From 0703c91fbad6653dc7aa809816e5698b0b868693 Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Fri, 13 Nov 2020 12:36:38 +0100
Subject: [PATCH] tests/fuzzers: improve the fuzzers (#21829)

* tests/fuzzers, common/bitutil: make fuzzers use correct returnvalues + remove output

* tests/fuzzers/stacktrie: fix duplicate-key insertion in stacktrie (false positive)

* tests/fuzzers/stacktrie: fix compilation error

* tests/fuzzers: linter nits
---
 common/bitutil/compress_fuzz.go             |  6 +++---
 tests/fuzzers/keystore/keystore-fuzzer.go   |  2 +-
 tests/fuzzers/rlp/rlp_fuzzer.go             | 16 +++++++--------
 tests/fuzzers/stacktrie/trie_fuzzer.go      |  7 +++++++
 tests/fuzzers/txfetcher/txfetcher_fuzzer.go | 22 +++++++++++++--------
 5 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/common/bitutil/compress_fuzz.go b/common/bitutil/compress_fuzz.go
index 1b87f50ed..714bbcd13 100644
--- a/common/bitutil/compress_fuzz.go
+++ b/common/bitutil/compress_fuzz.go
@@ -24,7 +24,7 @@ import "bytes"
 // invocations.
 func Fuzz(data []byte) int {
 	if len(data) == 0 {
-		return -1
+		return 0
 	}
 	if data[0]%2 == 0 {
 		return fuzzEncode(data[1:])
@@ -39,7 +39,7 @@ func fuzzEncode(data []byte) int {
 	if !bytes.Equal(data, proc) {
 		panic("content mismatch")
 	}
-	return 0
+	return 1
 }
 
 // fuzzDecode implements a go-fuzz fuzzer method to test the bit decoding and
@@ -52,5 +52,5 @@ func fuzzDecode(data []byte) int {
 	if comp := bitsetEncodeBytes(blob); !bytes.Equal(comp, data) {
 		panic("content mismatch")
 	}
-	return 0
+	return 1
 }
diff --git a/tests/fuzzers/keystore/keystore-fuzzer.go b/tests/fuzzers/keystore/keystore-fuzzer.go
index 704f29dc4..e3bcae92e 100644
--- a/tests/fuzzers/keystore/keystore-fuzzer.go
+++ b/tests/fuzzers/keystore/keystore-fuzzer.go
@@ -33,5 +33,5 @@ func Fuzz(input []byte) int {
 		panic(err)
 	}
 	os.Remove(a.URL.Path)
-	return 0
+	return 1
 }
diff --git a/tests/fuzzers/rlp/rlp_fuzzer.go b/tests/fuzzers/rlp/rlp_fuzzer.go
index 534540476..18b36287b 100644
--- a/tests/fuzzers/rlp/rlp_fuzzer.go
+++ b/tests/fuzzers/rlp/rlp_fuzzer.go
@@ -37,17 +37,17 @@ func decodeEncode(input []byte, val interface{}, i int) {
 }
 
 func Fuzz(input []byte) int {
+	if len(input) == 0 {
+		return 0
+	}
+
 	var i int
 	{
-		if len(input) > 0 {
-			rlp.Split(input)
-		}
+		rlp.Split(input)
 	}
 	{
-		if len(input) > 0 {
-			if elems, _, err := rlp.SplitList(input); err == nil {
-				rlp.CountValues(elems)
-			}
+		if elems, _, err := rlp.SplitList(input); err == nil {
+			rlp.CountValues(elems)
 		}
 	}
 
@@ -123,5 +123,5 @@ func Fuzz(input []byte) int {
 		var rs types.Receipts
 		decodeEncode(input, &rs, i)
 	}
-	return 0
+	return 1
 }
diff --git a/tests/fuzzers/stacktrie/trie_fuzzer.go b/tests/fuzzers/stacktrie/trie_fuzzer.go
index a072ff772..5cea7769c 100644
--- a/tests/fuzzers/stacktrie/trie_fuzzer.go
+++ b/tests/fuzzers/stacktrie/trie_fuzzer.go
@@ -148,6 +148,8 @@ func (f *fuzzer) fuzz() int {
 		vals        kvs
 		useful      bool
 		maxElements = 10000
+		// operate on unique keys only
+		keys = make(map[string]struct{})
 	)
 	// Fill the trie with elements
 	for i := 0; !f.exhausted && i < maxElements; i++ {
@@ -158,6 +160,11 @@ func (f *fuzzer) fuzz() int {
 			// thus 'deletion' which is not supported on stacktrie
 			break
 		}
+		if _, present := keys[string(k)]; present {
+			// This key is a duplicate, ignore it
+			continue
+		}
+		keys[string(k)] = struct{}{}
 		vals = append(vals, kv{k: k, v: v})
 		trieA.Update(k, v)
 		useful = true
diff --git a/tests/fuzzers/txfetcher/txfetcher_fuzzer.go b/tests/fuzzers/txfetcher/txfetcher_fuzzer.go
index 10c7eb942..d1d6fdc66 100644
--- a/tests/fuzzers/txfetcher/txfetcher_fuzzer.go
+++ b/tests/fuzzers/txfetcher/txfetcher_fuzzer.go
@@ -51,8 +51,9 @@ func init() {
 func Fuzz(input []byte) int {
 	// Don't generate insanely large test cases, not much value in them
 	if len(input) > 16*1024 {
-		return -1
+		return 0
 	}
+	verbose := false
 	r := bytes.NewReader(input)
 
 	// Reduce the problem space for certain fuzz runs. Small tx space is better
@@ -124,7 +125,9 @@ func Fuzz(input []byte) int {
 				announceIdxs[i] = (int(annBuf[0])*256 + int(annBuf[1])) % len(txs)
 				announces[i] = txs[announceIdxs[i]].Hash()
 			}
-			fmt.Println("Notify", peer, announceIdxs)
+			if verbose {
+				fmt.Println("Notify", peer, announceIdxs)
+			}
 			if err := f.Notify(peer, announces); err != nil {
 				panic(err)
 			}
@@ -163,8 +166,9 @@ func Fuzz(input []byte) int {
 				return 0
 			}
 			direct := (directFlag % 2) == 0
-
-			fmt.Println("Enqueue", peer, deliverIdxs, direct)
+			if verbose {
+				fmt.Println("Enqueue", peer, deliverIdxs, direct)
+			}
 			if err := f.Enqueue(peer, deliveries, direct); err != nil {
 				panic(err)
 			}
@@ -177,8 +181,9 @@ func Fuzz(input []byte) int {
 				return 0
 			}
 			peer := peers[int(peerIdx)%len(peers)]
-
-			fmt.Println("Drop", peer)
+			if verbose {
+				fmt.Println("Drop", peer)
+			}
 			if err := f.Drop(peer); err != nil {
 				panic(err)
 			}
@@ -191,8 +196,9 @@ func Fuzz(input []byte) int {
 				return 0
 			}
 			tick := time.Duration(tickCnt) * 100 * time.Millisecond
-
-			fmt.Println("Sleep", tick)
+			if verbose {
+				fmt.Println("Sleep", tick)
+			}
 			clock.Run(tick)
 		}
 	}
-- 
GitLab