feat(fuzz): WorkerCorpus for multiple worker threads
#11769
Conversation
yash-atreya
changed the title
SharedCorpus for multiple worker threadsSharedCorpus for multiple worker threads
…es that provided in new coverage
yash-atreya
changed the title
SharedCorpus for multiple worker threadsWorkerCorpus for multiple worker threads
| // Track in-memory corpus changes to update MasterWorker on sync | ||
| let new_index = self.in_memory_corpus.len(); | ||
| self.new_entry_indices.push(new_index); |
There was a problem hiding this comment.
I think this is fine, but may result in some corpus entries not getting sync'd e.g. due to a crash or ctr+c and restart. If you persist the last sync'd timestamp, it can recover from restarts by checking if there are newer entries written before a sync could occur
| metrics.update_seen(is_edge); | ||
| } | ||
| if id == 0 && config.corpus_dir.is_some() { | ||
| // Master worker loads the initial corpus if it exists |
There was a problem hiding this comment.
| // Master worker loads the initial corpus if it exists | |
| // Master worker loads the initial corpus, if it exists. Then, [export]s to workers. |
There was a problem hiding this comment.
Actually I guess this is distribute
| foundry_common::fs::write_json_gzip_file( | ||
| corpus_dir.join(format!("{corpus_uuid}{JSON_EXTENSION}.gz")).as_path(), | ||
| worker_corpus | ||
| .join(format!("{corpus_uuid}-{timestamp}{JSON_EXTENSION}.gz")) |
There was a problem hiding this comment.
maybe the uuid is redundant if we prefix the worker id to the timestamp to avoid collision
There was a problem hiding this comment.
Timestamps are in seconds, corpus-uuid avoids collision within the same worker
yash-atreya
changed the title
WorkerCorpus for multiple worker threadsWorkerCorpus for multiple worker threads
|
please merge master, this is still using old CI runners |
This comment was marked as abuse.
This comment was marked as abuse.
yash-atreya
requested review from
DaniPopes,
mattsse,
grandizzy,
zerosnacks,
onbjerg and
0xrusowsky
as code owners
| let file_path = corpus_dir.join(&file_name); | ||
| let sync_path = master_sync_dir.join(&file_name); | ||
|
|
||
| let Ok(_) = foundry_common::fs::copy(file_path, sync_path) else { |
There was a problem hiding this comment.
I wonder if we could symlink and only copy if it is going to be deleted or moved later.
There was a problem hiding this comment.
Or once it's decided to import from the sync dir, we create the hardlink
| "persisted {} inputs for new coverage in {corpus_uuid} corpus", | ||
| &corpus.tx_seq.len() | ||
| "persisted {} inputs for new coverage in worker {} for {corpus_uuid} corpus", | ||
| self.id, &corpus.tx_seq.len() |
There was a problem hiding this comment.
we can avoid logging worked id by using a span on the function, also the argument order is incorrect on this specific log
|
|
||
| let uuid = corpus.uuid; | ||
| debug!(target: "corpus", "evict corpus {uuid}"); | ||
| debug!(target: "corpus", "evict corpus {uuid} in worker {}", self.id); |
| 'corpus_replay: for entry in std::fs::read_dir(corpus_dir)? { | ||
| let path = entry?.path(); |
There was a problem hiding this comment.
Do we continually write to the corpus directory? This is very expensive as we not only iterate a directory and read the files, but we also (if gzip is enabled) do decompression over and over, potentially of the same file. It feels like the corpus should be default in-memory, and we only write at the end.
There was a problem hiding this comment.
This is just happening at start up. The entries are held in memory so long as they don't exceed a configurable limit and then flushed to disk (and compressed if it's enabled).
Your point does still stand elsewhere. IIUC workers share compressed corpus entries so they potentially are repeatedly decompressing the same files. Moving compression to the very end would resolve this
Motivation
towards #8898
Solution
CorpusManagerwithWorkerCorpusWorkerCorpusis the corpus to be used by parallel worker threads.WorkerCorpushas anid: u32. The master worker has theid = 0.WorkerCorpus's share theirin_memory_corpusamongst each other via the file system using a star-pattern where the master worker (id = 0) is in the center.corpus_diris now organized as:worker0/sync/- Seefn exportin 089f30bworker0/corpusentries (which includes entries from all workers when synced) to each workerssync/directory - Seefn distributein d4200e4corpur_dir/workerId/syncdir intocorpus_dir/workerId/corpusif it leads to new coverage and updates it'shistory_map- Seefn calibratein 488d09dfn calibratewe are fetching the new corpus entries from the workerssync/dir and replaying the tx sequences to check if they lead to new coverage for this particular worker. If it does then we're updatinghistory_map.pub fn syncintroduced in e9d8d3c handles all of the above.Note: This PR does not address parallelizing the fuzz runs, only prepares for it. Opened for initial feedback on the approach.
PR Checklist