StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

perf: Make time move a lot faster in fuzzing runs.

Browse Source
This commit is contained in:
iphydf 2022-03-27 21:45:04 +00:00
parent ae369dc2e7
commit e4558a287c
No known key found for this signature in database
GPG Key ID: 3855DBA2D74403C9
5 changed files with 24 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testing/fuzzing/BUILD.bazel
View File

@ -16,7 +16,7 @@ cc_library(
) )
cc_fuzz_test( cc_fuzz_test(
name = "bootstrap_fuzzer", name = "bootstrap_fuzz_test",
srcs = ["bootstrap_harness.cc"], srcs = ["bootstrap_harness.cc"],
copts = ["-UNDEBUG"], copts = ["-UNDEBUG"],
corpus = ["//tools/toktok-fuzzer/corpus:bootstrap_fuzzer"], corpus = ["//tools/toktok-fuzzer/corpus:bootstrap_fuzzer"],

14
testing/fuzzing/bootstrap_harness.cc
View File

@ -2,6 +2,7 @@
#include <cstring> #include <cstring>
#include "../../toxcore/tox.h" #include "../../toxcore/tox.h"
#include "../../toxcore/tox_struct.h"
#include "fuzz_adapter.h" #include "fuzz_adapter.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
@ -12,12 +13,18 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Tox_Err_New error_new; Tox_Err_New error_new;
Tox *tox = tox_new(nullptr, &error_new); Tox *tox = tox_new(nullptr, &error_new);
uint64_t clock = 0;
mono_time_set_current_time_callback(
tox->mono_time,
[](Mono_Time *mono_time, void *user_data) { return *static_cast<uint64_t *>(user_data); },
&clock);
assert(tox != nullptr); assert(tox != nullptr);
assert(error_new == TOX_ERR_NEW_OK); assert(error_new == TOX_ERR_NEW_OK);
uint8_t pub_key[TOX_PUBLIC_KEY_SIZE] = {0}; uint8_t pub_key[TOX_PUBLIC_KEY_SIZE] = {0};
bool success = tox_bootstrap(tox, "127.0.0.1", 12345, pub_key, nullptr); const bool success = tox_bootstrap(tox, "127.0.0.1", 12345, pub_key, nullptr);
assert(success); assert(success);
/* /*
@ -26,8 +33,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
* NOTE: This should be fine tuned after gathering some experience. * NOTE: This should be fine tuned after gathering some experience.
*/ */
for (uint32_t i = 0; i < 100; ++i) { for (uint32_t i = 0; i < 50; ++i) {
tox_iterate(tox, nullptr); tox_iterate(tox, nullptr);
// Move the clock forward a decent amount so all the time-based checks
// trigger more quickly.
clock += 200;
} }
tox_kill(tox); tox_kill(tox);

8
testing/fuzzing/fuzz_adapter.c
View File

@ -1,8 +1,6 @@
#include "fuzz_adapter.h" #include "fuzz_adapter.h"
struct fuzz_buf { struct fuzz_buf {
/* Monotonic counter for time replacement */
uint64_t counter;
/* Fuzz data buffer */ /* Fuzz data buffer */
const uint8_t *cur; const uint8_t *cur;
const uint8_t *end; const uint8_t *end;
@ -17,7 +15,6 @@ static struct fuzz_buf data;
void network_adapter_init(const uint8_t *buf, size_t length) void network_adapter_init(const uint8_t *buf, size_t length)
{ {
data.counter = 0;
data.cur = buf; data.cur = buf;
data.end = buf + length; data.end = buf + length;
} }
@ -90,8 +87,3 @@ void fuzz_random_bytes(uint8_t *rnd, size_t length)
memcpy(rnd, data.cur, bytes_read); memcpy(rnd, data.cur, bytes_read);
data.cur += bytes_read; data.cur += bytes_read;
} }
uint64_t fuzz_get_count(void)
{
return data.counter++;
}

4
testing/fuzzing/fuzz_adapter.h
View File

@ -37,10 +37,6 @@ ssize_t fuzz_recv(int sockfd, void *buf, size_t len, int flags);
/* The following functions intercept generation of random data */ /* The following functions intercept generation of random data */
void fuzz_random_bytes(uint8_t *rnd, size_t length); void fuzz_random_bytes(uint8_t *rnd, size_t length);
/* The following function replaces all time bases with a monotonic counter */
uint64_t fuzz_get_count(void);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

32
toxcore/mono_time.c
View File

@ -32,12 +32,6 @@
#include "ccompat.h" #include "ccompat.h"
//!TOKSTYLE-
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
#include "../testing/fuzzing/fuzz_adapter.h"
#endif
//!TOKSTYLE+
/** don't call into system billions of times for no reason */ /** don't call into system billions of times for no reason */
struct Mono_Time { struct Mono_Time {
uint64_t cur_time; uint64_t cur_time;
@ -110,6 +104,11 @@ static uint64_t current_time_monotonic_default(Mono_Time *mono_time, void *user_
non_null(1) nullable(2) non_null(1) nullable(2)
static uint64_t current_time_monotonic_default(Mono_Time *mono_time, void *user_data) static uint64_t current_time_monotonic_default(Mono_Time *mono_time, void *user_data)
{ {
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
// This assert should always fail. If it does, the fuzzing harness didn't
// override the mono time callback.
assert(mono_time == nullptr);
#endif
struct timespec clock_mono; struct timespec clock_mono;
clock_gettime(CLOCK_MONOTONIC, &clock_mono); clock_gettime(CLOCK_MONOTONIC, &clock_mono);
return timespec_to_u64(clock_mono); return timespec_to_u64(clock_mono);
@ -118,14 +117,6 @@ static uint64_t current_time_monotonic_default(Mono_Time *mono_time, void *user_
#endif // !OS_WIN32 #endif // !OS_WIN32
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
non_null(1) nullable(2)
static uint64_t current_time_monotonic_dummy(Mono_Time *mono_time, void *user_data)
{
return fuzz_get_count();
}
#endif
Mono_Time *mono_time_new(void) Mono_Time *mono_time_new(void)
{ {
Mono_Time *mono_time = (Mono_Time *)calloc(1, sizeof(Mono_Time)); Mono_Time *mono_time = (Mono_Time *)calloc(1, sizeof(Mono_Time));
@ -147,11 +138,7 @@ Mono_Time *mono_time_new(void)
return nullptr; return nullptr;
} }
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
mono_time->current_time_callback = current_time_monotonic_dummy;
#else
mono_time->current_time_callback = current_time_monotonic_default; mono_time->current_time_callback = current_time_monotonic_default;
#endif
mono_time->user_data = nullptr; mono_time->user_data = nullptr;
#ifdef OS_WIN32 #ifdef OS_WIN32
@ -169,12 +156,15 @@ Mono_Time *mono_time_new(void)
mono_time->cur_time = 0; mono_time->cur_time = 0;
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
mono_time->base_time = 0; // Maximum reproducibility // Maximum reproducibility and don't update mono_time before the harness has
// had a chance to set the callback.
// TODO(iphydf): Put mono time callback into Tox_Options with accessors only
// in tox_private.h.
mono_time->base_time = 0;
#else #else
mono_time->base_time = (uint64_t)time(nullptr) - (current_time_monotonic(mono_time) / 1000ULL); mono_time->base_time = (uint64_t)time(nullptr) - (current_time_monotonic(mono_time) / 1000ULL);
#endif
mono_time_update(mono_time); mono_time_update(mono_time);
#endif
return mono_time; return mono_time;
} }