-
Notifications
You must be signed in to change notification settings - Fork 942
fuzz-tests: improve fuzz-bigsize #8301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Conversation
tests/fuzz/fuzz-bigsize.c
Outdated
for (size_t i = 0; i < tal_count(wire_chunks); i++) { | ||
wire_max = tal_count(wire_chunks[i]); | ||
wire_ptr = wire_chunks[i]; | ||
for (size_t max = 0; max <= BIGSIZE_MAX_LEN; max++) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
max
is unused, so what is the purpose of looping BIGSIZE_MAX_LEN
times?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My bad, it should've been:
wire_chunks = get_chunks(NULL, data, size, max);
instead of:
wire_chunks = get_chunks(NULL, data, size, 8);
Changelog-None: The exisiting fuzz test only extracts chunks of a fixed size (8) from the fuzzer's input. Replace this with an iteration over a set of chunk sizes (1 to BIGSIZE_MAX_LEN) for better coverage. While at it, get rid of the check `if (bs != 0)` because 0 is a valid value for bigsize_t as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I'd prefer to simplify by removing the chunking entirely and setting an input max len of 8, that would completely change the existing corpus. Could still be done in the future.
tests/fuzz/fuzz-bigsize.c
Outdated
for (size_t max = 1; max <= BIGSIZE_MAX_LEN; max++) { | ||
wire_chunks = get_chunks(NULL, data, size, max); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: chunk_size
would be a more descriptive name
for (size_t max = 1; max <= BIGSIZE_MAX_LEN; max++) { | |
wire_chunks = get_chunks(NULL, data, size, max); | |
for (size_t chunk_size = 1; chunk_size <= BIGSIZE_MAX_LEN; chunk_size++) { | |
wire_chunks = get_chunks(NULL, data, size, chunk_size); |
Add a roundtrip check for `bigsize_put()` using `bigsize_get()`. This enforces a stricter check for the former and adds a test for the latter, which is currently untested.
Improvements in the fuzz-testing scheme of fuzz-bigsize led to the discovery of test inputs that result in greater in code-coverage. Add these inputs to the test's seed corpus.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 6effb40
Add a couple of improvements to the fuzz test for
bigsize_t
operations-tests/fuzz/fuzz-bigsize
. Commit the newly discovered seed corpus inputs as well.Checklist
Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked:
CC: @morehouse