p2p: Lazy init some bloom filters; fuzz version handshake #30413
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
|
Concept ACK, but would be good to explain how this is different from the existing approach, introduced in "fuzz: version handshake" #20370, which was a replacement for "fuzz: Version handshake" #20097 . Now that the timedata bug is fixed, and the module and related globals removed completely, it is a bit hard(er) to re-introduce it for testing, I guess. IIRC I did check it at some point and found that the existing fuzz targets would act as a regression test. |
The main difference is that this harness focuses on the version handshake, where a modification to the existing
Happy to take that out of the op, the primary goal is to have fuzzing coverage for the version handshake (non-existent currently), which would be able to find such bugs. |
Are you sure it is completely non-existent? I am sure I did fuzz the version handshake at some point in time and the current coverage report (https://maflcko.github.io/b-c-cov/fuzz.coverage/src/net_processing.cpp.gcov.html) seems to agree. Maybe I am missing something. No objection in any case. I am just trying to understand better what exactly this improves. Maybe you can show a coverage report that shows higher coverage compared to before or how a faked introduced bug is found faster compared to before. Concept ACK in any case. |
The coverage we do have comes from the I'll generate a coverage report to show the difference |
|
Concept ACK |
Concept ACK 75fc22f Maybe I'm just not too familiar with fuzz testing but this seems very similar to |
Sorry for the wrong comments above. Not sure why I hallucinated that this was already fuzzed. I guess I remembered seeing the timedata warnings printed in the fuzz runner and somehow assumed this part of the code is already fully fuzzed. However, I guess the timedata fuzz target explicitly avoided the bitcoin/src/test/fuzz/timedata.cpp Line 28 in b6440f2 Line 37 in b6440f2 |
d94db4f to
2a017fd
Compare
2a017fd to
c670fe2
Compare
|
Addressed #30413 (comment). |
There was a problem hiding this comment.
Sorry for not reviewing this earlier.
I think the title seems to imply that this is a test-only change, but you are also lazy-initializing some fields in the peer manager. What about changing the title to p2p: Lazy init some bloom filters; fuzz version handshake.
Left some nits. Feel free to ignore.
c670fe2 to
f166694
Compare
|
@maflcko Took all your nits. |
-BEGIN VERIFY SCRIPT- sed -i 's/m_recent_confirmed_transactions/m_lazy_recent_confirmed_transactions/g' $(git grep -l 'm_recent_confirmed_transactions') sed -i 's/m_recent_rejects_reconsiderable/m_lazy_recent_rejects_reconsiderable/g' $(git grep -l 'm_recent_rejects_reconsiderable') sed -i 's/m_recent_rejects/m_lazy_recent_rejects/g' $(git grep -l 'm_recent_rejects') -END VERIFY SCRIPT-
f166694 to
afd237b
Compare
edilmedeiros
left a comment
There was a problem hiding this comment.
Concept ACK
I'm curious why the filters should be made lazy for this to work.
It's not required but it makes the harness more performant, i.e. we can run more testcases each second (see #30413 (comment)). |
marcofleon
left a comment
There was a problem hiding this comment.
Tested ACK afd237b. I compared the coverage of net_processing from this harness to the process_message and process_messages harnesses to see the differences. This target hits more specific parts of the version handshake. The stability looks good as well, at about 94%.
|
I'm new to this kind of test, so just to be sure this is not a specific quirk of my setup (Apple M3 Pro Sonoma 14.5 compiled with clang-18 installed through macports). I'm getting some runtime errors at the beginning of the test. After that it seems to run smoothly. Compiled with Running with |
|
ACK afd237b Left it running overnight (slight changes since it), coverage and performance looks great. |
| @@ -0,0 +1,107 @@ | |||
| // Copyright (c) 2020-present The Bitcoin Core developers | |||
There was a problem hiding this comment.
| // Copyright (c) 2020-present The Bitcoin Core developers | |
| // Copyright (c) 2024-present The Bitcoin Core developers |
There was a problem hiding this comment.
Code Review ACK afd237b
The lazy initialization seem like a good thing in itself because it might also save a little bit of memory during IBD when we don't need the filters yet - m_lazy_recent_rejects and m_lazy_recent_rejects_reconsiderable should only be initialized after getting out of IBD.
Maybe, as a follow-up, it could make sense to skip early when in IBD in
bitcoin/src/net_processing.cpp
Lines 4227 to 4233 in 66e82dc
AlreadyHaveTx (when we wouldn't call AddTxAnnouncement() for it anyway)
|
@edilmedeiros I've seen people have similar issues on a Mac, I don't think these are real issues but rather false positives. You can configure without the bitcoin/test/fuzz/test_runner.py Line 24 in b875516 |
|
Ported to the CMake-based build system in hebasto#304. |
This adds a fuzzing harness dedicated to the version handshake. To avoid determinism issues, the harness creates necessary components each iteration (addrman, peerman, etc). A harness like this would have easily caught https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/.
As a performance optimization, this PR includes a change to
PeerManagerto lazily initialize various filters (to avoid large unnecessary memory allocations each iteration).