go-ethereum/tests/fuzzers
Felföldi Zsolt 2d89fe0883
les: move client pool to les/vflux/server (#22495)
* les: move client pool to les/vflux/server

* les/vflux/server: un-expose NodeBalance, remove unused fn, fix bugs

* tests/fuzzers/vflux: add ClientPool fuzzer

* les/vflux/server: fixed balance tests

* les: rebase fix

* les/vflux/server: fixed more bugs

* les/vflux/server: unexported NodeStateMachine fields and flags

* les/vflux/server: unexport all internal components and functions

* les/vflux/server: fixed priorityPool test

* les/vflux/server: polish balance

* les/vflux/server: fixed mutex locking error

* les/vflux/server: priorityPool bug fixed

* common/prque: make Prque wrap-around priority handling optional

* les/vflux/server: rename funcs, small optimizations

* les/vflux/server: fixed timeUntil

* les/vflux/server: separated balance.posValue and negValue

* les/vflux/server: polish setup

* les/vflux/server: enforce capacity curve monotonicity

* les/vflux/server: simplified requestCapacity

* les/vflux/server: requestCapacity with target range, no iterations in SetCapacity

* les/vflux/server: minor changes

* les/vflux/server: moved default factors to balanceTracker

* les/vflux/server: set inactiveFlag in priorityPool

* les/vflux/server: moved related metrics to vfs package

* les/vflux/client: make priorityPool temp state logic cleaner

* les/vflux/server: changed log.Crit to log.Error

* add vflux fuzzer to oss-fuzz

Co-authored-by: rjl493456442 <garyrong0905@gmail.com>
2021-04-06 20:42:50 +02:00
..
abi tests/fuzzers/abi: fixed one-off panic with int.Min64 value (#22233) 2021-01-25 21:40:14 +01:00
bitutil tests/fuzzers: fix false positive in bitutil fuzzer (#22076) 2020-12-27 21:58:39 +01:00
bls12381 cmd,core,eth,params,tests: define yolov3 + enable EIP-2565 (#22213) 2021-01-28 21:19:07 +01:00
bn256 fuzzers: added consensys/gurvy library to bn256 differential fuzzer (#21812) 2021-02-03 15:04:28 +01:00
difficulty consensus/ethash: implement faster difficulty calculators (#21976) 2020-12-11 11:06:44 +01:00
keystore tests/fuzzers: improve the fuzzers (#21829) 2020-11-13 12:36:38 +01:00
les tests/fuzzers: fix goroutine leak in les fuzzer (#22455) 2021-03-16 09:43:33 +01:00
rangeproof core, eth: split eth package, implement snap protocol (#21482) 2020-12-14 10:27:15 +01:00
rlp tests/fuzzers: improve the fuzzers (#21829) 2020-11-13 12:36:38 +01:00
runtime common,crypto: move fuzzers out of core (#22029) 2020-12-23 17:44:45 +01:00
stacktrie tests/fuzzers: improve the fuzzers (#21829) 2020-11-13 12:36:38 +01:00
trie trie, tests/fuzzers: implement a stacktrie fuzzer + stacktrie fixes (#21799) 2020-11-09 15:08:12 +01:00
txfetcher tests/fuzzers: improve the fuzzers (#21829) 2020-11-13 12:36:38 +01:00
vflux les: move client pool to les/vflux/server (#22495) 2021-04-06 20:42:50 +02:00
README.md all: fix typos in comments (#21118) 2020-05-25 10:21:28 +02:00

Fuzzers

To run a fuzzer locally, you need go-fuzz installed.

First build a fuzzing-binary out of the selected package:

(cd ./rlp && CGO_ENABLED=0 go-fuzz-build .)

That command should generate a rlp-fuzz.zip in the rlp/ directory. If you are already in that directory, you can do

[user@work rlp]$ go-fuzz
2019/11/26 13:36:54 workers: 6, corpus: 3 (3s ago), crashers: 0, restarts: 1/0, execs: 0 (0/sec), cover: 0, uptime: 3s
2019/11/26 13:36:57 workers: 6, corpus: 3 (6s ago), crashers: 0, restarts: 1/0, execs: 0 (0/sec), cover: 1054, uptime: 6s
2019/11/26 13:37:00 workers: 6, corpus: 3 (9s ago), crashers: 0, restarts: 1/8358, execs: 25074 (2786/sec), cover: 1054, uptime: 9s
2019/11/26 13:37:03 workers: 6, corpus: 3 (12s ago), crashers: 0, restarts: 1/8497, execs: 50986 (4249/sec), cover: 1054, uptime: 12s
2019/11/26 13:37:06 workers: 6, corpus: 3 (15s ago), crashers: 0, restarts: 1/9330, execs: 74640 (4976/sec), cover: 1054, uptime: 15s
2019/11/26 13:37:09 workers: 6, corpus: 3 (18s ago), crashers: 0, restarts: 1/9948, execs: 99482 (5527/sec), cover: 1054, uptime: 18s
2019/11/26 13:37:12 workers: 6, corpus: 3 (21s ago), crashers: 0, restarts: 1/9428, execs: 122568 (5836/sec), cover: 1054, uptime: 21s
2019/11/26 13:37:15 workers: 6, corpus: 3 (24s ago), crashers: 0, restarts: 1/9676, execs: 145152 (6048/sec), cover: 1054, uptime: 24s
2019/11/26 13:37:18 workers: 6, corpus: 3 (27s ago), crashers: 0, restarts: 1/9855, execs: 167538 (6205/sec), cover: 1054, uptime: 27s
2019/11/26 13:37:21 workers: 6, corpus: 3 (30s ago), crashers: 0, restarts: 1/9645, execs: 192901 (6430/sec), cover: 1054, uptime: 30s
2019/11/26 13:37:24 workers: 6, corpus: 3 (33s ago), crashers: 0, restarts: 1/9967, execs: 219294 (6645/sec), cover: 1054, uptime: 33s

Otherwise:

go-fuzz -bin ./rlp/rlp-fuzz.zip

Notes

Once a 'crasher' is found, the fuzzer tries to avoid reporting the same vector twice, so stores the fault in the suppressions folder. Thus, if you e.g. make changes to fix a bug, you should remove all data from the suppressions-folder, to verify that the issue is indeed resolved.

Also, if you have only one and the same exit-point for multiple different types of test, the suppression can make the fuzzer hide different types of errors. So make sure that each type of failure is unique (for an example, see the rlp fuzzer, where a counter i is used to differentiate between failures:

		if !bytes.Equal(input, output) {
			panic(fmt.Sprintf("case %d: encode-decode is not equal, \ninput : %x\noutput: %x", i, input, output))
		}