Cradicle Explorer
bitcoin-maintainer-tools
/ delete_nonreduced_fuzz_inputs.sh
delete_nonreduced_fuzz_inputs.sh
 1  # Over time the fuzz engine will reduce inputs (produce a smaller input that
 2  # yields the same coverage statistics). With a growing set of inputs, it could
 3  # be useful to occasionally delete the "old" non-reduced inputs.
 4  #
 5  # This script tries to do so in a way that is as deterministic as possible.
 6  #
 7  # The script should be run on an x86_64 virtual machine with only a minimal
 8  # vanilla Ubuntu Noble 24.04 installed.  Ideally, the script was run on
 9  # different architectures or even different OS versions, which come with
10  # different library packages, but this is left as a future improvement.
11  
12  export FUZZ_CORPORA_DIR="fuzz_corpora"
13  
14  set -e
15  
16  echo "Installing Bitcoin Core build deps"
17  export DEBIAN_FRONTEND=noninteractive
18  apt update
19  apt install -y \
20    git \
21    build-essential pkg-config bsdmainutils python3 cmake \
22    libsqlite3-dev libevent-dev libboost-dev \
23    lsb-release wget software-properties-common gnupg
24  
25  export LLVM_VERSION=18
26  wget https://apt.llvm.org/llvm.sh && chmod +x ./llvm.sh
27  ./llvm.sh $LLVM_VERSION all
28  ln -s $(which llvm-symbolizer-$LLVM_VERSION) /usr/bin/llvm-symbolizer
29  
30  git clone --branch stable https://github.com/AFLplusplus/AFLplusplus
31  make -C AFLplusplus LLVM_CONFIG=llvm-config-$LLVM_VERSION PERFORMANCE=1 install -j$(nproc)
32  
33  git clone --depth=1 https://github.com/bitcoin-core/qa-assets.git
34  (
35    cd qa-assets
36    mv ./"${FUZZ_CORPORA_DIR}" ../all_inputs
37    git config user.name "delete_nonreduced_inputs script"
38    git config user.email "noreply@noreply.noreply"
39    git commit -a -m "Delete fuzz inputs"
40  )
41  
42  git clone --depth=1 https://github.com/bitcoin/bitcoin.git
43  (
44    cd bitcoin
45  
46    echo "Adding reduced seeds with afl-cmin"
47  
48    rm -rf build_fuzz/
49    export LDFLAGS="-fuse-ld=lld"
50    cmake -B build_fuzz \
51      -DCMAKE_C_COMPILER=afl-clang-fast -DCMAKE_CXX_COMPILER=afl-clang-fast++ \
52      -DBUILD_FOR_FUZZING=ON
53    cmake --build build_fuzz -j$(nproc)
54  
55    WRITE_ALL_FUZZ_TARGETS_AND_ABORT="/tmp/a" "./build_fuzz/bin/fuzz" || true
56    readarray FUZZ_TARGETS < "/tmp/a"
57    for fuzz_target in ${FUZZ_TARGETS[@]}; do
58      if [ -d "../all_inputs/$fuzz_target" ]; then
59        mkdir --parents ../qa-assets/"${FUZZ_CORPORA_DIR}"/$fuzz_target
60        # Allow timeouts and crashes with "-A", "-T all" to use all available cores
61        FUZZ=$fuzz_target afl-cmin -T all -A -i ../all_inputs/$fuzz_target -o ../qa-assets/"${FUZZ_CORPORA_DIR}"/$fuzz_target -- ./build_fuzz/bin/fuzz
62      else
63        echo "No input corpus for $fuzz_target (ignoring)"
64      fi
65    done
66  
67    (
68      cd ../qa-assets
69      git add "${FUZZ_CORPORA_DIR}"
70      git commit -m "Reduced inputs for afl-cmin"
71    )
72  
73    for sanitizer in {"fuzzer","fuzzer,address,undefined,integer"}; do
74      echo "Adding reduced seeds for sanitizer=${sanitizer}"
75  
76      rm -rf build_fuzz/
77      cmake -B build_fuzz \
78        -DCMAKE_C_COMPILER=clang-$LLVM_VERSION -DCMAKE_CXX_COMPILER=clang++-$LLVM_VERSION \
79        -DBUILD_FOR_FUZZING=ON -DSANITIZERS="$sanitizer"
80      cmake --build build_fuzz -j$(nproc)
81  
82      ( cd build_fuzz; ./test/fuzz/test_runner.py -l DEBUG --par=$(nproc) --m_dir=../../all_inputs ../../qa-assets/"${FUZZ_CORPORA_DIR}" )
83  
84      (
85        cd ../qa-assets
86        git add "${FUZZ_CORPORA_DIR}"
87        git commit -m "Reduced inputs for ${sanitizer}"
88      )
89    done
90  )