Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

all: remove kilic dependency from bls12381 fuzzers #30296

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

all: remove kilic dependency from bls12381 fuzzers #30296

wants to merge 12 commits into from
+117 −113

Conversation

jwasinger
Copy link
Contributor

@jwasinger jwasinger commented Aug 14, 2024
edited
Loading

The kilic bls12381 implementation has been archived. It shouldn't be necessary to include it as a fuzzing target any longer.

This also adds fuzzers for G1/G2 mul that use inputs that are guaranteed to be valid. Previously, we just did random input fuzzing for these precompiles.

@MariusVanDerWijden
Copy link
Member

Looks like this fails currently:

func TestCrossG1MultiExp(t *testing.T) {
	input := []byte("0")
	fuzzCrossG1MultiExp(input)
}

kevaundray
kevaundray reviewed Aug 20, 2024
View reviewed changes
go.mod Show resolved Hide resolved
kevaundray
kevaundray reviewed Aug 20, 2024
View reviewed changes
tests/fuzzers/bls12381/bls12381_fuzz.go
// compute pairing using blst
blstResult := blst.Fp12MillerLoop(blG2, blG1)
blstResult.FinalExp()
res := massageBLST(blstResult.ToBendian())
if !(bytes.Equal(res, bls12381.NewGT().ToBytes(kResult))) {
if !(bytes.Equal(res, cResult.Marshal())) {
panic("pairing mismatch blst / geth")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was there before, so just inquiring and not a blocker: Most of the functions below use panic("{string}) while the subgroup check fuzzing function uses panic(fmt.Sprintf) -- Is there a reason for this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think there is a good/intentional reason. But I'd lean towards not printing the GT elements here as we already have the input that caused the diff.

@kevaundray
Copy link
Contributor

This looks good to me!

@jwasinger
Copy link
Contributor Author

Ah there's one thing: We only fuzz the MSM precompiles using random inputs. I'm going to add two additional fuzzers that fuzz these with inputs that are known to be valid.

@kevaundray
Copy link
Contributor

kevaundray commented Aug 20, 2024
edited
Loading

Ah there's one thing: We only fuzz the MSM precompiles using random inputs. I'm going to add two additional fuzzers that fuzz these with inputs that are known to be valid.

I think it would be good to add the identity/zero point as input to one of these, along with other known valid points

@jwasinger
Copy link
Contributor Author

Yeah definitely. Actually, I need to give the added fuzzers a longer run and prob adjust the seed corpus to increase the coverage.

holiman
holiman reviewed Aug 22, 2024
View reviewed changes
tests/fuzzers/bls12381/bls12381_test.go
@@ -51,9 +51,9 @@ func FuzzG1Add(f *testing.F) {
})
}

func FuzzG1Mul(f *testing.F) {
func FuzzCrossG1Mul(f *testing.F) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you change these names, or add new targets, you need to also update oss-fuzz.sh accordingly

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should just leave this name be instead

Suggested change
func FuzzCrossG1Mul(f *testing.F) {
func FuzzG1Mul(f *testing.F) {

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ping on this

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should just leave this name be instead

The PR expands these to be cross-library fuzzers. Doesn't it make sense to have consistent naming with the other fuzzers of the same type?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, but if so you need to update oss-fuzz.sh

holiman
holiman reviewed Aug 22, 2024
View reviewed changes
tests/fuzzers/bls12381/bls12381_test.go
@@ -69,9 +69,9 @@ func FuzzG2Add(f *testing.F) {
})
}

func FuzzG2Mul(f *testing.F) {
func FuzzCrossG2Mul(f *testing.F) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
func FuzzCrossG2Mul(f *testing.F) {
func FuzzG2Mul(f *testing.F) {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@holiman holiman holiman left review comments

@kevaundray kevaundray kevaundray left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jwasinger @MariusVanDerWijden @kevaundray @holiman