fuzz: Generate process_message targets individually

MarcoFalke · MarcoFalke · commit fa6245da6061 · 2023-07-12T15:52:14.000+02:00
Also, add an "rpc" target without LIMIT_TO_RPC_COMMAND set.
diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py
@@ -193,27 +193,52 @@ def main():
         )
 
 
-def generate_corpus(*, fuzz_pool, src_dir, build_dir, corpus_dir, targets):
-    """Generates new corpus.
+def transform_process_message_target(targets, src_dir):
+    """Add a target per process message, and also keep ("process_message", {}) to allow for
+    cross-pollination, or unlimited search"""
+
+    p2p_msg_target = "process_message"
+    if (p2p_msg_target, {}) in targets:
+        lines = subprocess.run(
+            ["git", "grep", "--function-context", "g_all_net_message_types{", src_dir / "src" / "protocol.cpp"],
+            check=True,
+            stdout=subprocess.PIPE,
+            text=True,
+        ).stdout.splitlines()
+        lines = [l.split("::", 1)[1].split(",")[0].lower() for l in lines if l.startswith("src/protocol.cpp-    NetMsgType::")]
+        assert len(lines)
+        targets += [(p2p_msg_target, {"LIMIT_TO_MESSAGE_TYPE": m}) for m in lines]
+    return targets
+
+
+def transform_rpc_target(targets, src_dir):
+    """Add a target per RPC command, and also keep ("rpc", {}) to allow for cross-pollination,
+    or unlimited search"""
 
-    Run {targets} without input, and outputs the generated corpus to
-    {corpus_dir}.
-    """
-    logging.info("Generating corpus to {}".format(corpus_dir))
     rpc_target = "rpc"
-    has_rpc = rpc_target in targets
-    if has_rpc:
-        targets.remove(rpc_target)
-    targets = [(t, {}) for t in targets]
-    if has_rpc:
+    if (rpc_target, {}) in targets:
         lines = subprocess.run(
-            ["git", "grep", "--function-context", "RPC_COMMANDS_SAFE_FOR_FUZZING{", os.path.join(src_dir, "src", "test", "fuzz", "rpc.cpp")],
+            ["git", "grep", "--function-context", "RPC_COMMANDS_SAFE_FOR_FUZZING{", src_dir / "src" / "test" / "fuzz" / "rpc.cpp"],
             check=True,
             stdout=subprocess.PIPE,
             text=True,
         ).stdout.splitlines()
         lines = [l.split("\"", 1)[1].split("\"")[0] for l in lines if l.startswith("src/test/fuzz/rpc.cpp-    \"")]
+        assert len(lines)
         targets += [(rpc_target, {"LIMIT_TO_RPC_COMMAND": r}) for r in lines]
+    return targets
+
+
+def generate_corpus(*, fuzz_pool, src_dir, build_dir, corpus_dir, targets):
+    """Generates new corpus.
+
+    Run {targets} without input, and outputs the generated corpus to
+    {corpus_dir}.
+    """
+    logging.info("Generating corpus to {}".format(corpus_dir))
+    targets = [(t, {}) for t in targets]  # expand to add dictionary for target-specific env variables
+    targets = transform_process_message_target(targets, Path(src_dir))
+    targets = transform_rpc_target(targets, Path(src_dir))
 
     def job(command, t, t_env):
         logging.debug(f"Running '{command}'")
