search

square / subzero

Block's Bitcoin Cold Storage solution.
Apache License 2.0
677 stars 93 forks source link

[core] rewrite fuzzing logic #663

Closed ivmaykov closed 1 year ago

ivmaykov commented 1 year ago

Rewrite the bit-rotted fuzzing code. Summary of changes:

  1. Fuzzing is now enabled similar to sanitizers, with -DENABLE_FUZZER=ON parameter to cmake
  2. When fuzzing is enabled, the output binary is subzero_fuzzer rather than subzero.
  3. When fuzzing is enabled, all log output is suppressed, per recommendation from libfuzzer docs.
  4. When fuzzing is enabled, debug symbols are included, per recommendation from libfuzzer docs.
  5. When fuzzing is enabled, -O1 optimization level is used, per recommendation from libfuzzer docs.
  6. When fuzzing is enabled, QR signature check failures are ignored, so we can fuzz the post-signature-check code paths.
  7. When fuzzing is enabled, ignore AES-GCM decryption errors, so we can fuzz the post-decryption code paths.
  8. Added new options --generate-fuzzing-corpus and --fuzzing-corpus-output-dir to the GUI. These can be used to generate an initial fuzzing corpus (together with --signtx-test and --generate-wallet-files-test).
  9. Fixed a bug with --generate-wallet-files-test - it needs to initialize screens in order to work.
  10. Added a new fuzz testing section to documentation page.

Potential future work: