Merge #20437: fuzz: Avoid time-based "non-determinism" in fuzzing harnesses by using mocked GetTime()

MarcoFalke · MarcoFalke · commit 70150824dc2c · 2020-12-15T17:11:59.000+01:00
8c09c0c fuzz: Avoid time-based "non-determinism" in fuzzing harnesses by using mocked GetTime() (practicalswift) Pull request description: Avoid time-based "non-determinism" in fuzzing harnesses by using mocked `GetTime()`. Prior to this commit the fuzzing harnesses `banman`, `connman`, `net` and `rbf` had time-based "non-determinism". `addrman` is fixed in #20425. `process_message` and `process_messages` are left to fix: simply using mock time is not enough for them due to interaction with `IsInitialBlockDownload()`. See [`doc/fuzzing.md`](https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md) for information on how to fuzz Bitcoin Core. Don't forget to contribute any coverage increasing inputs you find to the [Bitcoin Core fuzzing corpus repo](https://github.com/bitcoin-core/qa-assets). Happy fuzzing :) ACKs for top commit: MarcoFalke: review ACK 8c09c0c practicalswift: > review ACK [8c09c0c](bitcoin/bitcoin@8c09c0c) Tree-SHA512: 32dfbead3dfd18cf4ff56dc2ea341aa977441b4e19a54879cf54fa5820c7e2b14b92c7e238d32fd785654f3b28cc82826ae66c03e94c292633c63c41196ba9a8
diff --git a/src/test/fuzz/banman.cpp b/src/test/fuzz/banman.cpp
@@ -32,6 +32,7 @@ void initialize()
 void test_one_input(const std::vector<uint8_t>& buffer)
 {
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    SetMockTime(ConsumeTime(fuzzed_data_provider));
     const fs::path banlist_file = GetDataDir() / "fuzzed_banlist.dat";
     fs::remove(banlist_file);
     {
diff --git a/src/test/fuzz/connman.cpp b/src/test/fuzz/connman.cpp
@@ -23,6 +23,7 @@ void initialize()
 void test_one_input(const std::vector<uint8_t>& buffer)
 {
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    SetMockTime(ConsumeTime(fuzzed_data_provider));
     CConnman connman{fuzzed_data_provider.ConsumeIntegral<uint64_t>(), fuzzed_data_provider.ConsumeIntegral<uint64_t>(), fuzzed_data_provider.ConsumeBool()};
     CAddress random_address;
     CNetAddr random_netaddr;
diff --git a/src/test/fuzz/net.cpp b/src/test/fuzz/net.cpp
@@ -27,7 +27,7 @@ void initialize()
 void test_one_input(const std::vector<uint8_t>& buffer)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
-
+    SetMockTime(ConsumeTime(fuzzed_data_provider));
     const std::optional<CAddress> address = ConsumeDeserializable<CAddress>(fuzzed_data_provider);
     if (!address) {
         return;
diff --git a/src/test/fuzz/rbf.cpp b/src/test/fuzz/rbf.cpp
@@ -18,6 +18,7 @@
 void test_one_input(const std::vector<uint8_t>& buffer)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    SetMockTime(ConsumeTime(fuzzed_data_provider));
     std::optional<CMutableTransaction> mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
     if (!mtx) {
         return;

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ void initialize()`
`32`	`32`	`void test_one_input(const std::vector<uint8_t>& buffer)`
`33`	`33`	`{`
`34`	`34`	`FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};`
	`35`	`+ SetMockTime(ConsumeTime(fuzzed_data_provider));`
`35`	`36`	`const fs::path banlist_file = GetDataDir() / "fuzzed_banlist.dat";`
`36`	`37`	`fs::remove(banlist_file);`
`37`	`38`	`{`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ void initialize()`
`23`	`23`	`void test_one_input(const std::vector<uint8_t>& buffer)`
`24`	`24`	`{`
`25`	`25`	`FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};`
	`26`	`+ SetMockTime(ConsumeTime(fuzzed_data_provider));`
`26`	`27`	`CConnman connman{fuzzed_data_provider.ConsumeIntegral<uint64_t>(), fuzzed_data_provider.ConsumeIntegral<uint64_t>(), fuzzed_data_provider.ConsumeBool()};`
`27`	`28`	`CAddress random_address;`
`28`	`29`	`CNetAddr random_netaddr;`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ void initialize()`
`27`	`27`	`void test_one_input(const std::vector<uint8_t>& buffer)`
`28`	`28`	`{`
`29`	`29`	`FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());`
`30`		`-`
	`30`	`+ SetMockTime(ConsumeTime(fuzzed_data_provider));`
`31`	`31`	`const std::optional<CAddress> address = ConsumeDeserializable<CAddress>(fuzzed_data_provider);`
`32`	`32`	`if (!address) {`
`33`	`33`	`return;`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@`
`18`	`18`	`void test_one_input(const std::vector<uint8_t>& buffer)`
`19`	`19`	`{`
`20`	`20`	`FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());`
	`21`	`+ SetMockTime(ConsumeTime(fuzzed_data_provider));`
`21`	`22`	`std::optional<CMutableTransaction> mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);`
`22`	`23`	`if (!mtx) {`
`23`	`24`	`return;`