mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-04-29 06:49:38 -04:00
Merge bitcoin/bitcoin#32154: fuzz: Avoid integer sanitizer warnings in policy_estimator target
Some checks are pending
CI / test each commit (push) Waiting to run
CI / macOS 14 native, arm64, no depends, sqlite only, gui (push) Waiting to run
CI / macOS 14 native, arm64, fuzz (push) Waiting to run
CI / Windows native, VS 2022 (push) Waiting to run
CI / Windows native, fuzz, VS 2022 (push) Waiting to run
CI / Linux->Windows cross, no tests (push) Waiting to run
CI / Windows, test cross-built (push) Blocked by required conditions
CI / ASan + LSan + UBSan + integer, no depends, USDT (push) Waiting to run
Some checks are pending
CI / test each commit (push) Waiting to run
CI / macOS 14 native, arm64, no depends, sqlite only, gui (push) Waiting to run
CI / macOS 14 native, arm64, fuzz (push) Waiting to run
CI / Windows native, VS 2022 (push) Waiting to run
CI / Windows native, fuzz, VS 2022 (push) Waiting to run
CI / Linux->Windows cross, no tests (push) Waiting to run
CI / Windows, test cross-built (push) Blocked by required conditions
CI / ASan + LSan + UBSan + integer, no depends, USDT (push) Waiting to run
fa6a007b8efuzz: Avoid integer sanitizer warnings in policy_estimator target (MarcoFalke) Pull request description: It seems odd to write a fuzz target to trigger integer sanitizer warnings in `CBlockPolicyEstimator::processBlockTx` and then suppress them. If the scenario can happen in reality, the code should be properly fixed to handle the cases. If not, it seems better to fix the fuzz target to not trigger meaningless traces. Do that here by keeping track of the current height and limiting mempool entries to at most this entry height. ACKs for top commit: brunoerg: ACKfa6a007b8edergoegge: utACKfa6a007b8eTree-SHA512: 2092017dc309fb095fe5d43cfb76efb691795f303d567ee919be2b5cac19a944293636229903dc4d1e8b9fe5daf9dc3058544321eff1735f91f804c3baa36cd0
This commit is contained in:
merge-script
commit
bfeacc18b3
4 changed files with 16 additions and 11 deletions
|
|
@ -1,4 +1,4 @@
|
|||
// Copyright (c) 2020-2022 The Bitcoin Core developers
|
||||
// Copyright (c) 2020-present The Bitcoin Core developers
|
||||
// Distributed under the MIT software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
|
|
@ -33,6 +33,12 @@ FUZZ_TARGET(policy_estimator, .init = initialize_policy_estimator)
|
|||
bool good_data{true};
|
||||
|
||||
CBlockPolicyEstimator block_policy_estimator{FeeestPath(*g_setup->m_node.args), DEFAULT_ACCEPT_STALE_FEE_ESTIMATES};
|
||||
|
||||
uint32_t current_height{0};
|
||||
const auto advance_height{
|
||||
[&] { current_height = fuzzed_data_provider.ConsumeIntegralInRange<decltype(current_height)>(current_height, 1 << 30); },
|
||||
};
|
||||
advance_height();
|
||||
LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 10'000)
|
||||
{
|
||||
CallOneOf(
|
||||
|
|
@ -44,7 +50,7 @@ FUZZ_TARGET(policy_estimator, .init = initialize_policy_estimator)
|
|||
return;
|
||||
}
|
||||
const CTransaction tx{*mtx};
|
||||
const CTxMemPoolEntry& entry = ConsumeTxMemPoolEntry(fuzzed_data_provider, tx);
|
||||
const auto entry{ConsumeTxMemPoolEntry(fuzzed_data_provider, tx, current_height)};
|
||||
const auto tx_submitted_in_package = fuzzed_data_provider.ConsumeBool();
|
||||
const auto tx_has_mempool_parents = fuzzed_data_provider.ConsumeBool();
|
||||
const auto tx_info = NewMempoolTransactionInfo(entry.GetSharedTx(), entry.GetFee(),
|
||||
|
|
@ -68,14 +74,15 @@ FUZZ_TARGET(policy_estimator, .init = initialize_policy_estimator)
|
|||
break;
|
||||
}
|
||||
const CTransaction tx{*mtx};
|
||||
mempool_entries.emplace_back(CTxMemPoolEntry::ExplicitCopy, ConsumeTxMemPoolEntry(fuzzed_data_provider, tx));
|
||||
mempool_entries.emplace_back(CTxMemPoolEntry::ExplicitCopy, ConsumeTxMemPoolEntry(fuzzed_data_provider, tx, current_height));
|
||||
}
|
||||
std::vector<RemovedMempoolTransactionInfo> txs;
|
||||
txs.reserve(mempool_entries.size());
|
||||
for (const CTxMemPoolEntry& mempool_entry : mempool_entries) {
|
||||
txs.emplace_back(mempool_entry);
|
||||
}
|
||||
block_policy_estimator.processBlock(txs, fuzzed_data_provider.ConsumeIntegral<unsigned int>());
|
||||
advance_height();
|
||||
block_policy_estimator.processBlock(txs, current_height);
|
||||
},
|
||||
[&] {
|
||||
(void)block_policy_estimator.removeTx(ConsumeUInt256(fuzzed_data_provider));
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Copyright (c) 2022 The Bitcoin Core developers
|
||||
// Copyright (c) 2022-present The Bitcoin Core developers
|
||||
// Distributed under the MIT software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
#include <cstdint>
|
||||
#include <limits>
|
||||
|
||||
CTxMemPoolEntry ConsumeTxMemPoolEntry(FuzzedDataProvider& fuzzed_data_provider, const CTransaction& tx) noexcept
|
||||
CTxMemPoolEntry ConsumeTxMemPoolEntry(FuzzedDataProvider& fuzzed_data_provider, const CTransaction& tx, uint32_t max_height) noexcept
|
||||
{
|
||||
// Avoid:
|
||||
// policy/feerate.cpp:28:34: runtime error: signed integer overflow: 34873208148477500 * 1000 cannot be represented in type 'long'
|
||||
|
|
@ -24,7 +24,7 @@ CTxMemPoolEntry ConsumeTxMemPoolEntry(FuzzedDataProvider& fuzzed_data_provider,
|
|||
assert(MoneyRange(fee));
|
||||
const int64_t time = fuzzed_data_provider.ConsumeIntegral<int64_t>();
|
||||
const uint64_t entry_sequence{fuzzed_data_provider.ConsumeIntegral<uint64_t>()};
|
||||
const unsigned int entry_height = fuzzed_data_provider.ConsumeIntegral<unsigned int>();
|
||||
const auto entry_height{fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, max_height)};
|
||||
const bool spends_coinbase = fuzzed_data_provider.ConsumeBool();
|
||||
const unsigned int sig_op_cost = fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(0, MAX_BLOCK_SIGOPS_COST);
|
||||
return CTxMemPoolEntry{MakeTransactionRef(tx), fee, time, entry_height, entry_sequence, spends_coinbase, sig_op_cost, {}};
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Copyright (c) 2022 The Bitcoin Core developers
|
||||
// Copyright (c) 2022-present The Bitcoin Core developers
|
||||
// Distributed under the MIT software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
|
|
@ -21,6 +21,6 @@ public:
|
|||
}
|
||||
};
|
||||
|
||||
[[nodiscard]] CTxMemPoolEntry ConsumeTxMemPoolEntry(FuzzedDataProvider& fuzzed_data_provider, const CTransaction& tx) noexcept;
|
||||
[[nodiscard]] CTxMemPoolEntry ConsumeTxMemPoolEntry(FuzzedDataProvider& fuzzed_data_provider, const CTransaction& tx, uint32_t max_height=std::numeric_limits<uint32_t>::max()) noexcept;
|
||||
|
||||
#endif // BITCOIN_TEST_FUZZ_UTIL_MEMPOOL_H
|
||||
|
|
|
|||
|
|
@ -53,13 +53,11 @@ unsigned-integer-overflow:CompressAmount
|
|||
unsigned-integer-overflow:DecompressAmount
|
||||
unsigned-integer-overflow:crypto/
|
||||
unsigned-integer-overflow:MurmurHash3
|
||||
unsigned-integer-overflow:CBlockPolicyEstimator::processBlockTx
|
||||
unsigned-integer-overflow:TxConfirmStats::EstimateMedianVal
|
||||
unsigned-integer-overflow:prevector.h
|
||||
unsigned-integer-overflow:InsecureRandomContext::rand64
|
||||
unsigned-integer-overflow:InsecureRandomContext::SplitMix64
|
||||
unsigned-integer-overflow:bitset_detail::PopCount
|
||||
implicit-integer-sign-change:CBlockPolicyEstimator::processBlockTx
|
||||
implicit-integer-sign-change:SetStdinEcho
|
||||
implicit-integer-sign-change:compressor.h
|
||||
implicit-integer-sign-change:crypto/
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue