wip: Split fuzz binary (take 2)

[dergoegge]

Closes #28971

In addition to the benefits listed in #28971, this should also enable us to use https://github.com/ossf/fuzz-introspector provided by oss-fuzz. Our current runtime harness selection blocks introspector's static analysis from working properly (e.g. it can't statically determine which functions are reachable by a given harness).

This PR uses the approach suggested here: #29010 (comment). The list of available harnesses is determined (prior to compiling) by grepping for harness names in FUZZ_TARGET invocations. When compiling with -DBUILD_INDIVIDUAL_FUZZ_BINARIES=ON, individual binaries for each harness are produced that no longer include the runtime lookup via the FUZZ environment variable.

cmake -B build_fuzz \
  -DBUILD_FOR_FUZZING=ON \
  -DBUILD_INDIVIDUAL_FUZZ_BINARIES=ON \
  -DSANITIZERS=fuzzer
cmake --build build_fuzz

build_fuzz/src/test/fuzz will contain the individual binaries, which are prefixed with fuzz_*.

I'm opening this now to get some early feedback, there are still a few things to address:

• mention -DBUILD_INDIVIDUAL_FUZZ_BINARIES in the docs
• include wallet harnesses
• CI job that builds individual binaries (perhaps verify that the list of produced harnesses matches the monolithic binary)

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.
A summary of reviews will appear here.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #31333 (fuzz: Implement G_TEST_GET_FULL_NAME by hodlinator)
• #28676 ([WIP] Cluster mempool implementation by sdaftuar)
• #28584 (Fuzz: extend CConnman tests by vasild)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[dergoegge]

Currently an individual test_fuzz_* lib and fuzz_* binary is produced for each harness. It's kind of ugly to duplicate this loop but I'm not sure to avoid it. Another loop would likely need to be added for the wallet harnesses as well.

@hebasto @fanquake @maflcko Any ideas?

[dergoegge]

Trying to produce an introspector report using this branch: https://github.com/dergoegge/oss-fuzz/tree/2024-09-bitcoin-introspector

[DrahtBot]

🚧 At least one of the CI tasks failed.
_{Debug: https://github.com/bitcoin/bitcoin/runs/30061858064}

Hints

Make sure to run all tests locally, according to the documentation.

The failure may happen due to a number of reasons, for example:

• Possibly due to a silent merge conflict (the changes in this pull request being
  incompatible with the current code in the target branch). If so, make sure to rebase on the latest
  commit of the target branch.

• A sanitizer issue, which can only be found by compiling with the sanitizer and running the
  affected test.

• An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

[DrahtBot]

🐙 This pull request conflicts with the target branch and needs rebase.