: 3 (33s ago), crashers: 0, restarts: 1/9967, execs: 219294 (6645/sec), cover: 1054, uptime: 33s

Otherwise:

go-fuzz -bin ./rlp/rlp-fuzz.zip

Notes

Once a 'crasher' is found, the fuzzer tries to avoid reporting the same vector twice, so stores the fault in the suppressions folder. Thus, if you e.g. make changes to fix a bug, you should remove all data from the suppressions-folder, to verify that the issue is indeed resolved.

Also, if you have only one and the same exit-point for multiple different types of test, the suppression can make the fuzzer hide different types of errors. So make sure that each type of failure is unique (for an example, see the rlp fuzzer, where a counter i is used to differentiate between failures:

		if !bytes.Equal(input, output) {
			panic(fmt.Sprintf("case %d: encode-decode is not equal, \ninput : %x\noutput: %x", i, input, output))
		}