Skip to content
This repository has been archived by the owner on Nov 18, 2022. It is now read-only.

Add Polyjuice Generator Fuzzer and test contracts on x86 with sanitizers #49

Merged
merged 33 commits into from
Jul 2, 2021
Merged

Add Polyjuice Generator Fuzzer and test contracts on x86 with sanitizers #49

merged 33 commits into from
Jul 2, 2021

Conversation

Flouse
Copy link
Collaborator

@Flouse Flouse commented Jul 1, 2021

These three file were created to simulate gw_syscalls:

  • polyjuice-tests/fuzz/ckb_syscalls.h
  • polyjuice-tests/fuzz/mock_generator_utils.h (will be deprecated and follow the newest version of deps/godwoken-scripts/c/generator_utils.h)
  • polyjuice-tests/fuzz/mock_godwoken.hpp

FuzzTest CI status

FuzzTest

Polyjuice Generator Fuzzer

cd polyjuice-tests/fuzz
make build/polyjuice_generator_fuzzer
./build/polyjuice_generator_fuzzer

General Algorithm

// pseudo code
Instrument program for code coverage
load pre-defined transactions such as contracts deploying and then execute run_polyjuice()
while(true) {
  Choose random input from corpus
  Mutate/populate input into transactions
  Execute run_polyjuice() and collect coverage
  If new coverage/paths are hit add it to corpus (corpus - directory with test-cases)
}

test_contracts on x86 with sanitizers

cd polyjuice-tests/fuzz

make build/test_contracts
./build/test_contracts

make build/test_rlp
./build/test_rlp

Coverage Report[WIP]

TBD

floustar added 27 commits July 1, 2021 13:36
@floustar
build to x86 target
9154e90
@floustar
test rlp_encode_sender_and_nonce with sanitizers
eacc96f 
[debug] success => 279
LLVMSymbolizer: error reading file: No such file or directory

=================================================================
==1038102==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 6770 byte(s) in 286 object(s) allocated from:
    #0 0x49908d in malloc /home/nnelson/Documents/llvm-project/llvm/utils/release/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x54a4f0 in hex2bin(char const*, unsigned char**, unsigned long*) /home/flouse/godwoken-polyjuice/polyjuice-tests/fuzz/../../c/tests/./test_utils.h:11:21
    #2 0x7ffcb5cfcea7  ([stack]+0x1fea7)

Direct leak of 5720 byte(s) in 286 object(s) allocated from:
    #0 0x49908d in malloc /home/nnelson/Documents/llvm-project/llvm/utils/release/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x54a4f0 in hex2bin(char const*, unsigned char**, unsigned long*) /home/flouse/godwoken-polyjuice/polyjuice-tests/fuzz/../../c/tests/./test_utils.h:11:21
    #2 0x4084ff  (/home/flouse/godwoken-polyjuice/polyjuice-tests/fuzz/build/test_rlp+0x4084ff)

Direct leak of 5720 byte(s) in 286 object(s) allocated from:
    #0 0x49908d in malloc /home/nnelson/Documents/llvm-project/llvm/utils/release/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x54a4f0 in hex2bin(char const*, unsigned char**, unsigned long*) /home/flouse/godwoken-polyjuice/polyjuice-tests/fuzz/../../c/tests/./test_utils.h:11:21
    #2 0x7f5fc8bf11af  (/lib/x86_64-linux-gnu/libstdc++.so.6+0x2151af)

SUMMARY: AddressSanitizer: 18210 byte(s) leaked in 858 allocation(s).
@floustar
fix(test_rlp): free bin data from hex2bin function
7995979
@floustar
fix(test_contract): avoid memory leak from hex2bin
85bc260
@floustar
test: mock godwoken generator utils for fuzzing
55e9983
@floustar
docs: add some comments for contracts.h
60ab2ff
@floustar
debug(dbg_print): add debug print function for DEBUG mode(default)
e8de9e0 
* compile with -DNO_DEBUG_LOG to erase debug logs
@floustar
fuzz: init polyjuice generator fuzzer
dbdc651
@floustar
docs: test_contracts on x86 with SANITIZERs
304cafc 
- sanitize=address,undefined
@floustar
chore: update build and run task
391cd8c
@floustar
test: mock generator utils functions
bcd057d
@floustar
update PROTOCOL_VERSION following godwokenrises/pull/41
62e07be
@floustar
update PROTOCOL_VERSION following godwokenrises@8a3f232
6b75887
@floustar
Update the changes of generator_utils.h into mock_generator_utils.h
20dbd24 
from generator_utils.h@b61h784 to
https://github.com/nervosnetwork/godwoken-scripts/blob/v0.7.0-rc1/c/generator_utils.h
@floustar
fix: creator_raw_args_seg_ptr stack-use-after-scope (godwokenrises#44)
908394e
@floustar
test: mock godwoken state
24950fe
@floustar
test: mock gw_store_data
f06543d
@floustar
test: mock gw_load_transaction_from_raw_tx and gw_sys_load_data
b6bed56
@floustar
update docs
eb31b89
@floustar
test: add pre_defined_test_cases before fuzzing
93c78b7
@floustar
test: mock gw_sys_load_blockinfo
c92b496
@floustar
test: move mock syscalls to fuzz/ckb_syscalls.h
9180d7b
@floustar
test: mock gw_sys_load_rollup_config
b3ec86d
@floustar
test: mock gw_sys_create
d6f7d79
@floustar
test: mock create accounts in init() step
aec17a3
@floustar
test: add simple_storage test case and rm some hardcode
f96d78a
@floustar
refactor: move out moc_syscalls from mock_generator_utils.h
77fdaca
@Flouse Flouse changed the title Fuzz v1 Add Polyjuice Generator Fuzzer and test contracts on x86 with sanitizers Jul 1, 2021
@TheWaWaR TheWaWaR merged commit 4021a6b into godwokenrises:main Jul 2, 2021
@Flouse Flouse deleted the fuzz-v1 branch July 26, 2021 06:06
@Flouse Flouse mentioned this pull request Aug 6, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@TheWaWaR TheWaWaR TheWaWaR approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Flouse @TheWaWaR @floustar