Also keep fuzz inputs that increase coverage on older branches#266
Also keep fuzz inputs that increase coverage on older branches#266ekzyis wants to merge 1 commit intobitcoin-core:mainfrom
Conversation
ekzyis
force-pushed
the
keep-fuzz-inputs-for-older-branches
branch
from
135a441 to
888f0bb
Compare
| ( | ||
| cd ../qa-assets | ||
| git add "${FUZZ_CORPORA_DIR}" | ||
| git commit -m "Reduced inputs for ${sanitizer}" |
There was a problem hiding this comment.
This is going to create a commit per sanitizer and ref. I think it should create one commit per sanitizer for all refs (without wasting time rebuilding the same ref multiple times), or at least mention the ref in the commit message.
| git clone --depth=1 https://github.com/bitcoin/bitcoin.git | ||
| # TODO: optimize? --no-single-branch increased size from 69M to 170M | ||
| # could use ls-remote to list tags and then only fetch tags we need | ||
| git clone --depth=1 --no-single-branch https://github.com/bitcoin/bitcoin.git |
There was a problem hiding this comment.
not sure how resource-constrained the vms are on which this will run
There was a problem hiding this comment.
Thanks for taking a stab at this. I’m not that fluent in Shell and also don’t know as much about fuzzing as @maflcko and @dergoegge, but I got a couple comments for you.
ekzyis
force-pushed
the
keep-fuzz-inputs-for-older-branches
branch
from
c79757a to
88faa27
Compare
|
The script should be converted to rust first, see #268 (comment). Glad to close this PR, because this turned out to be conceptually simple, but surprisingly time-consuming due to shell issues |
2 participants
closes #265
I think this does what was suggested in #265 (comment).
I haven't run this yet. I only ran the original script once in a ubuntu 24.04 vm.
I'm currently concerned with two things:
Can I continue to set the output dir of the fuzz engines to the real corpus, given hash-based filenames for the fuzz inputs, so overwrites would be idempotent? Before,
afl-cminwas only run once per fuzz target. libFuzzer via the test runner was run once per sanitizer.I'm new to fuzzing. Did I actually understand what I'm doing here?