You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/fuzzing.md
+31Lines changed: 31 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -143,6 +143,37 @@ If you find coverage increasing inputs when fuzzing you are highly encouraged to
143
143
144
144
Every single pull request submitted against the Bitcoin Core repo is automatically tested against all inputs in the [`bitcoin-core/qa-assets`](https://github.com/bitcoin-core/qa-assets) repo. Contributing new coverage increasing inputs is an easy way to help make Bitcoin Core more robust.
145
145
146
+
## Building and debugging fuzz tests
147
+
148
+
There are 3 ways fuzz tests can be built:
149
+
150
+
1. With `-DBUILD_FOR_FUZZING=ON` which forces on fuzz determinism (skipping
151
+
proof of work checks, disabling random number seeding, disabling clock time)
152
+
and causes `Assume()` checks to abort on failure.
153
+
154
+
This is the normal way to run fuzz tests and generate new inputs. Because
155
+
determinism is hardcoded on in this build, only the fuzz binary can be built
156
+
and all other binaries are disabled.
157
+
158
+
2. With `-DBUILD_FUZZ_BINARY=ON -DCMAKE_BUILD_TYPE=Debug` which causes
159
+
`Assume()` checks to abort on failure, and enables fuzz determinism, but
160
+
makes it optional.
161
+
162
+
Determinism is turned on in the fuzz binary by default, but can be turned off
163
+
by setting the `FUZZ_NONDETERMINISM` environment variable to any value, which
164
+
may be useful for running fuzz tests with code that deterministic execution
165
+
would otherwise skip.
166
+
167
+
Since `BUILD_FUZZ_BINARY`, unlike `BUILD_FOR_FUZZING`, does not hardcode on
168
+
determinism, this allows non-fuzz binaries to coexist in the same build,
169
+
making it possible to reproduce fuzz test failures in a normal build.
170
+
171
+
3. With `-DBUILD_FUZZ_BINARY=ON -DCMAKE_BUILD_TYPE=Release`. In this build, the
172
+
fuzz binary will build but refuse to run, because in release builds
173
+
determinism is forced off and `Assume()` checks do not abort, so running the
174
+
tests would not be useful. This build is only useful for ensuring fuzz tests
175
+
compile and link.
176
+
146
177
## macOS hints for libFuzzer
147
178
148
179
The default Clang/LLVM version supplied by Apple on macOS does not include
0 commit comments