Merge bitcoin/bitcoin#22573: fuzz: document faster throughput configuration

8a4f0fcd3fc1a35c1482975114555b0fed75a1c0 Document faster throughput configuration (Alex Groce) Pull request description: This is a small change to the fuzzing doc that I think might help more people improve the corpus coverage, which I think is low partly just due to lack of long, low-overhead, runs, in addition to the need to apply a more diverse set of fuzzers and coverage notions. ACKs for top commit: practicalswift: ACK 8a4f0fcd3fc1a35c1482975114555b0fed75a1c0 tryphe: ACK 8a4f0fcd3fc1a35c1482975114555b0fed75a1c0 Tree-SHA512: 0f1802f5c551d6ade7393cd2ac439ffd485786b17c4fd0f1a321f69f8ed0db1167ae04b5cae7bf904e89aba03e89b6d974bff564bfc6a78a571893719f323434
2025-04-09 20:59:38 +02:00 · 2021-07-31 09:26:10 +02:00 · 2021-07-31 09:26:10 +02:00 · 6499928bfb
commit 6499928bfb
parent da1c0c64fd 8a4f0fcd3f
1 changed files with 4 additions and 0 deletions
--- a/doc/fuzzing.md
+++ b/doc/fuzzing.md
@ -83,6 +83,10 @@ INFO: seed corpus: files: 991 min: 1b max: 1858b total: 288291b rss: 150Mb
 …
 ```

+## Run without sanitizers for increased throughput
+
+Fuzzing on a harness compiled with `--with-sanitizers=address,fuzzer,undefined` is good for finding bugs. However, the very slow execution even under libFuzzer will limit the ability to find new coverage. A good approach is to perform occasional long runs without the additional bug-detectors (configure `--with-sanitizers=fuzzer`) and then merge new inputs into a corpus as described in the qa-assets repo (https://github.com/bitcoin-core/qa-assets/blob/main/.github/PULL_REQUEST_TEMPLATE.md).  Patience is useful; even with improved throughput, libFuzzer may need days and 10s of millions of executions to reach deep/hard targets.
+
 ## Reproduce a fuzzer crash reported by the CI

 - `cd` into the `qa-assets` directory and update it with `git pull qa-assets`