Performance improvements to EOF layout fuzzing (#7545)

* Performance improvements to fuzzing Turning off guidance speeds the rate of testing up by 10%. Also, add other options to store new guided-discovered tests. Signed-off-by: Danno Ferrin <[email protected]> * bring in the whole javafuzz lib so we can tweak it. Signed-off-by: Danno Ferrin <[email protected]> --------- Signed-off-by: Danno Ferrin <[email protected]> Co-authored-by: Sally MacFarlane <[email protected]>
hyperledger · Sep 1, 2024 · fa73102 · fa73102
1 parent 2339c1d
commit fa73102
Show file tree

Hide file tree

Showing 9 changed files with 599 additions and 56 deletions.
diff --git a/build.gradle b/build.gradle
@@ -163,10 +163,6 @@ allprojects {
       url 'https://splunk.jfrog.io/splunk/ext-releases-local'
       content { includeGroupByRegex('com\\.splunk\\..*') }
     }
-    maven {
-      url 'https://gitlab.com/api/v4/projects/19871573/packages/maven'
-      content { includeGroupByRegex('com\\.gitlab\\.javafuzz(\\..*)?') }
-    }
 
     mavenCentral()
 

diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
@@ -546,19 +546,6 @@
             <sha256 value="74da05b3ca50a8158101b7e12fbfbf902e011340f14bf31c1776cb51f96147f3" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="com.gitlab.javafuzz" name="core" version="1.26">
-         <artifact name="core-1.26.jar">
-            <sha256 value="c6c2a7a67fac12db6dd495181082b2cc3fa8fd30399287854119054dde58ba92" origin="Generated by Gradle"/>
-         </artifact>
-         <artifact name="core-1.26.pom">
-            <sha256 value="e218318c0edfea8c7f7030cbd2ffe9c7db206de39b16147d8a8a2a801515efd6" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="com.gitlab.javafuzz" name="javafuzz" version="1.26">
-         <artifact name="javafuzz-1.26.pom">
-            <sha256 value="c5f521d9795c2bc11293ab08fbc563d453349b398b4fc5afe1388644abc392bf" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
       <component group="com.google" name="google" version="5">
          <artifact name="google-5.pom">
             <sha256 value="e09d345e73ca3fbca7f3e05f30deb74e9d39dd6b79a93fee8c511f23417b6828" origin="Generated by Gradle"/>

diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -41,8 +41,6 @@ dependencyManagement {
 
     dependency 'org.hyperledger.besu:besu-errorprone-checks:1.0.0'
 
-    dependency 'com.gitlab.javafuzz:core:1.26'
-
     dependency 'com.google.guava:guava:33.0.0-jre'
 
     dependency 'com.graphql-java:graphql-java:21.5'

diff --git a/testfuzz/build.gradle b/testfuzz/build.gradle
@@ -39,7 +39,6 @@ dependencies {
   implementation project(':util')
 
   implementation 'com.fasterxml.jackson.core:jackson-databind'
-  implementation 'com.gitlab.javafuzz:core'
   implementation 'com.google.guava:guava'
   implementation 'info.picocli:picocli'
   implementation 'io.tmio:tuweni-bytes'
@@ -72,6 +71,15 @@ tasks.register("runFuzzer", JavaExec) {
   }
 }
 
+// Adds guidance to the fuzzer but with a 90% performance drop.
+tasks.register("fuzzGuided") {
+  doLast {
+    runFuzzer.args += "--guidance-regexp=org/(hyperledger/besu|apache/tuweni)"
+    runFuzzer.args += "--new-corpus-dir=${corpusDir}/.."
+  }
+  finalizedBy("runFuzzer")
+}
+
 // This fuzzes besu as an external client.  Besu fuzzing as a local client is enabled by default.
 tasks.register("fuzzBesu") {
   dependsOn(":installDist")
@@ -111,7 +119,7 @@ tasks.register("fuzzNethermind") {
 
 tasks.register("fuzzReth") {
   doLast {
-    runFuzzer.args += "--client=revm=revme bytecode"
+    runFuzzer.args += "--client=revm=revme bytecode --eof-runtime"
   }
   finalizedBy("runFuzzer")
 }

diff --git a/testfuzz/src/main/java/org/hyperledger/besu/testfuzz/EofContainerSubCommand.java b/testfuzz/src/main/java/org/hyperledger/besu/testfuzz/EofContainerSubCommand.java
@@ -22,6 +22,7 @@
 import org.hyperledger.besu.evm.EVM;
 import org.hyperledger.besu.evm.MainnetEVMs;
 import org.hyperledger.besu.evm.internal.EvmConfiguration;
+import org.hyperledger.besu.testfuzz.javafuzz.Fuzzer;
 
 import java.io.File;
 import java.io.FileOutputStream;
@@ -48,7 +49,6 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
-import com.gitlab.javafuzz.core.AbstractFuzzTarget;
 import com.google.common.base.Stopwatch;
 import org.apache.tuweni.bytes.Bytes;
 import picocli.CommandLine;
@@ -61,7 +61,7 @@
     description = "Fuzzes EOF container parsing and validation",
     mixinStandardHelpOptions = true,
     versionProvider = VersionProvider.class)
-public class EofContainerSubCommand extends AbstractFuzzTarget implements Runnable {
+public class EofContainerSubCommand implements Runnable {
 
   static final String COMMAND_NAME = "eof-container";
 
@@ -100,6 +100,16 @@ public class EofContainerSubCommand extends AbstractFuzzTarget implements Runnab
       description = "Minimum number of fuzz tests before a time limit fuzz error can occur")
   private long timeThresholdIterations = 2_000;
 
+  @Option(
+      names = {"--guidance-regexp"},
+      description = "Regexp for classes that matter for guidance metric")
+  private String guidanceRegexp;
+
+  @Option(
+      names = {"--new-corpus-dir"},
+      description = "Directory to write hex versions of guidance added contracts")
+  private File newCorpusDir = null;
+
   @CommandLine.ParentCommand private final BesuFuzzCommand parentCommand;
 
   static final ObjectMapper eofTestMapper = createObjectMapper();
@@ -174,7 +184,13 @@ public void run() {
     System.out.println("Fuzzing client set: " + clients.keySet());
 
     try {
-      new Fuzzer(this, corpusDir.toString(), this::fuzzStats).start();
+      new Fuzzer(
+              this::parseEOFContainers,
+              corpusDir.toString(),
+              this::fuzzStats,
+              guidanceRegexp,
+              newCorpusDir)
+          .start();
     } catch (NoSuchAlgorithmException
         | ClassNotFoundException
         | InvocationTargetException
@@ -212,8 +228,7 @@ private void extractFile(final File f, final File initialCorpus) {
     }
   }
 
-  @Override
-  public void fuzz(final byte[] bytes) {
+  void parseEOFContainers(final byte[] bytes) {
     Bytes eofUnderTest = Bytes.wrap(bytes);
     String eofUnderTestHexString = eofUnderTest.toHexString();
 
@@ -236,7 +251,7 @@ public void fuzz(final byte[] bytes) {
                         "%s: slow validation %d µs%n", client.getName(), elapsedMicros);
                     try {
                       Files.writeString(
-                          Path.of("slow-" + client.getName() + "-" + name + ".hex"),
+                          Path.of("slow-" + name + "-" + client.getName() + ".hex"),
                           eofUnderTestHexString);
                     } catch (IOException e) {
                       throw new RuntimeException(e);