fuzz: check that ser+unser produces the same AddrMan #21129

pull vasild wants to merge 2 commits into bitcoin:master from vasild:fuzz_addrman_serunser changing 2 files +215 −11
  1. vasild commented at 4:12 PM on February 9, 2021: contributor

    Add a fuzz test that fills addrman with a pile of randomly generated addresses, serializes it to a stream, unserializes the stream to another addrman object and compares the two.

    Some discussion of this already happened at https://github.com/jnewbery/bitcoin/pull/18.

  2. vasild cross-referenced this on Feb 9, 2021 from issue fuzz: check that ser+unser produces the same AddrMan by vasild
  3. DrahtBot added the label Tests on Feb 9, 2021
  4. practicalswift commented at 8:53 PM on February 10, 2021: contributor

    Concept ACK: very nice fuzzing work @vasild! :)

  5. practicalswift commented at 8:59 PM on February 28, 2021: contributor

    Tested ACK b0f06d04c1a57b3b440ebccf8482fcee124b6337

    Thanks for improving our fuzzing harnesses @vasild! :)

  6. jonatack commented at 9:05 PM on February 28, 2021: contributor

    Concept ACK

  7. adamjonas commented at 6:01 PM on April 27, 2021: member

    Tested b0f06d0 with FUZZ=addrman src/test/fuzz/fuzz qa-assets/fuzz_seed_corpus/addrman

    INFO: Seed: 66461418
INFO: Loaded 1 modules   (442033 inline 8-bit counters): 442033 [0x562796653cc0, 0x5627966bfb71),
INFO: Loaded 1 PC tables (442033 PCs): 442033 [0x5627966bfb78,0x562796d7e688),
INFO:     3980 files found in qa-assets/fuzz_seed_corpus/addrman
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes
INFO: seed corpus: files: 3980 min: 1b max: 1048576b total: 46509329b rss: 109Mb
[#512](/github-metadata-backup-bitcoin-bitcoin/512/)    pulse  cov: 4448 ft: 10018 corp: 209/12622b exec/s: 256 rss: 132Mb
[#1024](/github-metadata-backup-bitcoin-bitcoin/1024/)   pulse  cov: 4989 ft: 16253 corp: 342/26Kb exec/s: 128 rss: 154Mb
...

    Works as expected.

  8. DrahtBot cross-referenced this on May 23, 2021 from issue refactor: Group and re-order CAddrMan members by access type by hebasto
  9. DrahtBot commented at 3:00 AM on May 24, 2021: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #20233 (addrman: Make consistency checks a runtime option by jnewbery)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  10. DrahtBot cross-referenced this on May 24, 2021 from issue refactor: Make CAddrMan::cs non-recursive by hebasto
  11. DrahtBot added the label Needs rebase on May 27, 2021
  12. vasild force-pushed on May 28, 2021
  13. vasild commented at 12:35 PM on May 28, 2021: contributor

    b0f06d04c1...0de22a097e: rebase due to conflicts

  14. jonatack commented at 1:26 PM on May 28, 2021: contributor

    ACK 0de22a097e89af200d1c6125ba7e5c71fa71e53e

  15. DrahtBot removed the label Needs rebase on May 28, 2021
  16. practicalswift commented at 3:10 PM on May 28, 2021: contributor

    re-ACK 0de22a097e89af200d1c6125ba7e5c71fa71e53e

  17. DrahtBot cross-referenced this on Jul 19, 2021 from issue fuzz: Extend addrman fuzz test with deserialize by MarcoFalke
  18. DrahtBot cross-referenced this on Jul 20, 2021 from issue fuzz: replace every fuzzer-controlled while loop with a macro by apoelstra
  19. DrahtBot added the label Needs rebase on Jul 22, 2021
  20. in src/test/fuzz/addrman.cpp:54 in 0de22a097e outdated 
      52 | +        const uint8_t net = insecure_rand.randrange(6) + 1; // [1..6]
  53 | +
  54 | +        CDataStream s(SER_NETWORK, PROTOCOL_VERSION | ADDRV2_FORMAT);
  55 | +
  56 | +        s << net;
  57 | +        s << insecure_rand.randbytes(net_len_map.at(net));
    MarcoFalke commented at 9:05 AM on July 24, 2021:

    Wouldn't it be better to read the address from the fuzz input? Fuzz input isn't uniform and thus can easier reach edge-cases like 000000, which would be non-trivial or next to impossible with a uniform distribution over a large enough range.

    Also, how is this different from ConsumeNetAddr?

    vasild commented at 11:38 AM on July 26, 2021:

    The problem with consuming addresses directly from the fuzz input is that it is limited in size. This test needs 1000s of addresses. What happened in practice was that some random addresses were consumed followed by 1000s of all-zero addresses due to the fuzzing input being exhausted.

    That is the main difference from ConsumeNetAddr().

    MarcoFalke commented at 12:00 PM on July 26, 2021:

    Maybe add a few fuzzed addresses and fill up the rest with synthetic ones?

    vasild commented at 3:55 PM on July 26, 2021:

    Right. The fuzzed provider is not used for anything after consuming the pile of addresses, so it is ok to fully exhaust it. Once it is exhausted, start generating ones from insecure_rand.

  21. MarcoFalke approved
  22. vasild force-pushed on Jul 26, 2021
  23. vasild commented at 3:56 PM on July 26, 2021: contributor

    0de22a097e...fe9401b75d: rebase due to conflicts and address review suggestion

  24. in src/test/fuzz/addrman.cpp:49 in fe9401b75d outdated 
      45 | +     * Generate a random address. Always returns a valid address.
  46 | +     */
  47 | +    CNetAddr RandAddr()
  48 | +    {
  49 | +        CNetAddr addr;
  50 | +        if (m_fuzzed_data_provider.remaining_bytes() > 0) {
    MarcoFalke commented at 4:07 PM on July 26, 2021:

    Maybe allow the fuzz engine to flip-flop between the two branches, if possible?

            if (m_fuzzed_data_provider.ConsumeBool()) {
    vasild commented at 4:42 PM on July 26, 2021:

    Even better!

    Kept the remaining_bytes() check for clarity (it will still work without it because ConsumeBool() would always return false once fuzz input is exhausted but that would be somewhat unclear/obscure).

  25. jnewbery commented at 4:27 PM on July 26, 2021: member

    Concept ACK

  26. vasild force-pushed on Jul 26, 2021
  27. vasild commented at 4:40 PM on July 26, 2021: contributor

    fe9401b75d...2fe1efa94c: address review suggestion

  28. DrahtBot removed the label Needs rebase on Jul 26, 2021
  29. DrahtBot cross-referenced this on Jul 27, 2021 from issue refactor: Mark CAddrMan::Select and GetAddr const by MarcoFalke
  30. DrahtBot cross-referenced this on Jul 28, 2021 from issue addrman: Make consistency checks a runtime option by jnewbery
  31. DrahtBot added the label Needs rebase on Aug 2, 2021
  32. fuzz: move init code to the CAddrManDeterministic constructor
    Move the addrman init code from the test case to a newly added
`CAddrManDeterministic` constructor. This way it can be reused by other
tests.
    6408b24517
  33. vasild force-pushed on Aug 2, 2021
  34. vasild commented at 12:52 PM on August 2, 2021: contributor

    2fe1efa94c...1f00d22e12: rebase due to conflicts

  35. DrahtBot removed the label Needs rebase on Aug 2, 2021
  36. vasild force-pushed on Aug 2, 2021
  37. fuzz: check that ser+unser produces the same AddrMan 87651795d8
  38. vasild force-pushed on Aug 4, 2021
  39. vasild commented at 4:26 PM on August 4, 2021: contributor

    6d5e55e755...87651795d8: fix locking in the test's RandAddr(), optimize addrman comparison (3-4x speedup!) and reduce the size of addrmans to avoid tests running so long as to cause a timeout.

  40. jonatack commented at 5:30 PM on August 4, 2021: contributor

    optimize addrman comparison (3-4x speedup!) and reduce the size of addrmans to avoid tests running so long as to cause a timeout.

    Nice!

  41. practicalswift commented at 9:17 PM on August 4, 2021: contributor

    cr ACK 87651795d8622d354f8e3c481eb868d9433b841c

  42. in src/test/fuzz/addrman.cpp:93 in 87651795d8 
      91 | +        // Add some of the addresses directly to the "tried" table.
  92 | +
  93 | +        // 0, 1, 2, 3 corresponding to 0%, 100%, 50%, 33%
  94 | +        const size_t n = m_fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 3);
  95 | +
  96 | +        const size_t num_sources = m_fuzzed_data_provider.ConsumeIntegralInRange<size_t>(10, 50);
    MarcoFalke commented at 10:27 AM on August 5, 2021:

    Is there a reason to exclude num_sources == 1?

    vasild commented at 4:47 PM on August 5, 2021:

    No.

  43. jonatack commented at 1:17 PM on August 5, 2021: contributor

    ACK 87651795d8622d354f8e3c481eb868d9433b841c rebased to current master, reviewed, fuzz build, ran FUZZ=addrman_serdeser src/test/fuzz/fuzz

  44. MarcoFalke merged this on Aug 5, 2021
  45. MarcoFalke closed this on Aug 5, 2021
  46. sidhujag referenced this in commit 4b71afc3d6 on Aug 5, 2021
  47. vasild deleted the branch on Aug 5, 2021
  48. vasild referenced this in commit 7b63f26845 on Aug 5, 2021
  49. vasild cross-referenced this on Aug 5, 2021 from issue add initial input for a newly added test addrman_serdeser by vasild
  50. in src/test/fuzz/addrman.cpp:104 in 87651795d8 
     102 | +            const size_t num_addresses = insecure_rand.randrange(500) + 1; // [1..500]
 103 | +
 104 | +            for (size_t j = 0; j < num_addresses; ++j) {
 105 | +                const auto addr = CAddress{CService{RandAddr(), 8333}, NODE_NETWORK};
 106 | +                const auto time_penalty = insecure_rand.randrange(100000001);
 107 | +#if 1
    jnewbery commented at 9:24 AM on September 8, 2021:

    What is this for?

    vasild commented at 10:10 AM on September 9, 2021:

    Change it to #if 0 to enable the equivalent #else branch which is much shorter and clear, but also slower. The #else snippet also shows what the faster snippet is trying to achieve by "manually" fiddling with addrman internals.

  51. mzumsande cross-referenced this on Sep 14, 2021 from issue addrman: Improve performance of Good by mzumsande
  52. laanwj referenced this in commit 7f7bd3111c on Sep 20, 2021
  53. sidhujag referenced this in commit 07fd7af727 on Sep 21, 2021
  54. bitcoin locked this on Oct 30, 2022
Contributors
vasildpracticalswiftjonatackadamjonasDrahtBotMarcoFalkejnewbery
Labels
Tests
Linked (view graph)
#22974 addrman: Improve performance of Good
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:54 UTC