fuzz: Abort when using global PRNG without re-seed

2026-05-31 16:24:48 +02:00 · 2024-12-13 14:42:21 +01:00
parent fa7809aeab
commit fa18acb457
7 changed files with 77 additions and 2 deletions
--- a/src/test/fuzz/util/CMakeLists.txt
+++ b/src/test/fuzz/util/CMakeLists.txt
@@ -3,6 +3,7 @@
 # file COPYING or https://opensource.org/license/mit/.

 add_library(test_fuzz STATIC EXCLUDE_FROM_ALL
+  check_globals.cpp
  descriptor.cpp
  mempool.cpp
  net.cpp
--- a/src/test/fuzz/util/check_globals.cpp
+++ b/src/test/fuzz/util/check_globals.cpp
@@ -0,0 +1,41 @@
+// Copyright (c) 2024-present The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/util/check_globals.h>
+
+#include <test/util/random.h>
+
+#include <iostream>
+#include <memory>
+#include <optional>
+#include <string>
+
+struct CheckGlobalsImpl {
+    CheckGlobalsImpl()
+    {
+        g_used_g_prng = false;
+        g_seeded_g_prng_zero = false;
+    }
+    ~CheckGlobalsImpl()
+    {
+        if (g_used_g_prng && !g_seeded_g_prng_zero) {
+            std::cerr << "\n\n"
+                         "The current fuzz target used the global random state.\n\n"
+
+                         "This is acceptable, but requires the fuzz target to call \n"
+                         "SeedRandomStateForTest(SeedRand::ZEROS) at the beginning \n"
+                         "of processing the fuzz input.\n\n"
+
+                         "An alternative solution would be to avoid any use of globals.\n\n"
+
+                         "Without a solution, fuzz stability and determinism can lead \n"
+                         "to non-reproducible bugs or inefficient fuzzing.\n\n"
+                      << std::endl;
+            std::abort(); // Abort, because AFL may try to recover from a std::exit
+        }
+    }
+};
+
+CheckGlobals::CheckGlobals() : m_impl(std::make_unique<CheckGlobalsImpl>()) {}
+CheckGlobals::~CheckGlobals() = default;
--- a/src/test/fuzz/util/check_globals.h
+++ b/src/test/fuzz/util/check_globals.h
@@ -0,0 +1,19 @@
+// Copyright (c) 2024-present The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_TEST_FUZZ_UTIL_CHECK_GLOBALS_H
+#define BITCOIN_TEST_FUZZ_UTIL_CHECK_GLOBALS_H
+
+#include <memory>
+#include <optional>
+#include <string>
+
+struct CheckGlobalsImpl;
+struct CheckGlobals {
+    CheckGlobals();
+    ~CheckGlobals();
+    std::unique_ptr<CheckGlobalsImpl> m_impl;
+};
+
+#endif // BITCOIN_TEST_FUZZ_UTIL_CHECK_GLOBALS_H