tracking code paths for testing fizzi in Bitcoin Core
Blurred tests, which deliberately introduced unexplored Intors for tests for and immunity, can be particularly difficult to encode wheat. When it comes to tracking the functions of the source, which he calls the tests of blurred ducks, navigating Threadh, Cona can be frustrated, especially for programmers with broad knowledge without a sanctuary.
Bitcoin core model
Before bothering in tracking the PATS code, we will quickly understand how Bitcoin Core performs functions. The “Nenet_Processing.CPPfile is a critic that it performs various network -related tasks, a suit processing, a transaction version and Exensus consensus protocol. When performing this function, the processor can sequencing the instructions, the seams are conscientious for the nature of modern processors.
Fuke Testing Framework
To help track code paths while testing FUZZ, several LAVE frames were developed:
* AdddressSSANITIZER : highly optimized and efficient disinfire for C/C ++, which provides detailed information on memory access and function calls.
* Valgrind : A tool to debug memory for detecting leaks, madmen and memory related problems. All this includes a set for FUZZ testing tools.
* BILT-IN GCC commandStrace
: This command allows you to perform system connections and insert their arguments.
using "Strice" with FUZZ testing
When "loses", it is necessary that it started with your blurred test functions, because each connection will be traced the same. Do it:
1
- Using "Valgrind from
with GCC '(or its counterparts) to generate binary, which includes the command" Strace ":
Bash
GCC -STD = C99 -G -Wall -Wextra -Cocry
Valgrind --- Leak-Check = full--show leak-kinds = all-rysroot =/usr-follow syms = core ./core
- Start generated binary from “FUZZ” to start the FUZZ test:
`Bash
./core
Example of Fuzzi testing
To demonstrate how you can `stress' stress, Crereet sample generates a random number and check whether it checks the expected value:
C
#inCLUDE
Uit32_t random generateza (buffer UNT8_T*) {
generated uitt32_t;
Down
geneated = random ();
} while (generated == 0);
If
*(buffer + 1) = 42;
Return genes;
}
Int of which () {
const silk_t bfsize = 10;
Uint8_t buffer [buffsize];
generated uitt32_t;
// generate a dating number, but
Geneated = Generatendom (buffer);
// Check that the expected currency fits
Assert (generated == 42 && memcmp (buffer, experiment_value, bfsize) == 0);
Return 0;
}
code tracking path
Thanks to this example and the base strengthening of the use of “Strace”, you can follow the following steps to trace the code paths:
1
- UP-Valgrind
from "GCC" (or equivalent) to generate binary, which contains the "strate" command:
Bash
GCC -STD = C99 -G -Wall -Wextra -Cocry
Valgrind --- Leak-Check = full--show leak-kinds = all-sysroot =/usr--follow syms = core ./core
- Start generated binary from “FUZZ” to start the FUZZ test:
`Bash
./core
4.