Merge pull request #7142 from morehouse/make_fuzz

make+scripts+docs: update fuzzing script and make fuzz

.gitignore

@@ -49,12 +49,6 @@ cmd/lncli/lncli
 mobile/build
 mobile/*_generated.go
 
-# Files created for fuzzing.
-fuzz/**/*-fuzz.zip
-fuzz/**/corpus
-fuzz/**/crashers
-fuzz/**/suppressions
-
 # vim
 *.swp
 

Makefile

@@ -6,17 +6,12 @@ TOOLS_DIR := tools
 BTCD_PKG := github.com/btcsuite/btcd
 GOACC_PKG := github.com/ory/go-acc
 GOIMPORTS_PKG := github.com/rinchsan/gosimports/cmd/gosimports
-GOFUZZ_BUILD_PKG := github.com/dvyukov/go-fuzz/go-fuzz-build
-GOFUZZ_PKG := github.com/dvyukov/go-fuzz/go-fuzz
-GOFUZZ_DEP_PKG := github.com/dvyukov/go-fuzz/go-fuzz-dep
 
 GO_BIN := ${GOPATH}/bin
 BTCD_BIN := $(GO_BIN)/btcd
 GOIMPORTS_BIN := $(GO_BIN)/gosimports
 GOMOBILE_BIN := GO111MODULE=off $(GO_BIN)/gomobile
 GOACC_BIN := $(GO_BIN)/go-acc
-GOFUZZ_BUILD_BIN := $(GO_BIN)/go-fuzz-build
-GOFUZZ_BIN := $(GO_BIN)/go-fuzz
 
 MOBILE_BUILD_DIR :=${GOPATH}/src/$(MOBILE_PKG)/build
 IOS_BUILD_DIR := $(MOBILE_BUILD_DIR)/ios
@@ -87,18 +82,6 @@ $(GOIMPORTS_BIN):
 	@$(call print, "Installing goimports.")
 	cd $(TOOLS_DIR); go install -trimpath $(GOIMPORTS_PKG)
 
-$(GOFUZZ_BIN):
-	@$(call print, "Installing go-fuzz.")
-	cd $(TOOLS_DIR); go install -trimpath $(GOFUZZ_PKG)
-
-$(GOFUZZ_BUILD_BIN):
-	@$(call print, "Installing go-fuzz-build.")
-	cd $(TOOLS_DIR); go install -trimpath $(GOFUZZ_BUILD_PKG)
-
-$(GOFUZZ_DEP_BIN):
-	@$(call print, "Installing go-fuzz-dep.")
-	cd $(TOOLS_DIR); go install -trimpath $(GOFUZZ_DEP_PKG)
-
 # ============
 # INSTALLATION
 # ============
@@ -232,13 +215,10 @@ flakehunter-parallel:
 # =============
 # FUZZING
 # =============
-fuzz-build: $(GOFUZZ_BUILD_BIN) $(GOFUZZ_DEP_BIN)
-	@$(call print, "Creating fuzz harnesses for packages '$(FUZZPKG)'.")
-	scripts/fuzz.sh build "$(FUZZPKG)"
 
-fuzz-run: $(GOFUZZ_BIN)
+fuzz:
 	@$(call print, "Fuzzing packages '$(FUZZPKG)'.")
-	scripts/fuzz.sh run "$(FUZZPKG)" "$(FUZZ_TEST_RUN_TIME)" "$(FUZZ_TEST_TIMEOUT)" "$(FUZZ_NUM_PROCESSES)" "$(FUZZ_BASE_WORKDIR)"
+	scripts/fuzz.sh run "$(FUZZPKG)" "$(FUZZ_TEST_RUN_TIME)" "$(FUZZ_NUM_PROCESSES)"
 
 # =========
 # UTILITIES

build/dependencies.go

@@ -3,7 +3,7 @@
 
 package build
 
-// This file is a workaround to make sure go mod keeps around the btcd and fuzz
+// This file is a workaround to make sure go mod keeps around the btcd
 // dependencies in the go.sum file that we only use during certain tasks (such
 // as integration tests or fuzzing) or only for certain operating systems. For
 // example, the specific btcd import makes sure the indirect dependency
@@ -11,5 +11,4 @@ package build
 // tag, this dependency never ends up in the final lnd binary.
 import (
 	_ "github.com/btcsuite/btcd"
-	_ "github.com/dvyukov/go-fuzz/go-fuzz-dep"
 )

docs/fuzz.md

@@ -1,43 +1,40 @@
 # Fuzzing LND #
 
-The `fuzz` package is organized into subpackages which are named after the `lnd` package they test. Each subpackage has its own set of fuzz targets.
-
-## Setup and Installation ##
-This section will cover setup and installation of the fuzzing binaries.
-
-* The following is a command to build all fuzzing harnesses:
+The following runs all fuzz tests on default settings:
 ```shell
-$  make fuzz-build
+$  make fuzz
 ```
-
-* This may take a while since this will create zip files associated with each fuzzing target.
-
-* The following is a command to run all fuzzing harnesses for 30 seconds:
+The following runs all fuzz tests inside the lnwire package, each for a total of 1 minute, using 4 procs. 
+It is recommended that processes be set to the number of processor cores in the system:
 ```shell
-$  make fuzz-run
+$  make fuzz pkg=lnwire fuzztime=1m parallel=4
+```
+Alternatively, individual fuzz tests can be ran manually by setting the working directory to the location of the .go file holding the fuzz tests.
+The go test command can only test one fuzz test at a time:
+```shell
+$  cd lnwire
+$  go test -fuzz=FuzzAcceptChannel -fuzztime=1m -parallel=4
+```
+The following can be used to show all fuzz tests in the working directory:
+```shell
+$  cd lnwire
+$  go test -list=Fuzz.*
 ```
 
-`go-fuzz` will print out log lines every couple of seconds. Example output:
-```text
-2017/09/19 17:44:23 workers: 8, corpus: 23 (3s ago), crashers: 1, restarts: 1/748, execs: 400690 (16694/sec), cover: 394, uptime: 24s
+Fuzz tests can be ran as normal tests, which only runs the seed corpus:
+```shell
+$  cd lnwire
+$  go test -run=FuzzAcceptChannel -parallel=4
 ```
-Corpus is the number of items in the corpus. `go-fuzz` may add valid inputs to
-the corpus in an attempt to gain more coverage. Crashers is the number of inputs
-resulting in a crash. The inputs, and their outputs are logged by default in:
-`fuzz/<package>/<harness>/crashers`. `go-fuzz` also creates a `suppressions` directory
-of stacktraces to ignore so that it doesn't create duplicate stacktraces.
-Cover is a number representing edge coverage of the program being fuzzed.
-
+The generated corpus values can be found in the $(go env GOCACHE)/fuzz directory.
 ## Options ##
 Several parameters can be appended to the end of the make commands to tune the build process or the way the fuzzer runs.
-- `run_time` specifies how long each fuzz harness runs for. The default is 30 seconds.
-- `timeout` specifies how long an individual testcase can run before raising an error. The default is 20 seconds.
-- `processes` specifies the number of parallel processes to use while running the harnesses.
-- `pkg` specifies the `lnd` packages to build or fuzz. The default is to build and run all available packages (`brontide lnwire wtwire zpay32`). This can be changed to build/run against individual packages.
-- `base_workdir` specifies the workspace of the fuzzer. This folder will contain the corpus, crashers, and suppressions.
+- `fuzztime` specifies how long each fuzz test runs for, corresponding to the `go test -fuzztime` option. The default is 30s.
+- `parallel` specifies the number of parallel processes to use while running the harnesses, corresponding to the `go test -parallel` option.
+- `pkg` specifies the `lnd` packages to build or fuzz. The default is to build and run all available packages (`brontide lnwire watchtower/wtwire zpay32`). This can be changed to build/run against individual packages.
 
 ## Corpus ##
-Fuzzing generally works best with a corpus that is of minimal size while achieving the maximum coverage. `go-fuzz` automatically minimizes the corpus in-memory before fuzzing so a large corpus shouldn't make a difference.
+Fuzzing generally works best with a corpus that is of minimal size while achieving the maximum coverage.
 
 ## Disclosure ##
 If you find any crashers that affect LND security, please disclose with the information found [here](https://github.com/lightningnetwork/lnd/#security).

docs/release-notes/release-notes-0.16.0.md

@@ -136,7 +136,9 @@ certain large transactions](https://github.com/lightningnetwork/lnd/pull/7100).
   never-ending retry loop](https://github.com/lightningnetwork/lnd/pull/6766)
 
 * [Migrated from go-fuzz to Go 1.18's new standard fuzz testing
-  library](https://github.com/lightningnetwork/lnd/pull/7127).
+  library](https://github.com/lightningnetwork/lnd/pull/7127). [Updated build
+  and documentation to reflect
+  this](https://github.com/lightningnetwork/lnd/pull/7142).
 
 ## `lncli`
 * [Add an `insecure` flag to skip tls auth as well as a `metadata` string slice

go.mod

@@ -16,7 +16,6 @@ require (
 	github.com/btcsuite/btcwallet/wtxmgr v1.5.0
 	github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f
 	github.com/davecgh/go-spew v1.1.1
-	github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e
 	github.com/go-errors/errors v1.0.1
 	github.com/golang/protobuf v1.5.2
 	github.com/gorilla/websocket v1.4.2

go.sum

@@ -179,8 +179,6 @@ github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5Jflh
 github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e h1:qTP1telKJHlToHlwPQNmVg4yfMDMHe4Z3SYmzkrvA2M=
-github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=

make/fuzz_flags.mk

@@ -1,8 +1,6 @@
-FUZZPKG = brontide lnwire wtwire zpay32
-FUZZ_TEST_RUN_TIME = 30
-FUZZ_TEST_TIMEOUT = 20
+FUZZPKG = brontide lnwire watchtower/wtwire zpay32
+FUZZ_TEST_RUN_TIME = 30s
 FUZZ_NUM_PROCESSES = 4
-FUZZ_BASE_WORKDIR = $(shell pwd)/fuzz
 
 # If specific package is being fuzzed, construct the full name of the
 # subpackage.
@@ -12,23 +10,12 @@ endif
 
 # The default run time per fuzz test is pretty low and normally will be
 # overwritten by a user depending on the time they have available.
-ifneq ($(run_time),)
-FUZZ_TEST_RUN_TIME := $(run_time)
-endif
-
-# If the timeout needs to be increased, overwrite the default value.
-ifneq ($(timeout),)
-FUZZ_TEST_TIMEOUT := $(timeout)
+ifneq ($(fuzztime),)
+FUZZ_TEST_RUN_TIME := $(fuzztime)
 endif
 
 # Overwrites the number of parallel processes. Should be set to the number of
 # processor cores in a system.
-ifneq ($(processes),)
-FUZZ_NUM_PROCESSES := $(processes)
-endif
-
-# Overwrite the base work directory for the fuzz run. Can be used to supply any
-# previously generated corpus.
-ifneq ($(base_workdir),)
-FUZZ_BASE_WORKDIR := $(base_workdir)
+ifneq ($(parallel),)
+FUZZ_NUM_PROCESSES := $(parallel)
 endif

scripts/fuzz.sh

@@ -2,58 +2,17 @@
 
 set -e
 
-function build_fuzz() {
-  PACKAGES=$1
-
-  for pkg in $PACKAGES; do
-    pushd fuzz/$pkg
-
-    for file in *.go; do
-      if [[ "$file" == "fuzz_utils.go" ]]; then
-        continue
-      fi
-
-      NAME=$(echo $file | sed 's/\.go$//1')
-      echo "Building zip file for $pkg/$NAME"
-      go-fuzz-build -func "Fuzz_$NAME" -o "$pkg-$NAME-fuzz.zip" "github.com/lightningnetwork/lnd/fuzz/$pkg"
-    done
-
-    popd
-  done
-}
-
-# timeout is a cross platform alternative to the GNU timeout command that
-# unfortunately isn't available on macOS by default.
-timeout() {
-    time=$1
-    $2 &
-    pid=$!
-    sleep $time
-    kill -s SIGINT $pid    
-}
-
 function run_fuzz() {
   PACKAGES=$1
   RUN_TIME=$2
-  TIMEOUT=$3
-  PROCS=$4
-  BASE_WORKDIR=$5
+  NUM_WORKERS=$3
 
   for pkg in $PACKAGES; do
-    pushd fuzz/$pkg
+    pushd $pkg
 
-    for file in *.go; do
-      if [[ "$file" == "fuzz_utils.go" ]]; then
-        continue
-      fi
-
-      NAME=$(echo $file | sed 's/\.go$//1')
-      WORKDIR=$BASE_WORKDIR/$pkg/$NAME
-      mkdir -p $WORKDIR
-      echo "Running fuzzer $pkg-$NAME-fuzz.zip with $PROCS processors for $RUN_TIME seconds"
-      COMMAND="go-fuzz -bin=$pkg-$NAME-fuzz.zip -workdir=$WORKDIR -procs=$PROCS -timeout=$TIMEOUT"
-      echo "$COMMAND"
-      timeout "$RUN_TIME" "$COMMAND"
+    go test -list=Fuzz.* | grep Fuzz | while read line; do
+        echo ----- Fuzz testing $pkg:$line for $2 with $3 workers -----
+        go test -fuzz=^$line\$ -fuzztime=$2 -parallel=$3
     done
 
     popd
@@ -63,8 +22,7 @@ function run_fuzz() {
 # usage prints the usage of the whole script.
 function usage() {
   echo "Usage: "
-  echo "fuzz.sh build <packages>"
-  echo "fuzz.sh run <packages> <run_time> <timeout>"
+  echo "fuzz.sh run <packages> <run_time>"
 }
 
 # Extract the sub command and remove it from the list of parameters by shifting
@@ -75,10 +33,6 @@ shift
 # Call the function corresponding to the specified sub command or print the
 # usage if the sub command was not found.
 case $SUBCOMMAND in
-build)
-  echo "Building fuzz packages"
-  build_fuzz "$@"
-  ;;
 run)
   echo "Running fuzzer"
   run_fuzz "$@"

tools/go.mod

@@ -4,7 +4,6 @@ go 1.16
 
 require (
 	github.com/btcsuite/btcd v0.23.1
-	github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e
 	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
 	github.com/golangci/golangci-lint v1.46.2
 	github.com/ory/go-acc v0.2.6

tools/go.sum

@@ -224,8 +224,6 @@ github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUn
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e h1:qTP1telKJHlToHlwPQNmVg4yfMDMHe4Z3SYmzkrvA2M=
-github.com/dvyukov/go-fuzz v0.0.0-20210602112143-b1f3d6f4ef4e/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/elazarl/go-bindata-assetfs v1.0.1 h1:m0kkaHRKEu7tUIUFVwhGGGYClXvyl4RE03qmvRTNfbw=
 github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=

tools/tools.go

@@ -9,9 +9,6 @@ package lnd
 // dependencies here and pin the version in go.mod.
 import (
 	_ "github.com/btcsuite/btcd"
-	_ "github.com/dvyukov/go-fuzz/go-fuzz"
-	_ "github.com/dvyukov/go-fuzz/go-fuzz-build"
-	_ "github.com/dvyukov/go-fuzz/go-fuzz-dep"
 	_ "github.com/golangci/golangci-lint/cmd/golangci-lint"
 	_ "github.com/ory/go-acc"
 	_ "github.com/rinchsan/gosimports/cmd/gosimports"