From 25a7bb8b8613f535d6b6eee4654dd99ba93ae2a1 Mon Sep 17 00:00:00 2001 From: Conner Date: Sun, 21 Aug 2022 20:28:12 -0400 Subject: [PATCH 1/3] make+scripts+docs: update fuzzing script and make fuzz --- Makefile | 12 ++-------- docs/fuzz.md | 53 ++++++++++++++++++++---------------------- make/fuzz_flags.mk | 25 +++++--------------- scripts/fuzz.sh | 58 +++++----------------------------------------- 4 files changed, 39 insertions(+), 109 deletions(-) diff --git a/Makefile b/Makefile index f8d3df3f4..49dcfe4c7 100644 --- a/Makefile +++ b/Makefile @@ -6,17 +6,12 @@ TOOLS_DIR := tools BTCD_PKG := github.com/btcsuite/btcd GOACC_PKG := github.com/ory/go-acc GOIMPORTS_PKG := github.com/rinchsan/gosimports/cmd/gosimports -GOFUZZ_BUILD_PKG := github.com/dvyukov/go-fuzz/go-fuzz-build -GOFUZZ_PKG := github.com/dvyukov/go-fuzz/go-fuzz -GOFUZZ_DEP_PKG := github.com/dvyukov/go-fuzz/go-fuzz-dep GO_BIN := ${GOPATH}/bin BTCD_BIN := $(GO_BIN)/btcd GOIMPORTS_BIN := $(GO_BIN)/gosimports GOMOBILE_BIN := GO111MODULE=off $(GO_BIN)/gomobile GOACC_BIN := $(GO_BIN)/go-acc -GOFUZZ_BUILD_BIN := $(GO_BIN)/go-fuzz-build -GOFUZZ_BIN := $(GO_BIN)/go-fuzz MOBILE_BUILD_DIR :=${GOPATH}/src/$(MOBILE_PKG)/build IOS_BUILD_DIR := $(MOBILE_BUILD_DIR)/ios @@ -232,13 +227,10 @@ flakehunter-parallel: # ============= # FUZZING # ============= -fuzz-build: $(GOFUZZ_BUILD_BIN) $(GOFUZZ_DEP_BIN) - @$(call print, "Creating fuzz harnesses for packages '$(FUZZPKG)'.") - scripts/fuzz.sh build "$(FUZZPKG)" -fuzz-run: $(GOFUZZ_BIN) +fuzz: $(GOFUZZ_BIN) @$(call print, "Fuzzing packages '$(FUZZPKG)'.") - scripts/fuzz.sh run "$(FUZZPKG)" "$(FUZZ_TEST_RUN_TIME)" "$(FUZZ_TEST_TIMEOUT)" "$(FUZZ_NUM_PROCESSES)" "$(FUZZ_BASE_WORKDIR)" + scripts/fuzz.sh run "$(FUZZPKG)" "$(FUZZ_TEST_RUN_TIME)" "$(FUZZ_NUM_PROCESSES)" # ========= # UTILITIES diff --git a/docs/fuzz.md b/docs/fuzz.md index 1388c4c3c..bcfc7935d 100644 --- a/docs/fuzz.md +++ b/docs/fuzz.md @@ -1,43 +1,40 @@ # Fuzzing LND # -The `fuzz` package is organized into subpackages which are named after the `lnd` package they test. Each subpackage has its own set of fuzz targets. - -## Setup and Installation ## -This section will cover setup and installation of the fuzzing binaries. - -* The following is a command to build all fuzzing harnesses: +The following runs all fuzz tests on default settings: ```shell -$ make fuzz-build +$ make fuzz ``` - -* This may take a while since this will create zip files associated with each fuzzing target. - -* The following is a command to run all fuzzing harnesses for 30 seconds: +The following runs all fuzz tests inside the lnwire package, each for a total of 1 minute, using 4 procs. +It is recommended that processes be set to the number of processor cores in the system: ```shell -$ make fuzz-run +$ make fuzz pkg=lnwire fuzztime=1m parallel=4 +``` +Alternatively, individual fuzz tests can be ran manually by setting the working directory to the location of the .go file holding the fuzz tests. +The go test command can only test one fuzz test at a time: +```shell +$ cd lnwire +$ go test -fuzz=FuzzAcceptChannel -fuzztime=1m -parallel=4 +``` +The following can be used to show all fuzz tests in the working directory: +```shell +$ cd lnwire +$ go test -list=Fuzz.* ``` -`go-fuzz` will print out log lines every couple of seconds. Example output: -```text -2017/09/19 17:44:23 workers: 8, corpus: 23 (3s ago), crashers: 1, restarts: 1/748, execs: 400690 (16694/sec), cover: 394, uptime: 24s +Fuzz tests can be ran as normal tests, which only runs the seed corpus: +```shell +$ cd lnwire +$ go test -run=FuzzAcceptChannel -parallel=4 ``` -Corpus is the number of items in the corpus. `go-fuzz` may add valid inputs to -the corpus in an attempt to gain more coverage. Crashers is the number of inputs -resulting in a crash. The inputs, and their outputs are logged by default in: -`fuzz///crashers`. `go-fuzz` also creates a `suppressions` directory -of stacktraces to ignore so that it doesn't create duplicate stacktraces. -Cover is a number representing edge coverage of the program being fuzzed. - +The generated corpus values can be found in the $(go env GOCACHE)/fuzz directory. ## Options ## Several parameters can be appended to the end of the make commands to tune the build process or the way the fuzzer runs. -- `run_time` specifies how long each fuzz harness runs for. The default is 30 seconds. -- `timeout` specifies how long an individual testcase can run before raising an error. The default is 20 seconds. -- `processes` specifies the number of parallel processes to use while running the harnesses. -- `pkg` specifies the `lnd` packages to build or fuzz. The default is to build and run all available packages (`brontide lnwire wtwire zpay32`). This can be changed to build/run against individual packages. -- `base_workdir` specifies the workspace of the fuzzer. This folder will contain the corpus, crashers, and suppressions. +- `fuzztime` specifies how long each fuzz test runs for, corresponding to the `go test -fuzztime` option. The default is 30s. +- `parallel` specifies the number of parallel processes to use while running the harnesses, corresponding to the `go test -parallel` option. +- `pkg` specifies the `lnd` packages to build or fuzz. The default is to build and run all available packages (`brontide lnwire watchtower/wtwire zpay32`). This can be changed to build/run against individual packages. ## Corpus ## -Fuzzing generally works best with a corpus that is of minimal size while achieving the maximum coverage. `go-fuzz` automatically minimizes the corpus in-memory before fuzzing so a large corpus shouldn't make a difference. +Fuzzing generally works best with a corpus that is of minimal size while achieving the maximum coverage. ## Disclosure ## If you find any crashers that affect LND security, please disclose with the information found [here](https://github.com/lightningnetwork/lnd/#security). diff --git a/make/fuzz_flags.mk b/make/fuzz_flags.mk index d512abde9..7e877315d 100644 --- a/make/fuzz_flags.mk +++ b/make/fuzz_flags.mk @@ -1,8 +1,6 @@ -FUZZPKG = brontide lnwire wtwire zpay32 -FUZZ_TEST_RUN_TIME = 30 -FUZZ_TEST_TIMEOUT = 20 +FUZZPKG = brontide lnwire watchtower/wtwire zpay32 +FUZZ_TEST_RUN_TIME = 30s FUZZ_NUM_PROCESSES = 4 -FUZZ_BASE_WORKDIR = $(shell pwd)/fuzz # If specific package is being fuzzed, construct the full name of the # subpackage. @@ -12,23 +10,12 @@ endif # The default run time per fuzz test is pretty low and normally will be # overwritten by a user depending on the time they have available. -ifneq ($(run_time),) -FUZZ_TEST_RUN_TIME := $(run_time) -endif - -# If the timeout needs to be increased, overwrite the default value. -ifneq ($(timeout),) -FUZZ_TEST_TIMEOUT := $(timeout) +ifneq ($(fuzztime),) +FUZZ_TEST_RUN_TIME := $(fuzztime) endif # Overwrites the number of parallel processes. Should be set to the number of # processor cores in a system. -ifneq ($(processes),) -FUZZ_NUM_PROCESSES := $(processes) -endif - -# Overwrite the base work directory for the fuzz run. Can be used to supply any -# previously generated corpus. -ifneq ($(base_workdir),) -FUZZ_BASE_WORKDIR := $(base_workdir) +ifneq ($(parallel),) +FUZZ_NUM_PROCESSES := $(parallel) endif diff --git a/scripts/fuzz.sh b/scripts/fuzz.sh index 1a79ccef6..71bec9943 100755 --- a/scripts/fuzz.sh +++ b/scripts/fuzz.sh @@ -2,58 +2,17 @@ set -e -function build_fuzz() { - PACKAGES=$1 - - for pkg in $PACKAGES; do - pushd fuzz/$pkg - - for file in *.go; do - if [[ "$file" == "fuzz_utils.go" ]]; then - continue - fi - - NAME=$(echo $file | sed 's/\.go$//1') - echo "Building zip file for $pkg/$NAME" - go-fuzz-build -func "Fuzz_$NAME" -o "$pkg-$NAME-fuzz.zip" "github.com/lightningnetwork/lnd/fuzz/$pkg" - done - - popd - done -} - -# timeout is a cross platform alternative to the GNU timeout command that -# unfortunately isn't available on macOS by default. -timeout() { - time=$1 - $2 & - pid=$! - sleep $time - kill -s SIGINT $pid -} - function run_fuzz() { PACKAGES=$1 RUN_TIME=$2 - TIMEOUT=$3 - PROCS=$4 - BASE_WORKDIR=$5 + NUM_WORKERS=$3 for pkg in $PACKAGES; do - pushd fuzz/$pkg + pushd $pkg - for file in *.go; do - if [[ "$file" == "fuzz_utils.go" ]]; then - continue - fi - - NAME=$(echo $file | sed 's/\.go$//1') - WORKDIR=$BASE_WORKDIR/$pkg/$NAME - mkdir -p $WORKDIR - echo "Running fuzzer $pkg-$NAME-fuzz.zip with $PROCS processors for $RUN_TIME seconds" - COMMAND="go-fuzz -bin=$pkg-$NAME-fuzz.zip -workdir=$WORKDIR -procs=$PROCS -timeout=$TIMEOUT" - echo "$COMMAND" - timeout "$RUN_TIME" "$COMMAND" + go test -list=Fuzz.* | grep Fuzz | while read line; do + echo ----- Fuzz testing $pkg:$line for $2 with $3 workers ----- + go test -fuzz=^$line\$ -fuzztime=$2 -parallel=$3 done popd @@ -63,8 +22,7 @@ function run_fuzz() { # usage prints the usage of the whole script. function usage() { echo "Usage: " - echo "fuzz.sh build " - echo "fuzz.sh run " + echo "fuzz.sh run " } # Extract the sub command and remove it from the list of parameters by shifting @@ -75,10 +33,6 @@ shift # Call the function corresponding to the specified sub command or print the # usage if the sub command was not found. case $SUBCOMMAND in -build) - echo "Building fuzz packages" - build_fuzz "$@" - ;; run) echo "Running fuzzer" run_fuzz "$@" From beb4d8c4df008ed0a658ce1cddd495e0adeccdce Mon Sep 17 00:00:00 2001 From: Matt Morehouse Date: Fri, 11 Nov 2022 10:44:37 -0600 Subject: [PATCH 2/3] build: remove go-fuzz dependency and references We don't need go-fuzz now that we use native fuzzing. --- .gitignore | 6 ------ Makefile | 16 ++-------------- build/dependencies.go | 3 +-- go.mod | 1 - go.sum | 2 -- tools/go.mod | 1 - tools/go.sum | 2 -- tools/tools.go | 3 --- 8 files changed, 3 insertions(+), 31 deletions(-) diff --git a/.gitignore b/.gitignore index 157010fd9..106af84c2 100644 --- a/.gitignore +++ b/.gitignore @@ -49,12 +49,6 @@ cmd/lncli/lncli mobile/build mobile/*_generated.go -# Files created for fuzzing. -fuzz/**/*-fuzz.zip -fuzz/**/corpus -fuzz/**/crashers -fuzz/**/suppressions - # vim *.swp diff --git a/Makefile b/Makefile index 49dcfe4c7..174fe0f03 100644 --- a/Makefile +++ b/Makefile @@ -82,18 +82,6 @@ $(GOIMPORTS_BIN): @$(call print, "Installing goimports.") cd $(TOOLS_DIR); go install -trimpath $(GOIMPORTS_PKG) -$(GOFUZZ_BIN): - @$(call print, "Installing go-fuzz.") - cd $(TOOLS_DIR); go install -trimpath $(GOFUZZ_PKG) - -$(GOFUZZ_BUILD_BIN): - @$(call print, "Installing go-fuzz-build.") - cd $(TOOLS_DIR); go install -trimpath $(GOFUZZ_BUILD_PKG) - -$(GOFUZZ_DEP_BIN): - @$(call print, "Installing go-fuzz-dep.") - cd $(TOOLS_DIR); go install -trimpath $(GOFUZZ_DEP_PKG) - # ============ # INSTALLATION # ============ @@ -228,9 +216,9 @@ flakehunter-parallel: # FUZZING # ============= -fuzz: $(GOFUZZ_BIN) +fuzz: @$(call print, "Fuzzing packages '$(FUZZPKG)'.") - scripts/fuzz.sh run "$(FUZZPKG)" "$(FUZZ_TEST_RUN_TIME)" "$(FUZZ_NUM_PROCESSES)" + scripts/fuzz.sh run "$(FUZZPKG)" "$(FUZZ_TEST_RUN_TIME)" "$(FUZZ_NUM_PROCESSES)" # ========= # UTILITIES diff --git a/build/dependencies.go b/build/dependencies.go index 10d30a6d7..234df7161 100644 --- a/build/dependencies.go +++ b/build/dependencies.go @@ -3,7 +3,7 @@ package build -// This file is a workaround to make sure go mod keeps around the btcd and fuzz +// This file is a workaround to make sure go mod keeps around the btcd // dependencies in the go.sum file that we only use during certain tasks (such // as integration tests or fuzzing) or only for certain operating systems. For // example, the specific btcd import makes sure the indirect dependency @@ -11,5 +11,4 @@ package build // tag, this dependency never ends up in the final lnd binary. import ( _ "github.com/btcsuite/btcd" - _ "github.com/dvyukov/go-fuzz/go-fuzz-dep" ) diff --git a/go.mod b/go.mod index 5042db478..0e3bccc82 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,6 @@ require ( github.com/btcsuite/btcwallet/wtxmgr v1.5.0 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f github.com/davecgh/go-spew v1.1.1 - github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e github.com/go-errors/errors v1.0.1 github.com/golang/protobuf v1.5.2 github.com/gorilla/websocket v1.4.2 diff --git a/go.sum b/go.sum index eb3a1283a..a7b9c9407 100644 --- a/go.sum +++ b/go.sum @@ -179,8 +179,6 @@ github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5Jflh github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e h1:qTP1telKJHlToHlwPQNmVg4yfMDMHe4Z3SYmzkrvA2M= -github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= diff --git a/tools/go.mod b/tools/go.mod index 7dd4e2c6c..e834ae439 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -4,7 +4,6 @@ go 1.16 require ( github.com/btcsuite/btcd v0.23.1 - github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect github.com/golangci/golangci-lint v1.46.2 github.com/ory/go-acc v0.2.6 diff --git a/tools/go.sum b/tools/go.sum index d30583868..641f8ee8a 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -224,8 +224,6 @@ github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUn github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e h1:qTP1telKJHlToHlwPQNmVg4yfMDMHe4Z3SYmzkrvA2M= -github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw= github.com/elazarl/go-bindata-assetfs v1.0.1 h1:m0kkaHRKEu7tUIUFVwhGGGYClXvyl4RE03qmvRTNfbw= github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= diff --git a/tools/tools.go b/tools/tools.go index fc0da400c..5163ee6b5 100644 --- a/tools/tools.go +++ b/tools/tools.go @@ -9,9 +9,6 @@ package lnd // dependencies here and pin the version in go.mod. import ( _ "github.com/btcsuite/btcd" - _ "github.com/dvyukov/go-fuzz/go-fuzz" - _ "github.com/dvyukov/go-fuzz/go-fuzz-build" - _ "github.com/dvyukov/go-fuzz/go-fuzz-dep" _ "github.com/golangci/golangci-lint/cmd/golangci-lint" _ "github.com/ory/go-acc" _ "github.com/rinchsan/gosimports/cmd/gosimports" From 2fcb2cc8ee1d8d75bf6e96630d10e0ebf05e9b7d Mon Sep 17 00:00:00 2001 From: Matt Morehouse Date: Fri, 11 Nov 2022 11:05:43 -0600 Subject: [PATCH 3/3] docs: update release notes --- docs/release-notes/release-notes-0.16.0.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/release-notes/release-notes-0.16.0.md b/docs/release-notes/release-notes-0.16.0.md index 07056586a..7bfac0bd8 100644 --- a/docs/release-notes/release-notes-0.16.0.md +++ b/docs/release-notes/release-notes-0.16.0.md @@ -132,7 +132,9 @@ certain large transactions](https://github.com/lightningnetwork/lnd/pull/7100). never-ending retry loop](https://github.com/lightningnetwork/lnd/pull/6766) * [Migrated from go-fuzz to Go 1.18's new standard fuzz testing - library](https://github.com/lightningnetwork/lnd/pull/7127). + library](https://github.com/lightningnetwork/lnd/pull/7127). [Updated build + and documentation to reflect + this](https://github.com/lightningnetwork/lnd/pull/7142). ## `lncli` * [Add an `insecure` flag to skip tls auth as well as a `metadata` string slice