From 2b53bfce8d8a5eeddb664afde5748fd9a7fcf56a Mon Sep 17 00:00:00 2001 From: Sabaun Taraki Date: Mon, 23 Oct 2023 16:42:14 +0300 Subject: [PATCH] refactor(runtime-fuzzer): Decrease payload length in `runtime-fuzzer` (#3443) --- docker/runtime-fuzzer/scripts/fuzzer.sh | 4 ++-- scripts/fuzzer_consts.sh | 4 ++-- utils/runtime-fuzzer/README.md | 6 +++--- utils/runtime-fuzzer/src/gear_calls.rs | 10 ++++++---- utils/runtime-fuzzer/src/utils.rs | 4 ++++ 5 files changed, 17 insertions(+), 11 deletions(-) diff --git a/docker/runtime-fuzzer/scripts/fuzzer.sh b/docker/runtime-fuzzer/scripts/fuzzer.sh index 0cab977828a..727078c6900 100755 --- a/docker/runtime-fuzzer/scripts/fuzzer.sh +++ b/docker/runtime-fuzzer/scripts/fuzzer.sh @@ -70,7 +70,7 @@ function start_container_post { rustup component add llvm-tools-preview && \ rustup component add --toolchain nightly llvm-tools-preview && \ cargo fuzz coverage --release --sanitizer=none main /corpus/main -- \ - -rss_limit_mb=8192 -max_len=20000000 -len_control=0 && \ + -rss_limit_mb=8192 -max_len=450000 -len_control=0 && \ cargo cov -- show target/x86_64-unknown-linux-gnu/coverage/x86_64-unknown-linux-gnu/release/main \ --format=text \ --show-line-counts \ @@ -90,7 +90,7 @@ function start_container_post { # Clear folder with corpus rm -rf $WORK_DIR/corpus/* # Generate new first seed - dd if=/dev/urandom of=$WORK_DIR/corpus/first-seed bs=1 count=16000000 + dd if=/dev/urandom of=$WORK_DIR/corpus/first-seed bs=1 count=350000 } # Function to start the container and wait for it to stop diff --git a/scripts/fuzzer_consts.sh b/scripts/fuzzer_consts.sh index d0374aefb1a..14409e316c5 100644 --- a/scripts/fuzzer_consts.sh +++ b/scripts/fuzzer_consts.sh @@ -1,3 +1,3 @@ -INITIAL_INPUT_SIZE=${INITIAL_INPUT_SIZE:-'16000000'} -MAX_LEN=${MAX_LEN:-'20000000'} +INITIAL_INPUT_SIZE=${INITIAL_INPUT_SIZE:-'350000'} +MAX_LEN=${MAX_LEN:-'450000'} RSS_LIMIT_MB=${RSS_LIMIT_MB:-'8192'} diff --git a/utils/runtime-fuzzer/README.md b/utils/runtime-fuzzer/README.md index 107d3b62183..694bcac9fd9 100644 --- a/utils/runtime-fuzzer/README.md +++ b/utils/runtime-fuzzer/README.md @@ -19,7 +19,7 @@ cd utils/runtime-fuzzer # Fuzzer expects a minimal input size of 25 MiB. Without providing a corpus of the same or larger # size fuzzer will stuck for a long time with trying to test the target using 0..100 bytes. mkdir -p fuzz/corpus/main -dd if=/dev/urandom of=fuzz/corpus/main/fuzzer-seed-corpus bs=1 count=16000000 +dd if=/dev/urandom of=fuzz/corpus/main/fuzzer-seed-corpus bs=1 count=350000 # Run fuzzer for at least 20 minutes and then press Ctrl-C to stop fuzzing. # You can also remove RUST_LOG to avoid printing tons of logs on terminal. @@ -31,7 +31,7 @@ cargo fuzz run \ fuzz/corpus/main \ -- \ -rss_limit_mb=8192 \ - -max_len=20000000 \ + -max_len=450000 \ -len_control=0 # Get coverage @@ -42,7 +42,7 @@ cargo fuzz coverage \ fuzz/corpus/main \ -- \ -rss_limit_mb=8192 \ - -max_len=20000000 \ + -max_len=450000 \ -len_control=0 ``` diff --git a/utils/runtime-fuzzer/src/gear_calls.rs b/utils/runtime-fuzzer/src/gear_calls.rs index 033be476ad8..6bc3bb71aa5 100644 --- a/utils/runtime-fuzzer/src/gear_calls.rs +++ b/utils/runtime-fuzzer/src/gear_calls.rs @@ -40,8 +40,10 @@ use gear_wasm_gen::{ }; use std::mem; -/// Maximum payload size for the fuzzer - 512 KiB. -const MAX_PAYLOAD_SIZE: usize = 512 * 1024; +/// Maximum payload size for the fuzzer - 1 KiB. +/// +/// TODO: #3442 +const MAX_PAYLOAD_SIZE: usize = 1024; static_assertions::const_assert!(MAX_PAYLOAD_SIZE <= gear_core::message::MAX_PAYLOAD_SIZE); /// Maximum salt size for the fuzzer - 512 bytes. @@ -254,8 +256,8 @@ impl UploadProgramGenerator { } const fn unstructured_size_hint(&self) -> usize { - // Max code size - 50 KiB. - const MAX_CODE_SIZE: usize = 50 * 1024; + // Max code size - 25 KiB. + const MAX_CODE_SIZE: usize = 25 * 1024; MAX_CODE_SIZE + MAX_SALT_SIZE + MAX_PAYLOAD_SIZE + GAS_AND_VALUE_SIZE + AUXILIARY_SIZE } diff --git a/utils/runtime-fuzzer/src/utils.rs b/utils/runtime-fuzzer/src/utils.rs index 812b3e34a9b..3719255ab7b 100644 --- a/utils/runtime-fuzzer/src/utils.rs +++ b/utils/runtime-fuzzer/src/utils.rs @@ -33,6 +33,10 @@ pub fn min_unstructured_input_size() -> usize { } pub(crate) fn default_generator_set(test_input_id: String) -> ExtrinsicGeneratorSet { + // *WARNING*: + // + // Increasing these constants requires resetting minimal + // size of fuzzer input buffer in corresponding scripts. const UPLOAD_PROGRAM_CALLS: usize = 10; const SEND_MESSAGE_CALLS: usize = 15; const SEND_REPLY_CALLS: usize = 1;