refactor(runtime-fuzzer): Decrease payload length in runtime-fuzzer (…

…#3443)

docker/runtime-fuzzer/scripts/fuzzer.sh

@@ -70,7 +70,7 @@ function start_container_post {
 		rustup component add llvm-tools-preview && \
 		rustup component add --toolchain nightly llvm-tools-preview && \
 		cargo fuzz coverage --release --sanitizer=none main /corpus/main -- \
-        -rss_limit_mb=8192 -max_len=20000000 -len_control=0 && \
+        -rss_limit_mb=8192 -max_len=450000 -len_control=0 && \
 		cargo cov -- show target/x86_64-unknown-linux-gnu/coverage/x86_64-unknown-linux-gnu/release/main \
         --format=text \
         --show-line-counts \
@@ -90,7 +90,7 @@ function start_container_post {
     # Clear folder with corpus
     rm -rf $WORK_DIR/corpus/*
     # Generate new first seed
-    dd if=/dev/urandom of=$WORK_DIR/corpus/first-seed bs=1 count=16000000
+    dd if=/dev/urandom of=$WORK_DIR/corpus/first-seed bs=1 count=350000
 }
 
 # Function to start the container and wait for it to stop

scripts/fuzzer_consts.sh

@@ -1,3 +1,3 @@
-INITIAL_INPUT_SIZE=${INITIAL_INPUT_SIZE:-'16000000'}
-MAX_LEN=${MAX_LEN:-'20000000'}
+INITIAL_INPUT_SIZE=${INITIAL_INPUT_SIZE:-'350000'}
+MAX_LEN=${MAX_LEN:-'450000'}
 RSS_LIMIT_MB=${RSS_LIMIT_MB:-'8192'}

utils/runtime-fuzzer/README.md

@@ -19,7 +19,7 @@ cd utils/runtime-fuzzer
 # Fuzzer expects a minimal input size of 25 MiB. Without providing a corpus of the same or larger
 # size fuzzer will stuck for a long time with trying to test the target using 0..100 bytes.
 mkdir -p fuzz/corpus/main
-dd if=/dev/urandom of=fuzz/corpus/main/fuzzer-seed-corpus bs=1 count=16000000
+dd if=/dev/urandom of=fuzz/corpus/main/fuzzer-seed-corpus bs=1 count=350000
 
 # Run fuzzer for at least 20 minutes and then press Ctrl-C to stop fuzzing.
 # You can also remove RUST_LOG to avoid printing tons of logs on terminal.
@@ -31,7 +31,7 @@ cargo fuzz run \
     fuzz/corpus/main \
     -- \
         -rss_limit_mb=8192 \
-        -max_len=20000000 \
+        -max_len=450000 \
         -len_control=0
 
 # Get coverage
@@ -42,7 +42,7 @@ cargo fuzz coverage \
     fuzz/corpus/main \
     -- \
         -rss_limit_mb=8192 \
-        -max_len=20000000 \
+        -max_len=450000 \
         -len_control=0
 ```
 

utils/runtime-fuzzer/src/gear_calls.rs

@@ -40,8 +40,10 @@ use gear_wasm_gen::{
 };
 use std::mem;
 
-/// Maximum payload size for the fuzzer - 512 KiB.
-const MAX_PAYLOAD_SIZE: usize = 512 * 1024;
+/// Maximum payload size for the fuzzer - 1 KiB.
+///
+/// TODO: #3442
+const MAX_PAYLOAD_SIZE: usize = 1024;
 static_assertions::const_assert!(MAX_PAYLOAD_SIZE <= gear_core::message::MAX_PAYLOAD_SIZE);
 
 /// Maximum salt size for the fuzzer - 512 bytes.
@@ -254,8 +256,8 @@ impl UploadProgramGenerator {
     }
 
     const fn unstructured_size_hint(&self) -> usize {
-        // Max code size - 50 KiB.
-        const MAX_CODE_SIZE: usize = 50 * 1024;
+        // Max code size - 25 KiB.
+        const MAX_CODE_SIZE: usize = 25 * 1024;
 
         MAX_CODE_SIZE + MAX_SALT_SIZE + MAX_PAYLOAD_SIZE + GAS_AND_VALUE_SIZE + AUXILIARY_SIZE
     }

utils/runtime-fuzzer/src/utils.rs

@@ -33,6 +33,10 @@ pub fn min_unstructured_input_size() -> usize {
 }
 
 pub(crate) fn default_generator_set(test_input_id: String) -> ExtrinsicGeneratorSet {
+    // *WARNING*:
+    //
+    // Increasing these constants requires resetting minimal
+    // size of fuzzer input buffer in corresponding scripts.
     const UPLOAD_PROGRAM_CALLS: usize = 10;
     const SEND_MESSAGE_CALLS: usize = 15;
     const SEND_REPLY_CALLS: usize = 1;