status-im
/
nimbus-eth2
mirror of https://github.com/status-im/nimbus-eth2.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
nimbus-eth2/nfuzz
History
Jacek Sieka 03a147ab8d
avoid state copy in state transition (#930) 
In BlockPool, we keep the head state around, so it's trivial to restore
the temporary state there and keep going as if nothing happened.

This solves 3 problems:
* stack space - the state copy on mainnet is huge
* GC scanning - using stack space for state slows down the GC
significantly
* reckless copying - the copy itself takes a long time

In state_sim, we'll do the same and allocate on heap - this helps a
little with GC - without it, the collection of the temporary strings
created with `toHex` while printing the json dominates the trace.
 		2020-04-26 21:13:33 +02:00
..
README.md Allow defects and assertions to propagate in fuzzing harnesses. 2020-01-08 13:46:14 +02:00
libnfuzz.h [WIP] Fake bls at runtime (#735) 2020-03-05 13:52:10 +01:00
libnfuzz.nim avoid state copy in state transition (#930) 2020-04-26 21:13:33 +02:00

README.md

Introduction

libnfuzz is a wrapper library that exports to C, a set of fuzzing test cases written in Nim and making use of nim-beacon-chain.

Building

To build the wrapper library (for more details follow first the instructions from nim-beacon-chain):

git clone https://github.com/status-im/nim-beacon-chain.git
cd nim-beacon-chain
make
# static library
make libnfuzz.a
# dynamic loaded library
make libnfuzz.so

Default, the library is build with the minimal config. To select a specific config you can instead run:

# build with mainnet config
make libnfuzz.a NIMFLAGS="-d:const_preset=mainnet"

For the library to be useful for fuzzing with libFuzzer (e.g. for integration with beacon-fuzz) we can pass additional Nim arguments, e.g.:

make libnfuzz.a NIMFLAGS="--cc:clang --passC:'-fsanitize=fuzzer-no-link' --passL='-fsanitize=fuzzer'"

To disable BLS verification on deserialization of SSZ objects add -d:ssz_testing to the NIMFLAGS.

Other useful options might include: --clang.path:<path>, --clang.exe:<exe>, --clang.linkerexe:<exe>, -d:const_preset=mainnet

It might also deem useful to lower the log level, e.g. by adding -d:chronicles_log_level=fatal.

Usage

There is a libnfuzz.h file provided for easy including in C or C++ projects.

It is most important that before any of the exported tests are called, the NimMain() call is done first. Additionally, all following library calls need to be done from the same thread as from where the original NimMain() call was done.