--- Day changed Wed Jan 15 2020 01:14 -!- jonatack [~jon@213.152.162.15] has joined #bitcoin-core-pr-reviews 01:40 -!- vasild [~vd@gateway/tor-sasl/vasild] has quit [Ping timeout: 240 seconds] 01:41 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-core-pr-reviews 01:42 -!- vasild [~vd@gateway/tor-sasl/vasild] has joined #bitcoin-core-pr-reviews 02:06 -!- vasild [~vd@gateway/tor-sasl/vasild] has quit [Ping timeout: 240 seconds] 02:08 -!- vasild [~vd@gateway/tor-sasl/vasild] has joined #bitcoin-core-pr-reviews 02:26 -!- TheRec_ [~toto@drupal.org/user/146860/view] has quit [] 02:42 -!- slivera__ [slivera@gateway/vpn/privateinternetaccess/slivera] has joined #bitcoin-core-pr-reviews 02:45 -!- slivera_ [~slivera@61.69.202.222] has quit [Ping timeout: 265 seconds] 02:45 -!- TheRec [~toto@84-75-225-47.dclient.hispeed.ch] has joined #bitcoin-core-pr-reviews 02:45 -!- TheRec [~toto@84-75-225-47.dclient.hispeed.ch] has quit [Changing host] 02:45 -!- TheRec [~toto@drupal.org/user/146860/view] has joined #bitcoin-core-pr-reviews 02:57 -!- jonatack [~jon@213.152.162.15] has quit [Ping timeout: 260 seconds] 03:03 -!- Kaitlyn75Borer [~Kaitlyn75@ns334669.ip-5-196-64.eu] has joined #bitcoin-core-pr-reviews 03:06 -!- felixfoertsch23 [~felixfoer@92.117.34.193] has quit [Ping timeout: 258 seconds] 03:08 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-core-pr-reviews 03:09 -!- Kaitlyn75Borer [~Kaitlyn75@ns334669.ip-5-196-64.eu] has quit [Ping timeout: 260 seconds] 03:27 -!- felixfoertsch [~felixfoer@2001:16b8:50a9:8c00:480a:c353:7859:7ac8] has joined #bitcoin-core-pr-reviews 03:59 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #bitcoin-core-pr-reviews 04:31 -!- felixfoertsch [~felixfoer@2001:16b8:50a9:8c00:480a:c353:7859:7ac8] has quit [Ping timeout: 260 seconds] 04:32 -!- felixfoertsch [~felixfoer@92.117.34.193] has joined #bitcoin-core-pr-reviews 04:45 -!- slivera__ [slivera@gateway/vpn/privateinternetaccess/slivera] has quit [Remote host closed the connection] 05:10 -!- TheRec [~toto@drupal.org/user/146860/view] has quit [Read error: Connection reset by peer] 05:11 -!- TheRec [~toto@84-75-225-47.dclient.hispeed.ch] has joined #bitcoin-core-pr-reviews 05:11 -!- TheRec [~toto@84-75-225-47.dclient.hispeed.ch] has quit [Changing host] 05:11 -!- TheRec [~toto@drupal.org/user/146860/view] has joined #bitcoin-core-pr-reviews 05:13 -!- diogosergio [~diogoserg@194.35.233.28] has joined #bitcoin-core-pr-reviews 05:19 -!- diogosergio [~diogoserg@194.35.233.28] has quit [Read error: Connection reset by peer] 05:19 -!- diogoser1io [~diogoserg@195.206.183.124] has joined #bitcoin-core-pr-reviews 05:24 -!- diogosergio [~diogoserg@212.36.34.126] has joined #bitcoin-core-pr-reviews 05:27 -!- diogoser1io [~diogoserg@195.206.183.124] has quit [Ping timeout: 268 seconds] 06:00 -!- vasild [~vd@gateway/tor-sasl/vasild] has quit [Ping timeout: 240 seconds] 06:01 -!- vasild [~vd@gateway/tor-sasl/vasild] has joined #bitcoin-core-pr-reviews 06:05 -!- diogosergio [~diogoserg@212.36.34.126] has quit [Ping timeout: 260 seconds] 06:15 -!- TheRec [~toto@drupal.org/user/146860/view] has quit [Ping timeout: 268 seconds] 06:30 -!- andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has joined #bitcoin-core-pr-reviews 06:31 -!- andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has quit [Remote host closed the connection] 06:32 -!- molly [~molly@unaffiliated/molly] has quit [Quit: Leaving] 06:36 -!- andrewtoth [~andrewtot@gateway/tor-sasl/andrewtoth] has joined #bitcoin-core-pr-reviews 06:46 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-wfkjpytaidjvhegu] has quit [] 06:46 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-nomzxbncncbhegtl] has joined #bitcoin-core-pr-reviews 06:56 -!- emilengler [~emilengle@unaffiliated/emilengler] has joined #bitcoin-core-pr-reviews 07:44 -!- andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has joined #bitcoin-core-pr-reviews 07:46 -!- andrewtoth [~andrewtot@gateway/tor-sasl/andrewtoth] has quit [Ping timeout: 240 seconds] 07:55 -!- andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has quit [Ping timeout: 240 seconds] 08:00 < pinheadmz> having a bit of trouble fuzzing on macos. i followed the guide in bitcoin/fuzzing and the comment about macos specifically. 08:00 < pinheadmz> getting "subprocess timed out: Currently only libFuzzer is supported" 08:00 < pinheadmz> the comment says "Take care of having an LLVM/Clang environment that contains fuzzing libraries. The default one from Apple is not enough, so that you will have to install it with brew, if not already done." 08:00 < pinheadmz> so, hm: brew install clang ? 08:01 < MarcoFalk_> The test_runner.py only works with libFuzzer 08:01 < MarcoFalk_> The test_runner.py is not a requirement for any of the questions in today's review club 08:01 < pinheadmz> I did clone and make AFL -- thats something different ? 08:02 < MarcoFalk_> It is mostly used by travis to read all seeds, not (yet) for generating seeds 08:02 < MarcoFalk_> Yes, afl is a bit different from libFuzzer 08:03 < pinheadmz> so the python isnt necessary - the fuzz tests will run with configure --enable-fuzz; make ? 08:04 < MarcoFalk_> no, you still need to run the target ./src/test/fuzz/utxo_total_supply 08:04 < MarcoFalk_> (with appropriate options) 08:04 < MarcoFalk_> afl needs some more memory, e.g. -m200 08:08 < pinheadmz> ok I see, libFuzzer for the test_runner, but individual tests can be executed with AFL, and theres a specific command for that in bitcoin/fuzzing.md 08:09 < MarcoFalk_> libFuzzer instrumented binaries can also be run individually 08:13 < jonatack> Been having fun with some of the resources here: https://google.github.io/oss-fuzz/reference/useful-links/ 08:20 -!- seven__ [~seven@2a00:ee2:410c:1300:61be:b65e:621:f28b] has joined #bitcoin-core-pr-reviews 08:24 -!- seven_ [~seven@2a00:ee2:410c:1300:3902:ba7d:4f17:e920] has quit [Ping timeout: 246 seconds] 08:33 -!- TheRec [~toto@84-75-225-47.dclient.hispeed.ch] has joined #bitcoin-core-pr-reviews 08:33 -!- TheRec [~toto@84-75-225-47.dclient.hispeed.ch] has quit [Changing host] 08:33 -!- TheRec [~toto@drupal.org/user/146860/view] has joined #bitcoin-core-pr-reviews 08:36 < pinheadmz> this helped me too: https://github.com/bitcoin/bitcoin/issues/17914 not quite there yet, but moving forward.... 08:48 < pinheadmz> theres a Makefile option `LDFLAGS = -L/usr/local/lib/darwin/` but that directory doesnt exist on my computer, could it be referring to /usr/local/lib/ ? that directory has all my .dylib 's 08:52 < MarcoFalk_> Hmm, disappointing that mac is making it so hard to run fuzzers 08:53 < MarcoFalk_> We'll get started in about one hour (18 UTC) 08:53 < pinheadmz> Yeah :-/ i really wanna try and watch this run. Configure says "linker did not accept requested flags, you are missing required libraries" - is there a way to see whcih libs exactly are missing? 08:54 < MarcoFalk_> Did you switch to libFuzzer? 08:55 < pinheadmz> no still AFL 08:55 < raj_> pinheadmz: what exactly is the issue? 08:55 < MarcoFalk_> hmm. Not sure if I can help with afl or mac. Maybe pastebin the config log for others to take a look? 08:56 < pinheadmz> raj_: trying to follow docs/fuzzing.md cloned and make'd AFL, trying to run configure with CC=${AFLPATH}/afl-clang CXX=${AFLPATH}/afl-clang++ 08:56 < pinheadmz> and trying different LDFLAGS since /usr/local/lib/darwin/ is nonexistnet 08:56 < pinheadmz> getting errors about missing libraries 08:57 < pinheadmz> ignoring the configure errors, making anyway and running afl-fuzz, getting "No instrumentation detected" 08:59 < raj_> have you tried `make distclean` and starting over? 08:59 < pinheadmz> i make clean each time ;-) is that sufficient? 09:00 < raj_> not very sure. When in doubt i just distclean. :p 09:00 < raj_> usually works. 09:01 < raj_> also check if you have afl-clang in path. 09:04 < pinheadmz> don't the CXX= flags handle that? 09:05 < raj_> it does provided you have setup $ALFPATH correctly. So thats what i meant to check. 09:06 < pinheadmz> yeah, like `ls ${AFLPATH}/afl-clang` returns the afl-clang executable 09:07 < pinheadmz> this missing libraries error is the thing i think is the culprit 09:08 < raj_> seems like be some dependencies are missing? 09:14 < raj_> have you tried libfuzzer? that worked with lesser issues for me. 09:21 < pinheadmz> yeah going down that rabbit hole next :-) 09:28 -!- schmidty [sid297174@gateway/web/irccloud.com/x-iawktsydxwbwzjlt] has quit [] 09:28 -!- schmidty [sid297174@gateway/web/irccloud.com/x-wtrionqpojtjkshv] has joined #bitcoin-core-pr-reviews 09:32 -!- TonySanak [d847dcf5@216-71-220-245.dyn.novuscom.net] has joined #bitcoin-core-pr-reviews 09:33 -!- pierre_rochard [sid299882@gateway/web/irccloud.com/x-vyytdkiukxwghkxj] has quit [] 09:33 -!- pierre_rochard [sid299882@gateway/web/irccloud.com/x-rjtwqoqklpwqclth] has joined #bitcoin-core-pr-reviews 09:40 -!- hugohn [sid304114@gateway/web/irccloud.com/x-cgtoplltlplfnvpa] has quit [] 09:40 -!- hugohn [sid304114@gateway/web/irccloud.com/x-fuogrqitnqtdlogp] has joined #bitcoin-core-pr-reviews 09:45 -!- TheBigCohooNah [880221a1@136.2.33.161] has joined #bitcoin-core-pr-reviews 09:46 -!- gleb [sid306870@gateway/web/irccloud.com/x-ygxmnjkyvaqipiud] has quit [] 09:46 -!- gleb [sid306870@gateway/web/irccloud.com/x-ttggrkubveamjixs] has joined #bitcoin-core-pr-reviews 09:47 -!- Talkless [~Talkless@hst-227-49.splius.lt] has joined #bitcoin-core-pr-reviews 09:47 -!- Talkless [~Talkless@hst-227-49.splius.lt] has quit [Client Quit] 09:48 -!- Talkless [~Talkless@hst-227-49.splius.lt] has joined #bitcoin-core-pr-reviews 09:48 -!- Talkless [~Talkless@hst-227-49.splius.lt] has quit [Client Quit] 09:48 < fjahr> pinheadmz: I am on mac and having issues as well. I read somewhere that AFL is not supported on mac, so I have been trying libfuzzer but I am stuck with fuzz binaries getting stuck without output (see my posts a few days ago here in the channel and in #bitcoin-core-dev). 09:49 -!- Talkless [~Talkless@hst-227-49.splius.lt] has joined #bitcoin-core-pr-reviews 09:49 -!- Talkless [~Talkless@hst-227-49.splius.lt] has quit [Client Quit] 09:49 < MarcoFalk_> Is it not possible to install a vanilla clang on MacOS? 09:50 -!- Talkless [~Talkless@hst-227-49.splius.lt] has joined #bitcoin-core-pr-reviews 09:50 < fjahr> I am using a non-systems clang installed via brew, if that's what you mean 09:51 < MarcoFalk_> Ah, so compilation worked, but the output is empty? 09:52 -!- jktrivedi29 [67fc18fd@103.252.24.253] has joined #bitcoin-core-pr-reviews 09:52 < fjahr> yeah, the fuzz bin starts but just doesn't do anything, no output and it doesn't shut down either 09:52 < fjahr> even when running with `-help=1` 09:56 < pinheadmz> fjahr: shoot me a link to install libfuzzer on osx ? 09:57 < MarcoFalk_> It might be bundeled with the clang+llvm version shipped in brew 09:57 < fjahr> it's included in llvm/clang if you install via brew 09:57 < fjahr> just not in the systems one 09:58 -!- andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has joined #bitcoin-core-pr-reviews 10:00 < MarcoFalk_> hi everyone. Let's get started. It sounds like some people had technical problems getting the fuzzer to run 10:00 < jnewbery> #startmeeting 10:00 < pinheadmz> hi 10:00 < jnewbery> hi 10:00 < ajonas> hi 10:00 < andrewtoth_> hi 10:00 < jonatack> hi 10:00 < emzy> Hi 10:01 < kanzure> hi 10:01 < felixweis> hi 10:01 < TheBigCohooNah> lol, hi, going to listen in and not understand anything =) 10:01 < fjahr> hi 10:01 < MarcoFalk_> Has everyone had a chance to look at the pull request? 10:02 < jonatack> y 10:02 < raj_> hi. 10:02 < andrewtoth_> y 10:02 < jnewbery> y 10:02 < raj_> y 10:02 < emzy> y 10:02 < MarcoFalk_> Nice 10:03 < MarcoFalk_> Ok, so let's start with some general questions. Anyone want to explain the difference between a black-box and a white-box fuzzer? 10:03 < jonatack> Black-box fuzzing, aka i/o-driven or data-driven testing, includes most 10:03 < jonatack> Btraditional fuzzers and is blind to the internals of the PUT (program under test), 10:03 < jonatack> observing only the i/o behavior and treating it as a black-box. 10:03 < emzy> white-box is with source code 10:04 < jonatack> White-box fuzzing generates test cases by analysing the internals of the PUT and the information gathered when executing the PUT. 10:04 < raj_> black-box: doesnt look into internals. white-box: looks at internals and takes test decisions 10:04 < MarcoFalk_> So what is coverage guided fuzzing and how does it fit in to the black/white categories? 10:05 < andrewtoth_> gray-box? 10:05 < jonatack> Grey to black 10:05 < MarcoFalk_> libFuzzer and AFL are both coverage guided and that is what Bitcoin Core uses, so we will focus on these 10:05 < MarcoFalk_> How does the coverage guiding work? 10:06 -!- bigbuzz [18bd1cc2@ool-18bd1cc2.dyn.optonline.net] has joined #bitcoin-core-pr-reviews 10:06 < andrewtoth_> a function is exposed in the harness to allow fuzz data to get passed into it 10:06 < jonatack> Guided by API coverage? 10:07 < jonatack> API meaning certain functions put under test. 10:07 -!- TheBigCohooNah [880221a1@136.2.33.161] has quit [Remote host closed the connection] 10:07 < MarcoFalk_> Yes, some part of the interface is exposed in a fuzz target 10:07 < jonatack> idea is FDD turst APIs into fuzz targets 10:07 < raj_> anything to do with code path? 10:07 < jonatack> turns 10:07 < MarcoFalk_> But how does the coverage guiding help the fuzzer to fuzz that function? 10:07 < jonatack> FDD (fuzz-driven development :D) 10:08 < MarcoFalk_> raj_: Yes, something with code path :) 10:08 < raj_> i am struggling with the concept of coverage. What does it means exactly? Is it like a set of all possible execution paths? 10:09 < MarcoFalk_> coverage can mean many things. Common ones are "function coverage" "line coverage" or "branch coverage" 10:09 < jonatack> see https://marcofalke.github.io/btc_cov/test_bitcoin.coverage/index.html 10:10 < jonatack> and https://marcofalke.github.io/btc_cov/total.coverage/index.html 10:10 < MarcoFalk_> Let's not go into the details of what kind of coverage the fuzzers use, but discuss the general idea 10:10 < andrewtoth_> ok, but then what is coverage "guiding"? Is that just exposing functions to the fuzzer and mutating the fuzz data to be a proper input? 10:10 < raj_> jonatack: really cool. thanks.. 10:12 < MarcoFalk_> Ok, let's take a step back. What is a "seed"? 10:12 < raj_> initial set of test cases. 10:12 < MarcoFalk_> raj_: right 10:12 < MarcoFalk_> What happens with a "seed"? 10:13 < andrewtoth_> it's given to the fuzzer 10:13 < fjahr> i guess it is saved and different inputs are generated from it so that it can be used to replay the results if an error is detected 10:14 < MarcoFalk_> andrewtoth_: Right 10:14 < MarcoFalk_> fjahr: Right 10:15 < MarcoFalk_> Ok, and when compiling with a fuzzer, the binary is instrumented with the fuzz engine and some annotations to collect coverage data 10:15 < raj_> as per the pdf https://arxiv.org/pdf/1812.00140.pdf the fuzzer also construct some testing configuration from given seed. That makes the process more efficient. 10:16 < MarcoFalk_> For each input (or seed) coverage data is collected when run 10:16 < MarcoFalk_> How does the coverage data help the fuzzer? 10:16 < felixweis> how did you generate the fuzz_seed_corpus? 10:17 < raj_> gives the fuzzer clue on how to increase coverage in next iteration? 10:17 < fjahr> it shows if new branches were discovered with the given seed or not 10:17 < MarcoFalk_> fjahr: Correct 10:17 < MarcoFalk_> Does it influence the future decisions of the fuzzer? What happens with a seed that did or did not increase coverage? 10:18 < andrewtoth_> that would depend on the fuzzer no? 10:18 < felixweis> also the filenames are random or simply hashes of the file contents 10:18 < MarcoFalk_> andrewtoth_: Yes. (Assuming AFL and libFuzzer for now, i.e. coverage-guided fuzzers) 10:19 < MarcoFalk_> felixweis: The name of the seeds or inputs depends on the fuzzer 10:20 < jonatack> In this case, yes, seed trimming takes place to use the coverage to progressively remove a portion of the seed as long as the coverage remains constant 10:21 < pinheadmz> Is the data sent to bitcoind totally random or can you give it structure ie. transaction format with some limits on field size and value etc 10:21 < felixweis> if an input increases coverage it is saved to the directory of the other inputs. otherwise it is discarded 10:21 < MarcoFalk_> jonatack: Correct. Coverage is useful to minimize a seed corpus or even a single seed 10:23 < MarcoFalk_> pinheadmz: The data or inputs are not sent to bitcoind they are sent to the fuzz target (which is a separate binary, but linked with all the bitcoind libraries) 10:23 < MarcoFalk_> felixweis: correct 10:24 < MarcoFalk_> And to answer felix's question how the initial set of inputs is created: AFL needs an initial set, which is recommended to be generated by hand. libFuzzer does not, it can start with an empty string as the first seed 10:25 < MarcoFalk_> Any other questions? 10:25 < felixweis> but that search space is just too enormous 10:25 < MarcoFalk_> felixweis: Yes, the search space is generally never exhausted 10:25 < raj_> for this the seed is "zzzii" 10:25 < andrewtoth_> so how does this PR guide the fuzzer exactly? 10:25 < raj_> does it mean anything, or just random? 10:26 < MarcoFalk_> felixweis: However, with coverage data, at least it can span the relevant parts relatively quickly 10:26 < raj_> for `utxo_total_supply` target i mean. 10:26 < andrewtoth_> does that happen automatically in utxo_total_supply? it knows which branches have been taken? 10:28 < MarcoFalk_> andrewtoth_: Yes, the fuzz engine is hidden in AFL or libFuzzer and with the coverage instrumentation it can figure out by itself what branches have been taken 10:28 < MarcoFalk_> raj_: We will get into that seed later 10:28 < raj_> okay 10:29 < MarcoFalk_> Ok, if there are no further questions about the general idea of coverage guided fuzzing, we will jump into the idea of the CVE. 10:29 < MarcoFalk_> How can CVE-2018-17144 be exploited? 10:29 < pinheadmz> a single tx spending from the smae input twice 10:29 < MarcoFalk_> Can you explain conceptually how to create an example block that exploits the bug? 10:29 < MarcoFalk_> pinheadmz: Correct 10:29 < pinheadmz> it happened on testnet! 10:29 -!- fjahr [sid374480@gateway/web/irccloud.com/x-xxqryhzcklprwjpv] has quit [Read error: Connection reset by peer] 10:29 < pinheadmz> and there are still testnet nods stuck on that fork from like 18 months ago 10:30 -!- ethzero [uid396973@gateway/web/irccloud.com/x-yoycuhonebvpajls] has quit [Ping timeout: 252 seconds] 10:30 < andrewtoth_> but only when included in a block, will be rejected from mempool 10:30 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-nomzxbncncbhegtl] has quit [Ping timeout: 245 seconds] 10:30 < MarcoFalk_> andrewtoth_: Correct 10:30 -!- nadra [uid415365@gateway/web/irccloud.com/x-thhvwaspeaaxkera] has quit [Ping timeout: 272 seconds] 10:30 < pinheadmz> luke-jr mentioned ot me that the bug is so bad, the bad block can't even be re-org'ed out 10:30 -!- ajonas [sid385278@gateway/web/irccloud.com/x-lnpsdvfqkgrossdo] has quit [Ping timeout: 248 seconds] 10:30 -!- amiti [sid373138@gateway/web/irccloud.com/x-azyydwequtolbpdd] has quit [Read error: Connection reset by peer] 10:30 -!- wallet42 [sid154231@gateway/web/irccloud.com/x-jtxugexkwtmwjqjm] has quit [Ping timeout: 250 seconds] 10:30 -!- illlicit_ [uid109953@gateway/web/irccloud.com/x-tzzmyxzkdaahytiu] has quit [Read error: Connection reset by peer] 10:30 -!- amiti [sid373138@gateway/web/irccloud.com/x-hphzgrjpbldxrynm] has joined #bitcoin-core-pr-reviews 10:31 < MarcoFalk_> ok, looking into the code of the newly added fuzz target. 10:31 < MarcoFalk_> What does the new fuzz test do on a high level? What “Actions” can it run? 10:31 < pinheadmz> so for this bug specifically, what are the benefits of a fuzz test instead of jsut an explicit test in the python suite? 10:31 -!- elichai2 [sid212594@gateway/web/irccloud.com/x-fhihlxwdowbujcbx] has quit [Ping timeout: 250 seconds] 10:31 < MarcoFalk_> pinheadmz: Good q. We do have a test in the python test suite 10:31 -!- drbrule [sid395654@gateway/web/irccloud.com/x-pdkdfaugbjxivmev] has quit [Ping timeout: 258 seconds] 10:31 -!- moneyball [sid299869@gateway/web/irccloud.com/x-sbeyployifnfgrvv] has quit [Ping timeout: 252 seconds] 10:32 < MarcoFalk_> However, a fuzz test is more flexible in the sense that it can also actively search for similar CVEs 10:32 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-zszkikzrzkzuvune] has joined #bitcoin-core-pr-reviews 10:33 < jonatack> Fuzzing might find cases the test-writer did not think of. 10:33 < MarcoFalk_> The CVE showed different behavior when the duplicate inputs were created in the same block, vs created in an earlier block 10:33 < MarcoFalk_> jonatack: correct 10:33 < raj_> 3 actions. Crate input, Create tx and Create Block 10:33 -!- nadra [uid415365@gateway/web/irccloud.com/x-sdszjcbjlyasormy] has joined #bitcoin-core-pr-reviews 10:33 -!- drbrule [sid395654@gateway/web/irccloud.com/x-tnebjzgjkbgqkzyy] has joined #bitcoin-core-pr-reviews 10:33 -!- fjahr [sid374480@gateway/web/irccloud.com/x-mkriuzmixspqdtqj] has joined #bitcoin-core-pr-reviews 10:33 -!- wallet42 [sid154231@gateway/web/irccloud.com/x-wpeejzujfdfzrykk] has joined #bitcoin-core-pr-reviews 10:33 -!- digi_james [sid281632@gateway/web/irccloud.com/x-hcjqmmywqumzjqio] has quit [Read error: Connection reset by peer] 10:33 < MarcoFalk_> So when the python test only checks for the case where the inputs were confirmed, the fuzz test might find the case where the inputs were created in the same block 10:34 < MarcoFalk_> Or even find a case that was not imagined by anyone 10:34 -!- emilengler [~emilengle@unaffiliated/emilengler] has quit [Quit: Leaving] 10:34 < MarcoFalk_> raj_: Correct 10:34 < pinheadmz> and maybe im underestimating the size of the fuzz test, bt with random data, what is the probability of getting anything useful like that? especially with such a dense protocol like bitcoin 10:34 -!- elichai2 [sid212594@gateway/web/irccloud.com/x-cmfmvnkrwyqzfqpe] has joined #bitcoin-core-pr-reviews 10:34 < raj_> jus to clarify if i got it correctly. The bug is one utxo being spent by 2 different inputs in a same tx? 10:34 -!- digi_james [sid281632@gateway/web/irccloud.com/x-etbhgsojdikkrkqs] has joined #bitcoin-core-pr-reviews 10:35 < MarcoFalk_> raj_: Yes 10:35 < andrewtoth_> pinheadmz i believe the goal is to have these tests run continuously with lots of cpus, to find a very large space of inputs 10:35 -!- moneyball [sid299869@gateway/web/irccloud.com/x-rujgltnvulxpvepo] has joined #bitcoin-core-pr-reviews 10:35 < jnewbery> pinheadmz: I think that goes back to your previous question about whether the fuzzed data is totally random or whether it has some structure. Perhaps we could talk about that? 10:35 < raj_> +1 10:35 < MarcoFalk_> jnewbery: Yes, thx 10:36 < pinheadmz> yeah thanks 10:36 < andrewtoth_> raj_ the bug is one tx spending the same utxo twice 10:36 < MarcoFalk_> So is the fuzzer sending raw blocks? 10:36 < jnewbery> no! 10:37 < MarcoFalk_> As mentioned by raj_ the fuzzer has 3 actions. Crate input, Create tx and Create Block 10:37 -!- _ajonas_ [04355c72@4.53.92.114] has joined #bitcoin-core-pr-reviews 10:37 < MarcoFalk_> Why would it not be feasible to send a raw block? 10:38 < jnewbery> It looks to me like the fuzzer is providing entropy which is being used by utxo_total_supply.cpp to generate inputs 10:38 < MarcoFalk_> jnewbery: Correct 10:38 < jnewbery> anything that calls fuzzed_data_provider.ConsumeIntegralInRange is taking that entropy and generating stuff with it 10:38 < MarcoFalk_> But why is it not possible to just treat the input seed as a raw block? 10:39 < jnewbery> one reason is that generating blocks is difficult because they need proof-of-work! 10:39 < jnewbery> apart from all the structure that blocks have 10:40 < MarcoFalk_> jnewbery: Correct. Also, blocks are highly structured. E.g. the transactions need to deserialize correctly and match the merkle root 10:40 < raj_> `const auto action = static_cast(fuzzed_data_provider.ConsumeIntegralInRange(0, 2));` How is an integer being casted into the enums? is it like 0 for Create Input, 1 for Create tx? 10:40 < MarcoFalk_> raj_: I think in c++ you can cast integers to non-scoped enums 10:40 -!- nadra [uid415365@gateway/web/irccloud.com/x-sdszjcbjlyasormy] has quit [Read error: Connection reset by peer] 10:40 < pinheadmz> Structuring the entropy with minimal formatting makes sense 10:41 < pinheadmz> so the input scripts are randomly generated though? and we just hope to brute force enough of them that something interesting happens? 10:41 < MarcoFalk_> So looking at my example seed zzzii, what does it do? 10:41 < MarcoFalk_> How many blocks are mined? Either explain by looking at the seed and code or obtain the result by modifying and running the fuzz test on the seed. 10:42 -!- Zenton [~user@unaffiliated/vicenteh] has quit [Ping timeout: 272 seconds] 10:43 < pinheadmz> 2000 blocks 10:43 < pinheadmz> 20 * coinbase maturity (which is 100) 10:43 -!- fjahr [sid374480@gateway/web/irccloud.com/x-mkriuzmixspqdtqj] has quit [Ping timeout: 272 seconds] 10:43 < jnewbery> is "zzzii" ascii? 0x7a7a7a6969? 10:44 < raj_> would really appreciate a walk through of this. 10:44 < MarcoFalk_> jnewbery: Yes, this happens to be ascii. In general seeds are not ascii, though 10:45 < MarcoFalk_> Hint: The fuzzer reads this byte by byte from the right 10:45 < MarcoFalk_> The first read is here 10:45 < MarcoFalk_> int64_t duplicate_coinbase_height = fuzzed_data_provider.ConsumeIntegralInRange(0, 20 * COINBASE_MATURITY); 10:46 < pinheadmz> while (fuzzed_data_provider.remaining_bytes()) 10:46 < pinheadmz> trying to see where the data provider gets initialized 10:46 -!- dude [43f720fa@cpe-67-247-32-250.nyc.res.rr.com] has joined #bitcoin-core-pr-reviews 10:47 < andrewtoth_> 105? 10:47 < MarcoFalk_> pinheadmz: It is initialized here: https://github.com/bitcoin/bitcoin/pull/17860/files#diff-7a6cf1c54083f72e3110c6a049e26842R29 10:47 < MarcoFalk_> andrewtoth_: why? 10:47 < pinheadmz> and the buffer data is that 5-char string ? 10:47 < MarcoFalk_> pinheadmz: Yes, in this case the seed is only 5-chars 10:48 < MarcoFalk_> or let's say 5 bytes 10:48 < andrewtoth_> ConsumeIntegralInRange just gets the first byte, checking if it's in the range? 10:48 < andrewtoth_> so first byte is 105? 10:48 < dude> Converts the byte to range 10:48 < MarcoFalk_> andrewtoth_: It will read as much bytes as it needs to reach the upper range 10:49 < pinheadmz> ah, then the int in range(0, 2) becomes a command: input / tx / block 10:49 < pinheadmz> so its like a little opcode script ! 10:49 < MarcoFalk_> So how many bytes does it read for duplicate_coinbase_height? 10:49 < pinheadmz> just one ? 10:50 < MarcoFalk_> https://github.com/bitcoin/bitcoin/pull/17860/files#diff-7a6cf1c54083f72e3110c6a049e26842R88 10:50 < MarcoFalk_> pinheadmz: What is the upper bound? 10:50 < dude> size / 8 10:50 < dude> I think 10:50 < MarcoFalk_> hint: COINBASE_MATURITY is 100 10:50 < pinheadmz> oh i see it consumes as many bytes as it needs to find something in the range (0, 2000 10:50 < andrewtoth_> if upper bound is 20000, then upper bound is 20000? 10:50 < MarcoFalk_> pinheadmz: Yes! 10:50 < dude> Wait are you sure? 10:51 < dude> I thought it modded the input to fit into the range 10:51 < pinheadmz> so thats what 2 bytes? max value is 65535 10:51 < MarcoFalk_> How many bytes are needed to represent a random number up to 2000? 10:51 < MarcoFalk_> pinheadmz: Yes 10:51 < MarcoFalk_> Ok, so the "ii" in the seed gets deserialized as the duplicate_coinbase_height 10:52 < MarcoFalk_> What is the next read of the fuzzer? 10:52 < andrewtoth_> ii is 6969, so that's 26985, greater than 2000 though... 10:52 < pinheadmz> while there's bytes remaining, it grabs one at a time and runs the corresponding Action::... 10:52 < MarcoFalk_> andrewtoth_: Yes, it is wrapped by the fuzzed data provider 10:52 < dude> It's because it's modded https://github.com/bitcoin/bitcoin/blob/556820ee576d02528de8cc5998579b044b3666c9/src/test/fuzz/FuzzedDataProvider.h#L105 10:52 < MarcoFalk_> dude: Correct 10:53 < MarcoFalk_> thx for the link 10:53 < MarcoFalk_> So what is the next place where bytes are consumed by the fuzzer? 10:53 < raj_> so duplicate_coinbase_height is always 0-2000 right? 10:53 < MarcoFalk_> yup, in this fuzz target 10:54 < jnewbery> MarcoFalke: so the coinbase height is 985? 10:54 < pinheadmz> MarcoFalk_: L112? 10:54 < MarcoFalk_> pinheadmz: Correct 10:54 < pinheadmz> the last 3 bytes are interpreted as actions? 10:54 < MarcoFalk_> Hint: https://github.com/bitcoin/bitcoin/pull/17860/files#diff-7a6cf1c54083f72e3110c6a049e26842R113 10:55 < MarcoFalk_> Jup 10:55 < jnewbery> Jup to height or Jup to actions? 10:55 < jonatack> hehe 10:56 < dude> What do you think about this comment: https://github.com/bitcoin/bitcoin/pull/17860#issuecomment-571846309 10:56 < MarcoFalk_> jnewbery: Seems plausible. Haven't checked, but you can with std::cout << duplicate_coinbase_height << std::endl; and running this seed 10:56 < dude> Can answer later if it's a tangent 10:56 < MarcoFalk_> So how many blocks are mined? 10:56 < MarcoFalk_> by the seed "zzzii"? 10:57 < pinheadmz> 985? 0x6969 % 2000 10:57 < MarcoFalk_> Oh, that is just the duplicate coinbase height. Not used to determine the number of blocks mined. 10:58 < MarcoFalk_> Blocks are only mined when the action is CREATE_BLOCK 10:58 < raj_> 'z's are ascii 122. so what action they translates into?? 10:58 < raj_> thats outside (0,2) 10:58 < pinheadmz> 122 % 2 = 0 10:59 < pinheadmz> which is create_input 10:59 < raj_> oh.. 10:59 < raj_> so just create input three times? 10:59 < MarcoFalk_> 0x7a % 3 = 2 10:59 < andrewtoth_> 0 blocks is the answer? hmm... 10:59 < MarcoFalk_> ;) 10:59 < pinheadmz> MarcoFalk_: since you know the seeds will be modded like this anyway, why not just use actual bytes 0x00 0x01 0x02 ? 10:59 < jnewbery> it's got to be modded by (range + 1) because the index starts at 0 11:00 < andrewtoth_> ahh it's modded by 3 11:00 < pinheadmz> jnewbery: ah ty! 11:00 < andrewtoth_> so 3 blocks are mined 11:00 < MarcoFalk_> pinheadmz: It was created by libFuzzer, which does not know that it is being modded anyway 11:00 < MarcoFalk_> andrewtoth_: Correct! 11:00 < andrewtoth_> this is a confusing PR... 11:00 < pinheadmz> its great haha 11:00 < dude> If you just have switch statements for 0x00, 0x01, 0x02, the fuzzer will generate bytes outside of the range and not get modded 11:00 < dude> So it's more efficient that way 11:00 < MarcoFalk_> last q: Did anyone run the fuzzer? 11:00 < dude> Yes 11:00 < MarcoFalk_> Did it find the CVE? 11:00 < raj_> yes. 11:00 < pinheadmz> did anyone git it to run on OSX by any chance? 11:00 < dude> Eh, not sure, was there an assert I had to disable? 11:01 < dude> Yeah I got it running on OSX 11:01 < andrewtoth_> i couldn't get AFL to work, similar to raj_'s comment it kept crashing 11:01 < dude> Did you turn off AFL_NO_FORKSRV? 11:01 < dude> or I mean "on" 11:01 < MarcoFalk_> raj_: Nice 11:01 < pinheadmz> dude: yah, did you use AFL or libFuzzer ? 11:01 < dude> AFL 11:01 < andrewtoth_> didn't know you could build and run and then just `src/test/fuzz/utxo_total_supply`, could have some docs for that 11:01 < emzy> Yes 11:01 < raj_> I tried with libfuzzer. Ran 5 workers for 24 hours. didint find any crash. 11:01 < andrewtoth_> haven't tried AFL_NO_FORKSRV, but i'm running linux 11:01 < dude> https://github.com/bitcoin/bitcoin/pull/17860#issuecomment-573726974 11:02 < dude> Oh I see 11:02 < raj_> 4 of them stoped at times out. 11:02 < MarcoFalk_> Note that the CVE was fixed, so it has to be reintroduced first ;) 11:02 < emzy> I was runnig it on linux. And I found after 2h nothing. 11:02 < dude> Timeout can usually just be erroneous, you would need to double-check 11:02 < MarcoFalk_> How would you reintroduce the CVE? 11:02 < andrewtoth_> i tried running afl with -m200 but same error for me 11:02 < raj_> got few slow-unit test artifacts. not sure what they are.. 11:02 < raj_> but no cve.. 11:03 < andrewtoth_> revert the PR that fixed it, as well I think there was a PR that removed the bool flag entirely 11:03 < jnewbery> revert 14247 11:03 < emzy> andrewtoth_: -m200 woked for me 11:03 < MarcoFalk_> Yes 11:04 < MarcoFalk_> Ok, for reference, this is the seed I found: https://paste.ubuntu.com/p/KHNBFgpxK3/ 11:04 < MarcoFalk_> Let's wrap up 11:04 < MarcoFalk_> We can chat about technical issues on MacOS later 11:04 < MarcoFalk_> Any last questions? 11:04 < pinheadmz> lol at "deadly signal" 11:04 < pinheadmz> This was really cool thanks MarcoFalk_ 11:04 < jnewbery> Thanks MarcoFalk_! Before everyone goes, what did you all think? It sounds like there were a few issues getting fuzzing set up. Would you all like to do another session on fuzzing? 11:05 < dude> Yes! but need better docs 11:05 < MarcoFalk_> dude: Agree 11:05 < emzy> Yes 11:05 < MarcoFalk_> Unfortunately I don't have MacOs, so I can't provide documenation 11:05 < andrewtoth_> yes, more fuzzing docs please 11:05 < dude> I have MacOS 11:05 < andrewtoth_> i'm running on linux and couldn't get afl working 11:05 < jonatack> Yes, I've had rewriting fuzzing.md on my list since last Spring 11:05 < jnewbery> I think improving the docs (including for MacOS) would be an excellent contribution from any one of you 11:05 < andrewtoth_> MarcoFalk_ is the seed 7P9p/sc7BQHvJto7OzsyZZKSkpKSklBQUFBQUFBQUFBQUFCSkpKSkpI+Pj4+Pj4+PpJQUFBQUFBQ 11:05 < andrewtoth_> UFBQUFBQkpKSkpKSPj4+Pj4+Pj7smGH7xdR67Ho7j4M7L2VwO/tidNQvNfX19fXsmGH7xdR67Ho7 11:05 < andrewtoth_> j4M7L2VwO/tidNQvNfX19fU=? 11:06 < raj_> jnewbery: yes would love to. It seems like an important concept. would love to learn more. Thanks for the PR. it was a great one, have learnt a lot in last week. 11:06 < jonatack> andrewtoth_: same, i use libFuzzer 11:06 < jnewbery> anyone who's set up fuzzing for the first time this week is best placed to improve the docs since you've probably recently run into all the problems and gotchas 11:06 < andrewtoth_> I'll have to get fuzzing working well first before I can document how to do it ;) 11:06 < MarcoFalk_> jnewbery: Great suggestion 11:07 < jnewbery> #endmeeting 11:07 < andrewtoth_> thanks MarcoFalk_ and everyone! 11:07 < emzy> thanks MarcoFalk_ and everyone! 11:07 < dude> :D 11:07 < MarcoFalk_> If there are any issues with fuzzing, please file a new issue or leave a comment in https://github.com/bitcoin/bitcoin/issues/17914 11:08 < jonatack> thanks MarcoFalk_, excellent meeting and study resources. Learning a lot. 11:08 < dude> MarcoFalk_, do you run afl-tmin, afl-cmin on your corpus? 11:08 < MarcoFalk_> If you find the docs hard, please also file an issue or improve them :) 11:08 < MarcoFalk_> dude: I haven't run afl in a long time. Had some issues setting it up last time I tried 11:09 < dude> Oh I see 11:15 -!- dude [43f720fa@cpe-67-247-32-250.nyc.res.rr.com] has quit [Remote host closed the connection] 11:28 -!- ajonas [sid385278@gateway/web/irccloud.com/x-aevscdshjltfipxk] has joined #bitcoin-core-pr-reviews 11:30 -!- _ajonas_ [04355c72@4.53.92.114] has quit [Remote host closed the connection] 11:30 -!- MarcoFalk_ [~m@4.53.92.114] has quit [Quit: Konversation terminated!] 11:39 -!- illlicit_ [uid109953@gateway/web/irccloud.com/x-vqdwreikxpcsulsl] has joined #bitcoin-core-pr-reviews 11:44 -!- illlicit_ [uid109953@gateway/web/irccloud.com/x-vqdwreikxpcsulsl] has quit [Read error: Connection reset by peer] 11:47 -!- TonySanak [d847dcf5@216-71-220-245.dyn.novuscom.net] has quit [Remote host closed the connection] 12:16 -!- Talkless [~Talkless@hst-227-49.splius.lt] has quit [Quit: Konversation terminated!] 12:18 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Quit: jonatack] 12:22 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #bitcoin-core-pr-reviews 13:00 -!- jktrivedi29 [67fc18fd@103.252.24.253] has quit [Remote host closed the connection] 13:30 -!- SirRichard [~MaxSikors@cpe-98-28-69-149.columbus.res.rr.com] has joined #bitcoin-core-pr-reviews 13:34 -!- SirRichard [~MaxSikors@cpe-98-28-69-149.columbus.res.rr.com] has quit [Quit: SirRichard] 13:37 -!- vasild_ [~vd@gateway/tor-sasl/vasild] has joined #bitcoin-core-pr-reviews 13:40 -!- bigbuzz [18bd1cc2@ool-18bd1cc2.dyn.optonline.net] has quit [Remote host closed the connection] 13:41 -!- vasild [~vd@gateway/tor-sasl/vasild] has quit [Ping timeout: 240 seconds] 14:05 -!- felixfoertsch [~felixfoer@92.117.34.193] has quit [Ping timeout: 265 seconds] 14:06 -!- andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has quit [Remote host closed the connection] 14:18 -!- felixfoertsch [~felixfoer@i5387BFFA.versanet.de] has joined #bitcoin-core-pr-reviews 15:49 -!- slivera [slivera@gateway/vpn/privateinternetaccess/slivera] has joined #bitcoin-core-pr-reviews 16:18 -!- amiti [sid373138@gateway/web/irccloud.com/x-hphzgrjpbldxrynm] has quit [Read error: Connection reset by peer] 16:19 -!- amiti [sid373138@gateway/web/irccloud.com/x-ldwnxeflpxcvnama] has joined #bitcoin-core-pr-reviews 16:26 -!- Zenton [~user@218.105.135.37.dynamic.jazztel.es] has joined #bitcoin-core-pr-reviews 16:26 -!- Zenton [~user@218.105.135.37.dynamic.jazztel.es] has quit [Changing host] 16:26 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-core-pr-reviews 16:35 -!- nadra [uid415365@gateway/web/irccloud.com/x-zppqbnftkfxbtdca] has joined #bitcoin-core-pr-reviews 16:42 -!- peltre [sid268329@gateway/web/irccloud.com/x-qtkhsvngvaxzonzi] has quit [Ping timeout: 252 seconds] 16:42 -!- amiti [sid373138@gateway/web/irccloud.com/x-ldwnxeflpxcvnama] has quit [Ping timeout: 268 seconds] 16:42 -!- elichai2 [sid212594@gateway/web/irccloud.com/x-cmfmvnkrwyqzfqpe] has quit [Ping timeout: 260 seconds] 16:43 -!- ajonas [sid385278@gateway/web/irccloud.com/x-aevscdshjltfipxk] has quit [Ping timeout: 260 seconds] 16:43 -!- pierre_rochard [sid299882@gateway/web/irccloud.com/x-rjtwqoqklpwqclth] has quit [Ping timeout: 260 seconds] 16:43 -!- petezz4 [sid2429@gateway/web/irccloud.com/x-czmrpzevnwgheiiy] has quit [Ping timeout: 245 seconds] 16:44 -!- digi_james [sid281632@gateway/web/irccloud.com/x-etbhgsojdikkrkqs] has quit [Ping timeout: 272 seconds] 16:44 -!- fanquake [sid369002@gateway/web/irccloud.com/x-wldabmtwklcqgksi] has quit [Read error: Connection reset by peer] 16:44 -!- moneyball [sid299869@gateway/web/irccloud.com/x-rujgltnvulxpvepo] has quit [Ping timeout: 260 seconds] 16:44 -!- hugohn [sid304114@gateway/web/irccloud.com/x-fuogrqitnqtdlogp] has quit [Ping timeout: 260 seconds] 16:44 -!- schmidty [sid297174@gateway/web/irccloud.com/x-wtrionqpojtjkshv] has quit [Ping timeout: 260 seconds] 16:45 -!- nadra [uid415365@gateway/web/irccloud.com/x-zppqbnftkfxbtdca] has quit [Ping timeout: 272 seconds] 16:46 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-zszkikzrzkzuvune] has quit [Ping timeout: 245 seconds] 16:46 -!- gleb [sid306870@gateway/web/irccloud.com/x-ttggrkubveamjixs] has quit [Ping timeout: 245 seconds] 16:46 -!- drbrule [sid395654@gateway/web/irccloud.com/x-tnebjzgjkbgqkzyy] has quit [Ping timeout: 272 seconds] 16:53 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-llpiyaqtbwztqaox] has joined #bitcoin-core-pr-reviews 16:53 -!- RubenSomsen [sid301948@gateway/web/irccloud.com/x-ljnsyxugfwixcbdn] has quit [Ping timeout: 246 seconds] 16:53 -!- wallet42 [sid154231@gateway/web/irccloud.com/x-wpeejzujfdfzrykk] has quit [Ping timeout: 245 seconds] 16:56 -!- felixweis [sid154231@gateway/web/irccloud.com/x-pmigamznhrylwgtd] has quit [Ping timeout: 264 seconds] 16:57 -!- petezz4 [sid2429@gateway/web/irccloud.com/x-pdoooupymhtnhsmk] has joined #bitcoin-core-pr-reviews 16:58 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-llpiyaqtbwztqaox] has quit [Ping timeout: 258 seconds] 17:03 -!- petezz4 [sid2429@gateway/web/irccloud.com/x-pdoooupymhtnhsmk] has quit [Ping timeout: 260 seconds] 17:09 -!- RubenSomsen [sid301948@gateway/web/irccloud.com/x-dlowkpemhdlkzhfb] has joined #bitcoin-core-pr-reviews 17:09 -!- RubenSomsen [sid301948@gateway/web/irccloud.com/x-dlowkpemhdlkzhfb] has quit [Excess Flood] 17:18 -!- pierre_rochard [sid299882@gateway/web/irccloud.com/x-weuuhctfhmcvzoqy] has joined #bitcoin-core-pr-reviews 17:24 -!- elichai2 [sid212594@gateway/web/irccloud.com/x-mpwqnwutrypgdtsz] has joined #bitcoin-core-pr-reviews 17:26 -!- elichai2 [sid212594@gateway/web/irccloud.com/x-mpwqnwutrypgdtsz] has quit [Excess Flood] 17:30 -!- pierre_rochard [sid299882@gateway/web/irccloud.com/x-weuuhctfhmcvzoqy] has quit [Ping timeout: 260 seconds] 17:34 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 240 seconds] 17:39 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-core-pr-reviews 17:40 -!- felixweis [sid154231@gateway/web/irccloud.com/x-pommcezwlgyfydtr] has joined #bitcoin-core-pr-reviews 17:46 -!- felixweis [sid154231@gateway/web/irccloud.com/x-pommcezwlgyfydtr] has quit [Ping timeout: 260 seconds] 17:50 -!- BlueMatt [~BlueMatt@unaffiliated/bluematt] has quit [Ping timeout: 265 seconds] 17:51 -!- felixweis [sid154231@gateway/web/irccloud.com/x-dhbziyrlgkwaiild] has joined #bitcoin-core-pr-reviews 17:54 -!- mol [~molly@unaffiliated/molly] has joined #bitcoin-core-pr-reviews 17:55 -!- BlueMatt [~BlueMatt@unaffiliated/bluematt] has joined #bitcoin-core-pr-reviews 17:57 -!- felixweis [sid154231@gateway/web/irccloud.com/x-dhbziyrlgkwaiild] has quit [Ping timeout: 272 seconds] 18:09 -!- belcher [~belcher@unaffiliated/belcher] has quit [Quit: Leaving] 18:21 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-zccvycewloeqizpy] has joined #bitcoin-core-pr-reviews 18:26 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-zccvycewloeqizpy] has quit [Ping timeout: 260 seconds] 18:33 -!- felixfoertsch [~felixfoer@i5387BFFA.versanet.de] has quit [Ping timeout: 268 seconds] 18:39 -!- felixfoertsch [~felixfoer@92.117.59.147] has joined #bitcoin-core-pr-reviews 18:42 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-anpwfohluqragmtw] has joined #bitcoin-core-pr-reviews 18:55 -!- wullon [~wullon@241.243.86.88.rdns.comcable.net] has quit [Quit: Ping timeout (120 seconds)] 18:56 -!- wullon [~wullon@241.243.86.88.rdns.comcable.net] has joined #bitcoin-core-pr-reviews 19:04 -!- felixfoertsch23 [~felixfoer@92.117.62.201] has joined #bitcoin-core-pr-reviews 19:05 -!- felixfoertsch [~felixfoer@92.117.59.147] has quit [Ping timeout: 272 seconds] 19:08 -!- BlueMatt [~BlueMatt@unaffiliated/bluematt] has quit [Ping timeout: 246 seconds] 19:09 -!- BlueMatt [~BlueMatt@unaffiliated/bluematt] has joined #bitcoin-core-pr-reviews 19:50 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-anpwfohluqragmtw] has quit [Ping timeout: 272 seconds] 21:06 -!- slivera [slivera@gateway/vpn/privateinternetaccess/slivera] has quit [Ping timeout: 265 seconds] 21:08 -!- slivera [slivera@gateway/vpn/privateinternetaccess/slivera] has joined #bitcoin-core-pr-reviews 21:13 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-zjslgctnuidtsone] has joined #bitcoin-core-pr-reviews 21:16 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-zjslgctnuidtsone] has quit [Read error: Connection reset by peer] 21:32 -!- moneyball [sid299869@gateway/web/irccloud.com/x-qijmffwzhpwcdrqt] has joined #bitcoin-core-pr-reviews 21:39 -!- moneyball [sid299869@gateway/web/irccloud.com/x-qijmffwzhpwcdrqt] has quit [Ping timeout: 245 seconds] 21:47 -!- slivera [slivera@gateway/vpn/privateinternetaccess/slivera] has quit [Remote host closed the connection] 22:06 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-vrplilggfoljxxqk] has joined #bitcoin-core-pr-reviews 22:18 < raj_> I was trying with afl-clag-fast, but config is giving error something like "cant use CC to compile file". The afl-clang-fast binary seems to be working fine, and calling it gives back version number and stuffs. Have anyone tried this? Anything else i need to set to compile with afl-clang-fast? 22:18 -!- gleb [sid306870@gateway/web/irccloud.com/x-hukqpvbpfjfsdlix] has joined #bitcoin-core-pr-reviews 22:20 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-vrplilggfoljxxqk] has quit [Read error: Connection reset by peer] 22:23 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-qghfakjsxplobvyq] has joined #bitcoin-core-pr-reviews 22:27 < raj_> Also, for this particular target, would in memory fuzzing make any significant improvement of speed? I got 1 exec/sec at the later end of the test using libfuzzer, at start it was like 5. Creating more workers doesn't help, as it never exhaust my full cpu power, memory peaks at 4gb. The bottleneck seems to be disk i/o. 22:28 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-qghfakjsxplobvyq] has quit [Ping timeout: 272 seconds] 22:34 -!- achow101 [~achow101@unaffiliated/achow101] has quit [Ping timeout: 260 seconds] 22:42 -!- gleb [sid306870@gateway/web/irccloud.com/x-hukqpvbpfjfsdlix] has quit [Ping timeout: 260 seconds] 22:43 -!- achow101 [~achow101@unaffiliated/achow101] has joined #bitcoin-core-pr-reviews 22:43 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-wunkaznjshuemmwq] has joined #bitcoin-core-pr-reviews 22:44 -!- gleb [sid306870@gateway/web/irccloud.com/x-tapoouknqpxtsqlo] has joined #bitcoin-core-pr-reviews 22:48 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-wunkaznjshuemmwq] has quit [Ping timeout: 272 seconds] 22:49 -!- moneyball [sid299869@gateway/web/irccloud.com/x-robisjyjfvphumsd] has joined #bitcoin-core-pr-reviews 22:49 -!- udiWertheimer [sid190185@gateway/web/irccloud.com/x-zbmgbozogiiedrvl] has joined #bitcoin-core-pr-reviews 22:50 -!- nadra [uid415365@gateway/web/irccloud.com/x-ivzkxknnnsmulpho] has joined #bitcoin-core-pr-reviews 22:51 -!- schmidty [sid297174@gateway/web/irccloud.com/x-leoutwfanhfvmiqd] has joined #bitcoin-core-pr-reviews 22:53 -!- RubenSomsen [sid301948@gateway/web/irccloud.com/x-ychgpeigdrmerrwf] has joined #bitcoin-core-pr-reviews 22:53 -!- petezz4 [sid2429@gateway/web/irccloud.com/x-bykpvndhzmlbhiml] has joined #bitcoin-core-pr-reviews 22:53 -!- digi_james [sid281632@gateway/web/irccloud.com/x-ujprzhctynzlzsgm] has joined #bitcoin-core-pr-reviews 22:53 -!- elichai2 [sid212594@gateway/web/irccloud.com/x-comdeojcshxsgfje] has joined #bitcoin-core-pr-reviews 22:56 -!- wallet42 [sid154231@gateway/web/irccloud.com/x-wujafbfeuezoucze] has joined #bitcoin-core-pr-reviews 22:56 -!- peltre [sid268329@gateway/web/irccloud.com/x-kurhwfvrngxlhome] has joined #bitcoin-core-pr-reviews 22:56 -!- ethzero [sid396973@gateway/web/irccloud.com/x-znsdwibjpwqwuber] has joined #bitcoin-core-pr-reviews 22:56 -!- fanquake [sid369002@gateway/web/irccloud.com/x-xjowvshfejhxjnna] has joined #bitcoin-core-pr-reviews 23:00 -!- ajonas [sid385278@gateway/web/irccloud.com/x-btazcthckxervvkn] has joined #bitcoin-core-pr-reviews 23:00 -!- felixweis [sid154231@gateway/web/irccloud.com/x-dwybcsuvqtnhdgjd] has joined #bitcoin-core-pr-reviews 23:00 -!- pierre_rochard [sid299882@gateway/web/irccloud.com/x-meyxpkvifzvmxajq] has joined #bitcoin-core-pr-reviews 23:01 -!- drbrule [sid395654@gateway/web/irccloud.com/x-smvrjadbkhzafyyw] has joined #bitcoin-core-pr-reviews 23:11 -!- fjahr [sid374480@gateway/web/irccloud.com/x-ycxxkxjyiukxhegd] has joined #bitcoin-core-pr-reviews 23:17 -!- hugohn [sid304114@gateway/web/irccloud.com/x-kahnetsstftsqfuz] has joined #bitcoin-core-pr-reviews 23:17 -!- molly [~molly@unaffiliated/molly] has joined #bitcoin-core-pr-reviews 23:21 -!- mol [~molly@unaffiliated/molly] has quit [Ping timeout: 260 seconds] 23:53 -!- slivera_ [slivera@gateway/vpn/privateinternetaccess/slivera] has joined #bitcoin-core-pr-reviews 23:57 -!- molz_ [~molly@unaffiliated/molly] has joined #bitcoin-core-pr-reviews