556820ee57
7e50abcc29dc5fde24a1b3e57c6316eabda35e2e tests: Add EvalScript(...) fuzzing harness (practicalswift) bebb637472d0469037a9f438572fc71db4236d97 tests: Add FuzzedDataProvider fuzzing helper from the Chromium project (practicalswift) Pull request description: Add `EvalScript(...)` fuzzing harness. To test this PR: We can run `contrib/devtools/test_fuzzing_harnesses.sh` (#17000) during five seconds to quickly verify that the newly added fuzz harness seem to hit relevant code regions, that the fuzzing throughput seems reasonable, etc. `test_fuzzing_harnesses.sh eval 5` runs all fuzzers matching the regexp `eval` giving them five seconds of runtime each. ``` $ CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=address,fuzzer,undefined $ make $ contrib/devtools/test_fuzzing_harnesses.sh eval 5 Testing fuzzer eval_script during 5 second(s) A subset of reached functions: NEW_FUNC[1/24]: 0x557b808742e0 in prevector<28u, unsigned char, unsigned int, int>::indirect_ptr(int) src/./prevector.h:161 NEW_FUNC[2/24]: 0x557b80875460 in prevector<28u, unsigned char, unsigned int, int>::indirect_ptr(int) const src/./prevector.h:162 NEW_FUNC[6/9]: 0x557b81acdaa0 in popstack(std::vector<std::vector<unsigned char, std::allocator<unsigned char> >, std::allocator<std::vector<unsigned char, std::allocator<unsigned char> > > >&) src/script/interpreter.cpp:57 NEW_FUNC[5/16]: 0x557b809f1bf0 in CScriptNum::serialize(long const&) src/./script/script.h:326 NEW_FUNC[4/6]: 0x557b817c93d0 in CScriptNum::CScriptNum(std::vector<unsigned char, std::allocator<unsigned char> > const&, bool, unsigned long) src/./script/script.h:225 NEW_FUNC[5/6]: 0x557b817cbb80 in CScriptNum::set_vch(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/./script/script.h:360 NEW_FUNC[0/11]: 0x557b80a88170 in CHash256::Write(unsigned char const*, unsigned long) src/./hash.h:34 NEW_FUNC[1/11]: 0x557b80a88270 in CHash256::Finalize(unsigned char*) src/./hash.h:28 NEW_FUNC[5/11]: 0x557b81affdb0 in CSHA256::CSHA256() src/crypto/sha256.cpp:644 NEW_FUNC[6/11]: 0x557b81affe80 in (anonymous namespace)::sha256::Initialize(unsigned int*) src/crypto/sha256.cpp:66 NEW_FUNC[7/11]: 0x557b81b00460 in CSHA256::Write(unsigned char const*, unsigned long) src/crypto/sha256.cpp:649 NEW_FUNC[8/11]: 0x557b81b009a0 in CSHA256::Finalize(unsigned char*) src/crypto/sha256.cpp:675 NEW_FUNC[9/11]: 0x557b81b015e0 in CSHA256::Reset() src/crypto/sha256.cpp:692 NEW_FUNC[10/11]: 0x557b81b01d90 in (anonymous namespace)::sha256::Transform(unsigned int*, unsigned char const*, unsigned long) src/crypto/sha256.cpp:79 NEW_FUNC[0/1]: 0x557b808cc180 in BaseSignatureChecker::CheckLockTime(CScriptNum const&) const src/./script/interpreter.h:153 NEW_FUNC[0/2]: 0x557b81ab5640 in CastToBool(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/script/interpreter.cpp:36 NEW_FUNC[0/1]: 0x557b817c9c30 in CScriptNum::getint() const src/./script/script.h:312 NEW_FUNC[0/1]: 0x557b81ae1df0 in CScriptNum::operator-=(long const&) src/./script/script.h:298 NEW_FUNC[0/5]: 0x557b81af5670 in CRIPEMD160::CRIPEMD160() src/crypto/ripemd160.cpp:243 NEW_FUNC[1/5]: 0x557b81af5740 in (anonymous namespace)::ripemd160::Initialize(unsigned int*) src/crypto/ripemd160.cpp:25 NEW_FUNC[2/5]: 0x557b81af5b00 in CRIPEMD160::Write(unsigned char const*, unsigned long) src/crypto/ripemd160.cpp:248 NEW_FUNC[3/5]: 0x557b81af5fa0 in (anonymous namespace)::ripemd160::Transform(unsigned int*, unsigned char const*) src/crypto/ripemd160.cpp:55 NEW_FUNC[4/5]: 0x557b81af8d60 in CRIPEMD160::Finalize(unsigned char*) src/crypto/ripemd160.cpp:274 NEW_FUNC[0/16]: 0x557b80857a30 in CScript::operator<<(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/./script/script.h:462 NEW_FUNC[1/16]: 0x557b80872670 in prevector<28u, unsigned char, unsigned int, int>::insert(prevector<28u, unsigned char, unsigned int, int>::iterator, unsigned char const&) src/./prevector.h:342 NEW_FUNC[2/16]: 0x557b80872e00 in void prevector<28u, unsigned char, unsigned int, int>::insert<__gnu_cxx::__normal_iterator<unsigned char const*, std::vector<unsigned char, std::allocator<unsigned char> > > >(prevector<28u, unsigned char, unsigned int, int>::iterator, __gnu_cxx::__normal_iterator<unsigned char const*, std::vector<unsigned char, std::allocator<unsigned char> > >, __gnu_cxx::__normal_iterator<unsigned char const*, std::vector<unsigned char, std::allocator<unsigned char> > >) src/./prevector.h:368 NEW_FUNC[3/16]: 0x557b80873630 in prevector<28u, unsigned char, unsigned int, int>::capacity() const src/./prevector.h:295 NEW_FUNC[4/16]: 0x557b80874ed0 in void prevector<28u, unsigned char, unsigned int, int>::fill<prevector<28u, unsigned char, unsigned int, int>::const_iterator>(unsigned char*, prevector<28u, unsigned char, unsigned int, int>::const_iterator, prevector<28u, unsigned char, unsigned int, int>::const_iterator) src/./prevector.h:204 NEW_FUNC[5/16]: 0x557b808cc0f0 in BaseSignatureChecker::CheckSig(std::vector<unsigned char, std::allocator<unsigned char> > const&, std::vector<unsigned char, std::allocator<unsigned char> > const&, CScript const&, SigVersion) const src/./script/interpreter.h:148 NEW_FUNC[6/16]: 0x557b809edb10 in CScript::operator=(CScript&&) src/./script/script.h:390 NEW_FUNC[7/16]: 0x557b809f8ec0 in void prevector<28u, unsigned char, unsigned int, int>::insert<prevector<28u, unsigned char, unsigned int, int>::const_iterator>(prevector<28u, unsigned char, unsigned int, int>::iterator, prevector<28u, unsigned char, unsigned int, int>::const_iterator, prevector<28u, unsigned char, unsigned int, int>::const_iterator) src/./prevector.h:368 NEW_FUNC[8/16]: 0x557b809f9260 in prevector<28u, unsigned char, unsigned int, int>::swap(prevector<28u, unsigned char, unsigned int, int>&) src/./prevector.h:451 NEW_FUNC[9/16]: 0x557b81ab58c0 in CheckSignatureEncoding(std::vector<unsigned char, std::allocator<unsigned char> > const&, unsigned int, ScriptError_t*) src/script/interpreter.cpp:200 NEW_FUNC[10/16]: 0x557b81ab6f30 in FindAndDelete(CScript&, CScript const&) src/script/interpreter.cpp:254 NEW_FUNC[11/16]: 0x557b81acdc20 in CheckPubKeyEncoding(std::vector<unsigned char, std::allocator<unsigned char> > const&, unsigned int, SigVersion const&, ScriptError_t*) src/script/interpreter.cpp:217 NEW_FUNC[12/16]: 0x557b81ad3890 in IsCompressedOrUncompressedPubKey(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/script/interpreter.cpp:63 NEW_FUNC[13/16]: 0x557b81ad8830 in CScript::GetOp(prevector<28u, unsigned char, unsigned int, int>::const_iterator&, opcodetype&) const src/./script/script.h:505 NEW_FUNC[14/16]: 0x557b81ae21a0 in prevector<28u, unsigned char, unsigned int, int>::prevector<prevector<28u, unsigned char, unsigned int, int>::const_iterator>(prevector<28u, unsigned char, unsigned int, int>::const_iterator, prevector<28u, unsigned char, unsigned int, int>::const_iterator) src/./prevector.h:246 NEW_FUNC[0/1]: 0x557b81ae1a40 in CScriptNum::operator+=(long const&) src/./script/script.h:290 NEW_FUNC[0/5]: 0x557b81af9760 in CSHA1::CSHA1() src/crypto/sha1.cpp:150 NEW_FUNC[1/5]: 0x557b81af9830 in (anonymous namespace)::sha1::Initialize(unsigned int*) src/crypto/sha1.cpp:32 NEW_FUNC[2/5]: 0x557b81af9bf0 in CSHA1::Write(unsigned char const*, unsigned long) src/crypto/sha1.cpp:155 NEW_FUNC[3/5]: 0x557b81afa090 in (anonymous namespace)::sha1::Transform(unsigned int*, unsigned char const*) src/crypto/sha1.cpp:47 NEW_FUNC[4/5]: 0x557b81afc5e0 in CSHA1::Finalize(unsigned char*) src/crypto/sha1.cpp:181 NEW_FUNC[0/1]: 0x557b81ada4f0 in CScriptNum::operator-() const src/./script/script.h:278 NEW_FUNC[0/1]: 0x557b808cc210 in BaseSignatureChecker::CheckSequence(CScriptNum const&) const src/./script/interpreter.h:158 NEW_FUNC[0/1]: 0x557b81ab5c00 in IsValidSignatureEncoding(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/script/interpreter.cpp:107 stat::number_of_executed_units: 9728 stat::average_exec_per_sec: 1621 stat::new_units_added: 844 stat::slowest_unit_time_sec: 0 stat::peak_rss_mb: 326 Number of unique code paths taken during fuzzing round: 583 Tested fuzz harnesses seem to work as expected. ``` ACKs for top commit: MarcoFalke: ACK 7e50abcc29dc5fde24a1b3e57c6316eabda35e2e Tree-SHA512: 4874ab28efb4219c24a4cfc9be901a3297d1973f43acadec415c2e1d6843e4e661f90e8f9695849373775a4556884cdcc8862a092246ae0383b844c37c1627d5
This directory contains integration tests that test bitcoind and its utilities in their entirety. It does not contain unit tests, which can be found in /src/test, /src/wallet/test, etc.
This directory contains the following sets of tests:
- functional which test the functionality of bitcoind and bitcoin-qt by interacting with them through the RPC and P2P interfaces.
- util which tests the bitcoin utilities, currently only bitcoin-tx.
- lint which perform various static analysis checks.
The util tests are run as part of make check target. The functional
tests and lint scripts can be run as explained in the sections below.
Running tests locally
Before tests can be run locally, Bitcoin Core must be built. See the building instructions for help.
Functional tests
Dependencies
The ZMQ functional test requires a python ZMQ library. To install it:
- on Unix, run
sudo apt-get install python3-zmq - on mac OS, run
pip3 install pyzmq
Running the tests
Individual tests can be run by directly calling the test script, e.g.:
test/functional/feature_rbf.py
or can be run through the test_runner harness, eg:
test/functional/test_runner.py feature_rbf.py
You can run any combination (incl. duplicates) of tests by calling:
test/functional/test_runner.py <testname1> <testname2> <testname3> ...
Wildcard test names can be passed, if the paths are coherent and the test runner
is called from a bash shell or similar that does the globbing. For example,
to run all the wallet tests:
test/functional/test_runner.py test/functional/wallet*
functional/test_runner.py functional/wallet* (called from the test/ directory)
test_runner.py wallet* (called from the test/functional/ directory)
but not
test/functional/test_runner.py wallet*
Combinations of wildcards can be passed:
test/functional/test_runner.py ./test/functional/tool* test/functional/mempool*
test_runner.py tool* mempool*
Run the regression test suite with:
test/functional/test_runner.py
Run all possible tests with
test/functional/test_runner.py --extended
By default, up to 4 tests will be run in parallel by test_runner. To specify
how many jobs to run, append --jobs=n
The individual tests and the test_runner harness have many command-line
options. Run test_runner.py -h to see them all.
Troubleshooting and debugging test failures
Resource contention
The P2P and RPC ports used by the bitcoind nodes-under-test are chosen to make conflicts with other processes unlikely. However, if there is another bitcoind process running on the system (perhaps from a previous test which hasn't successfully killed all its bitcoind nodes), then there may be a port conflict which will cause the test to fail. It is recommended that you run the tests on a system where no other bitcoind processes are running.
On linux, the test_framework will warn if there is another bitcoind process running when the tests are started.
If there are zombie bitcoind processes after test failure, you can kill them by running the following commands. Note that these commands will kill all bitcoind processes running on the system, so should not be used if any non-test bitcoind processes are being run.
killall bitcoind
or
pkill -9 bitcoind
Data directory cache
A pre-mined blockchain with 200 blocks is generated the first time a functional test is run and is stored in test/cache. This speeds up test startup times since new blockchains don't need to be generated for each test. However, the cache may get into a bad state, in which case tests will fail. If this happens, remove the cache directory (and make sure bitcoind processes are stopped as above):
rm -rf cache
killall bitcoind
Test logging
The tests contain logging at five different levels (DEBUG, INFO, WARNING, ERROR
and CRITICAL). From within your functional tests you can log to these different
levels using the logger included in the test_framework, e.g.
self.log.debug(object). By default:
- when run through the test_runner harness, all logs are written to
test_framework.logand no logs are output to the console. - when run directly, all logs are written to
test_framework.logand INFO level and above are output to the console. - when run on Travis, no logs are output to the console. However, if a test
fails, the
test_framework.logand bitcoinddebug.logs will all be dumped to the console to help troubleshooting.
To change the level of logs output to the console, use the -l command line
argument.
test_framework.log and bitcoind debug.logs can be combined into a single
aggregate log by running the combine_logs.py script. The output can be plain
text, colorized text or html. For example:
combine_logs.py -c <test data directory> | less -r
will pipe the colorized logs from the test into less.
Use --tracerpc to trace out all the RPC calls and responses to the console. For
some tests (eg any that use submitblock to submit a full block over RPC),
this can result in a lot of screen output.
By default, the test data directory will be deleted after a successful run.
Use --nocleanup to leave the test data directory intact. The test data
directory is never deleted after a failed test.
Attaching a debugger
A python debugger can be attached to tests at any point. Just add the line:
import pdb; pdb.set_trace()
anywhere in the test. You will then be able to inspect variables, as well as call methods that interact with the bitcoind nodes-under-test.
If further introspection of the bitcoind instances themselves becomes
necessary, this can be accomplished by first setting a pdb breakpoint
at an appropriate location, running the test to that point, then using
gdb (or lldb on macOS) to attach to the process and debug.
For instance, to attach to self.node[1] during a run you can get
the pid of the node within pdb.
(pdb) self.node[1].process.pid
Alternatively, you can find the pid by inspecting the temp folder for the specific test you are running. The path to that folder is printed at the beginning of every test run:
2017-06-27 14:13:56.686000 TestFramework (INFO): Initializing test directory /tmp/user/1000/testo9vsdjo3
Use the path to find the pid file in the temp folder:
cat /tmp/user/1000/testo9vsdjo3/node1/regtest/bitcoind.pid
Then you can use the pid to start gdb:
gdb /home/example/bitcoind <pid>
Note: gdb attach step may require ptrace_scope to be modified, or sudo preceding the gdb.
See this link for considerations: https://www.kernel.org/doc/Documentation/security/Yama.txt
Profiling
An easy way to profile node performance during functional tests is provided
for Linux platforms using perf.
Perf will sample the running node and will generate profile data in the node's
datadir. The profile data can then be presented using perf report or a graphical
tool like hotspot.
To generate a profile during test suite runs, use the --perf flag.
To see render the output to text, run
perf report -i /path/to/datadir/send-big-msgs.perf.data.xxxx --stdio | c++filt | less
For ways to generate more granular profiles, see the README in test/functional.
Util tests
Util tests can be run locally by running test/util/bitcoin-util-test.py.
Use the -v option for verbose output.
Lint tests
Dependencies
The lint tests require codespell and flake8. To install: pip3 install codespell flake8.
Running the tests
Individual tests can be run by directly calling the test script, e.g.:
test/lint/lint-filenames.sh
You can run all the shell-based lint tests by running:
test/lint/lint-all.sh
Writing functional tests
You are encouraged to write functional tests for new or existing features. Further information about the functional test framework and individual tests is found in test/functional.