doc/html/test_2fuzz_2utxo__snapshot_8cpp_source.html

 // Copyright (c) 2021-present The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

 #include <chain.h>
 #include <chainparams.h>
 #include <coins.h>
 #include <consensus/consensus.h>
 #include <consensus/validation.h>
 #include <node/blockstorage.h>
 #include <node/utxo_snapshot.h>
 #include <primitives/block.h>
 #include <primitives/transaction.h>
 #include <serialize.h>
 #include <span.h>
 #include <streams.h>
 #include <sync.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
 #include <test/util/mining.h>
 #include <test/util/setup_common.h>
 #include <uint256.h>
 #include <util/check.h>
 #include <util/fs.h>
 #include <util/result.h>
 #include <validation.h>

 #include <cstdint>
 #include <functional>
 #include <ios>
 #include <memory>
 #include <optional>
 #include <vector>

 using node::SnapshotMetadata;

 namespace {

 const std::vector<std::shared_ptr<CBlock>>* g_chain;
 TestingSetup* g_setup;

 template <bool INVALID>
 void initialize_chain()
 {
     const auto params{CreateChainParams(ArgsManager{}, ChainType::REGTEST)};
     static const auto chain{CreateBlockChain(2 * COINBASE_MATURITY, *params)};
     g_chain = &chain;
     static const auto setup{
         MakeNoLogFileContext<TestingSetup>(ChainType::REGTEST,
                                            TestOpts{
                                                .setup_net = false,
                                                .setup_validation_interface = false,
                                                .min_validation_cache = true,
                                            }),
     };
     if constexpr (INVALID) {
         auto& chainman{*setup->m_node.chainman};
         for (const auto& block : chain) {
             BlockValidationState dummy;
             bool processed{chainman.ProcessNewBlockHeaders({*block}, true, dummy)};
             Assert(processed);
             const auto* index{WITH_LOCK(::cs_main, return chainman.m_blockman.LookupBlockIndex(block->GetHash()))};
             Assert(index);
         }
     }
     g_setup = setup.get();
 }

 template <bool INVALID>
 void utxo_snapshot_fuzz(FuzzBufferType buffer)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     auto& setup{*g_setup};
     bool dirty_chainman{false}; // Re-use the global chainman, but reset it when it is dirty
     auto& chainman{*setup.m_node.chainman};

     const auto snapshot_path = gArgs.GetDataDirNet() / "fuzzed_snapshot.dat";

     Assert(!chainman.SnapshotBlockhash());

     {
         AutoFile outfile{fsbridge::fopen(snapshot_path, "wb")};
         // Metadata
         if (fuzzed_data_provider.ConsumeBool()) {
             std::vector<uint8_t> metadata{ConsumeRandomLengthByteVector(fuzzed_data_provider)};
             outfile << Span{metadata};
         } else {
             auto msg_start = chainman.GetParams().MessageStart();
             int base_blockheight{fuzzed_data_provider.ConsumeIntegralInRange<int>(1, 2 * COINBASE_MATURITY)};
             uint256 base_blockhash{g_chain->at(base_blockheight - 1)->GetHash()};
             uint64_t m_coins_count{fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(1, 3 * COINBASE_MATURITY)};
             SnapshotMetadata metadata{msg_start, base_blockhash, m_coins_count};
             outfile << metadata;
         }
         // Coins
         if (fuzzed_data_provider.ConsumeBool()) {
             std::vector<uint8_t> file_data{ConsumeRandomLengthByteVector(fuzzed_data_provider)};
             outfile << Span{file_data};
         } else {
             int height{0};
             for (const auto& block : *g_chain) {
                 auto coinbase{block->vtx.at(0)};
                 outfile << coinbase->GetHash();
                 WriteCompactSize(outfile, 1); // number of coins for the hash
                 WriteCompactSize(outfile, 0); // index of coin
                 outfile << Coin(coinbase->vout[0], height, /*fCoinBaseIn=*/1);
                 height++;
             }
         }
         if constexpr (INVALID) {
             // Append an invalid coin to ensure invalidity. This error will be
             // detected late in PopulateAndValidateSnapshot, and allows the
             // INVALID fuzz target to reach more potential code coverage.
             const auto& coinbase{g_chain->back()->vtx.back()};
             outfile << coinbase->GetHash();
             WriteCompactSize(outfile, 1);   // number of coins for the hash
             WriteCompactSize(outfile, 999); // index of coin
             outfile << Coin{coinbase->vout[0], /*nHeightIn=*/999, /*fCoinBaseIn=*/0};
         }
     }

     const auto ActivateFuzzedSnapshot{[&] {
         AutoFile infile{fsbridge::fopen(snapshot_path, "rb")};
         auto msg_start = chainman.GetParams().MessageStart();
         SnapshotMetadata metadata{msg_start};
         try {
             infile >> metadata;
         } catch (const std::ios_base::failure&) {
             return false;
         }
         return !!chainman.ActivateSnapshot(infile, metadata, /*in_memory=*/true);
     }};

     if (fuzzed_data_provider.ConsumeBool()) {
         // Consume the bool, but skip the code for the INVALID fuzz target
         if constexpr (!INVALID) {
             for (const auto& block : *g_chain) {
                 BlockValidationState dummy;
                 bool processed{chainman.ProcessNewBlockHeaders({*block}, true, dummy)};
                 Assert(processed);
                 const auto* index{WITH_LOCK(::cs_main, return chainman.m_blockman.LookupBlockIndex(block->GetHash()))};
                 Assert(index);
             }
             dirty_chainman = true;
         }
     }

     if (ActivateFuzzedSnapshot()) {
         LOCK(::cs_main);
         Assert(!chainman.ActiveChainstate().m_from_snapshot_blockhash->IsNull());
         Assert(*chainman.ActiveChainstate().m_from_snapshot_blockhash ==
                *chainman.SnapshotBlockhash());
         const auto& coinscache{chainman.ActiveChainstate().CoinsTip()};
         for (const auto& block : *g_chain) {
             Assert(coinscache.HaveCoin(COutPoint{block->vtx.at(0)->GetHash(), 0}));
             const auto* index{chainman.m_blockman.LookupBlockIndex(block->GetHash())};
             Assert(index);
             Assert(index->nTx == 0);
             if (index->nHeight == chainman.GetSnapshotBaseHeight()) {
                 auto params{chainman.GetParams().AssumeutxoForHeight(index->nHeight)};
                 Assert(params.has_value());
                 Assert(params.value().m_chain_tx_count == index->m_chain_tx_count);
             } else {
                 Assert(index->m_chain_tx_count == 0);
             }
         }
         Assert(g_chain->size() == coinscache.GetCacheSize());
         dirty_chainman = true;
     } else {
         Assert(!chainman.SnapshotBlockhash());
         Assert(!chainman.ActiveChainstate().m_from_snapshot_blockhash);
     }
     // Snapshot should refuse to load a second time regardless of validity
     Assert(!ActivateFuzzedSnapshot());
     if constexpr (INVALID) {
         // Activating the snapshot, or any other action that makes the chainman
         // "dirty" can and must not happen for the INVALID fuzz target
         Assert(!dirty_chainman);
     }
     if (dirty_chainman) {
         setup.m_node.chainman.reset();
         setup.m_make_chainman();
         setup.LoadVerifyActivateChainstate();
     }
 }

 // There are two fuzz targets:
 //
 // The target 'utxo_snapshot', which allows valid snapshots, but is slow,
 // because it has to reset the chainstate manager on almost all fuzz inputs.
 // Otherwise, a dirty header tree or dirty chainstate could leak from one fuzz
 // input execution into the next, which makes execution non-deterministic.
 //
 // The target 'utxo_snapshot_invalid', which is fast and does not require any
 // expensive state to be reset.
 FUZZ_TARGET(utxo_snapshot /*valid*/, .init = initialize_chain<false>) { utxo_snapshot_fuzz<false>(buffer); }
 FUZZ_TARGET(utxo_snapshot_invalid, .init = initialize_chain<true>) { utxo_snapshot_fuzz<true>(buffer); }

 } // namespace
check.h

TestOpts::setup_net
bool setup_net
Definition: setup_common.h:56

transaction.h

fsbridge::fopen
FILE * fopen(const fs::path &p, const char *mode)
Definition: fs.cpp:26

streams.h

span.h

Coin
A UTXO entry.
Definition: coins.h:32

FuzzedDataProvider.h

fuzz.h

ArgsManager
Definition: args.h:96

COINBASE_MATURITY
static const int COINBASE_MATURITY
Coinbase transaction outputs can only be spent after this number of new blocks (network rule) ...
Definition: consensus.h:19

fs.h

AutoFile
Non-refcounted RAII wrapper for FILE*.
Definition: streams.h:388

ConsumeRandomLengthByteVector
std::vector< B > ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:57

result.h

ChainType::REGTEST

FuzzBufferType
std::span< const uint8_t > FuzzBufferType
Definition: fuzz.h:25

ArgsManager::GetDataDirNet
fs::path GetDataDirNet() const
Get data directory path with appended network identifier.
Definition: args.h:232

serialize.h

LOCK
#define LOCK(cs)
Definition: sync.h:257

WriteCompactSize
void WriteCompactSize(SizeComputer &os, uint64_t nSize)
Definition: serialize.h:1095

setup_common.h

validation.h

blockstorage.h

FuzzedDataProvider
Definition: FuzzedDataProvider.h:32

COutPoint
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:28

utxo_snapshot.h

WITH_LOCK
#define WITH_LOCK(cs, code)
Run code while locking a mutex.
Definition: sync.h:301

init
Definition: bitcoin-gui.cpp:17

gArgs
ArgsManager gArgs
Definition: args.cpp:41

uint256
256-bit opaque blob.
Definition: uint256.h:178

util.h

uint256.h

TestOpts
Definition: setup_common.h:52

CreateChainParams
std::unique_ptr< const CChainParams > CreateChainParams(const ArgsManager &args, const ChainType chain)
Creates and returns a std::unique_ptr<CChainParams> of the chosen chain.
Definition: chainparams.cpp:111

BlockValidationState
Definition: validation.h:143

sync.h

consensus.h

Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: solver.h:20

FUZZ_TARGET
#define FUZZ_TARGET(...)
Definition: fuzz.h:35

CreateBlockChain
std::vector< std::shared_ptr< CBlock > > CreateBlockChain(size_t total_height, const CChainParams &params)
Create a blockchain, starting from genesis.
Definition: mining.cpp:32

cs_main
RecursiveMutex cs_main
Mutex to guard access to validation specific variables, such as reading or changing the chainstate...
Definition: cs_main.cpp:8

BasicTestingSetup::m_node
node::NodeContext m_node
Definition: setup_common.h:66

node::NodeContext::chainman
std::unique_ptr< ChainstateManager > chainman
Definition: context.h:69

TestingSetup
Testing setup that configures a complete environment.
Definition: setup_common.h:96

block.h

Assert
#define Assert(val)
Identity function.
Definition: check.h:77

mining.h

node::SnapshotMetadata
Metadata describing a serialized version of a UTXO set from which an assumeutxo Chainstate can be con...
Definition: utxo_snapshot.h:33