plugeth

History

Péter Szilágyi caea6c4661 eth/protocols/snap: generate storage trie from full dirty snap data (#22668 ) * eth/protocols/snap: generate storage trie from full dirty snap data * eth/protocols/snap: get rid of some more dead code * eth/protocols/snap: less frequent logs, also log during trie generation * eth/protocols/snap: implement dirty account range stack-hashing * eth/protocols/snap: don't loop on account trie generation * eth/protocols/snap: fix account format in trie * core, eth, ethdb: glue snap packets together, but not chunks * eth/protocols/snap: print completion log for snap phase * eth/protocols/snap: extended tests * eth/protocols/snap: make testcase pass * eth/protocols/snap: fix account stacktrie commit without defer * ethdb: fix key counts on reset * eth/protocols: fix typos * eth/protocols/snap: make better use of delivered data (#44) * eth/protocols/snap: make better use of delivered data * squashme * eth/protocols/snap: reduce chunking * squashme * eth/protocols/snap: reduce chunking further * eth/protocols/snap: break out hash range calculations * eth/protocols/snap: use sort.Search instead of looping * eth/protocols/snap: prevent crash on storage response with no keys * eth/protocols/snap: nitpicks all around * eth/protocols/snap: clear heal need on 1-chunk storage completion * eth/protocols/snap: fix range chunker, add tests Co-authored-by: Péter Szilágyi <peterke@gmail.com> * trie: fix test API error * eth/protocols/snap: fix some further liter issues * eth/protocols/snap: fix accidental batch reuse Co-authored-by: Martin Holst Swende <martin@swende.se>		2021-04-27 17:19:59 +03:00
..
abi	tests/fuzzers/abi: fixed one-off panic with int.Min64 value (#22233 )	2021-01-25 21:40:14 +01:00
bitutil	tests/fuzzers: fix false positive in bitutil fuzzer (#22076 )	2020-12-27 21:58:39 +01:00
bls12381	cmd,core,eth,params,tests: define yolov3 + enable EIP-2565 (#22213 )	2021-01-28 21:19:07 +01:00
bn256	fuzzers: added consensys/gurvy library to bn256 differential fuzzer (#21812 )	2021-02-03 15:04:28 +01:00
difficulty	consensus/ethash: implement faster difficulty calculators (#21976 )	2020-12-11 11:06:44 +01:00
keystore	tests/fuzzers: improve the fuzzers (#21829 )	2020-11-13 12:36:38 +01:00
les	tests/fuzzers: fix goroutine leak in les fuzzer (#22455 )	2021-03-16 09:43:33 +01:00
rangeproof	core, eth: split eth package, implement snap protocol (#21482 )	2020-12-14 10:27:15 +01:00
rlp	tests/fuzzers: improve the fuzzers (#21829 )	2020-11-13 12:36:38 +01:00
runtime	common,crypto: move fuzzers out of core (#22029 )	2020-12-23 17:44:45 +01:00
stacktrie	eth/protocols/snap: generate storage trie from full dirty snap data (#22668 )	2021-04-27 17:19:59 +03:00
trie	trie, tests/fuzzers: implement a stacktrie fuzzer + stacktrie fixes (#21799 )	2020-11-09 15:08:12 +01:00
txfetcher	tests/fuzzers: improve the fuzzers (#21829 )	2020-11-13 12:36:38 +01:00
vflux	les: move client pool to les/vflux/server (#22495 )	2021-04-06 20:42:50 +02:00
README.md	all: fix typos in comments (#21118 )	2020-05-25 10:21:28 +02:00

README.md

Fuzzers

To run a fuzzer locally, you need go-fuzz installed.

First build a fuzzing-binary out of the selected package:

(cd ./rlp && CGO_ENABLED=0 go-fuzz-build .)

That command should generate a rlp-fuzz.zip in the rlp/ directory. If you are already in that directory, you can do

[user@work rlp]$ go-fuzz
2019/11/26 13:36:54 workers: 6, corpus: 3 (3s ago), crashers: 0, restarts: 1/0, execs: 0 (0/sec), cover: 0, uptime: 3s
2019/11/26 13:36:57 workers: 6, corpus: 3 (6s ago), crashers: 0, restarts: 1/0, execs: 0 (0/sec), cover: 1054, uptime: 6s
2019/11/26 13:37:00 workers: 6, corpus: 3 (9s ago), crashers: 0, restarts: 1/8358, execs: 25074 (2786/sec), cover: 1054, uptime: 9s
2019/11/26 13:37:03 workers: 6, corpus: 3 (12s ago), crashers: 0, restarts: 1/8497, execs: 50986 (4249/sec), cover: 1054, uptime: 12s
2019/11/26 13:37:06 workers: 6, corpus: 3 (15s ago), crashers: 0, restarts: 1/9330, execs: 74640 (4976/sec), cover: 1054, uptime: 15s
2019/11/26 13:37:09 workers: 6, corpus: 3 (18s ago), crashers: 0, restarts: 1/9948, execs: 99482 (5527/sec), cover: 1054, uptime: 18s
2019/11/26 13:37:12 workers: 6, corpus: 3 (21s ago), crashers: 0, restarts: 1/9428, execs: 122568 (5836/sec), cover: 1054, uptime: 21s
2019/11/26 13:37:15 workers: 6, corpus: 3 (24s ago), crashers: 0, restarts: 1/9676, execs: 145152 (6048/sec), cover: 1054, uptime: 24s
2019/11/26 13:37:18 workers: 6, corpus: 3 (27s ago), crashers: 0, restarts: 1/9855, execs: 167538 (6205/sec), cover: 1054, uptime: 27s
2019/11/26 13:37:21 workers: 6, corpus: 3 (30s ago), crashers: 0, restarts: 1/9645, execs: 192901 (6430/sec), cover: 1054, uptime: 30s
2019/11/26 13:37:24 workers: 6, corpus: 3 (33s ago), crashers: 0, restarts: 1/9967, execs: 219294 (6645/sec), cover: 1054, uptime: 33s

Otherwise:

go-fuzz -bin ./rlp/rlp-fuzz.zip

Notes

Once a 'crasher' is found, the fuzzer tries to avoid reporting the same vector twice, so stores the fault in the suppressions folder. Thus, if you e.g. make changes to fix a bug, you should remove all data from the suppressions-folder, to verify that the issue is indeed resolved.

Also, if you have only one and the same exit-point for multiple different types of test, the suppression can make the fuzzer hide different types of errors. So make sure that each type of failure is unique (for an example, see the rlp fuzzer, where a counter i is used to differentiate between failures:

		if !bytes.Equal(input, output) {
			panic(fmt.Sprintf("case %d: encode-decode is not equal, \ninput : %x\noutput: %x", i, input, output))
		}