tests: Add fuzzing harness for CheckTransaction(...), IsStandardTx(...) and other CTransaction related functions #17076

pull practicalswift wants to merge 2 commits into bitcoin:master from practicalswift:fuzzers-transaction changing 3 files +89 −12

practicalswift commented at 1:28 PM on October 8, 2019: contributor

Add fuzzing harness for CheckTransaction(...), IsStandardTx(...) and other CTransaction related functions.

Testing this PR

Run:

$ CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/transaction
…
# And to to quickly verify that the relevant code regions are triggered, that the
# fuzzing throughput seems reasonable, etc.
$ contrib/devtools/test_fuzzing_harnesses.sh '^transaction$'

test_fuzzing_harnesses.sh can be found in PR #17000.

fanquake added the label Tests on Oct 8, 2019
DrahtBot commented at 2:05 PM on October 8, 2019: contributor


The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.



Conflicts

Reviewers, this pull request conflicts with the following ones:
- #17093 (tests: Add fuzzing harness for various CTx{In,Out} related functions by practicalswift)
- #17083 (tests: Add fuzzing harness for various CScript related functions by practicalswift)
- #17071 (tests: Add fuzzing harness for CheckBlock(...) and other CBlock related functions by practicalswift)
- #17051 (tests: Add deserialization fuzzing harnesses by practicalswift)
- #17050 (tests: Add fuzzing harnesses for functions parsing scripts, numbers, JSON and HD keypaths (bip32) by practicalswift)
- #17018 (tests: Add Parse(...) (descriptor) fuzzing harness by practicalswift)
- #17009 (tests: Add EvalScript(...) fuzzing harness by practicalswift)
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
in src/test/fuzz/transaction.cpp:38 in 72db5d2392 outdated
```
  31 | +    }
  32 | +    const CTransaction tx = [&] {
  33 | +        try {
  34 | +            return CTransaction(deserialize, ds);
  35 | +        } catch (const std::ios_base::failure& e) {
  36 | +            return CTransaction();
```
MarcoFalke commented at 6:03 PM on October 8, 2019:

why not return early here. Seems wasteful to map all deserialization failures to an default constructed tx and then run all the checks with that.

Also, TRANSACTION_DESERIALIZE can be removed from the existing fuzzer now, as the new fuzz test includes this dumb code path now?

practicalswift commented at 9:00 PM on October 8, 2019:

Good points. Feedback addressed. Please re-review :)
practicalswift force-pushed on Oct 8, 2019

in test/fuzz/test_runner.py:17 in fad17fc3a1 outdated

  11 | @@ -12,6 +12,10 @@
  12 |  import subprocess
  13 |  import logging
  14 |  
  15 | +# Fuzzers known to lack a seed corpus in https://github.com/bitcoin-core/qa-assets/tree/master/fuzz_seed_corpus
  16 | +FUZZERS_MISSING_CORPORA = [
  17 | +    "transaction",

MarcoFalke commented at 9:03 PM on October 8, 2019:

Can remove all of this?

practicalswift commented at 1:54 PM on October 9, 2019:

Fixed!

tests: Add fuzzing harness for CheckTransaction(...), IsStandardTx(...) and other CTransaction related functions 0a573682f2
tests: Remove TRANSACTION_DESERIALIZE (replaced by transaction fuzzer) 5c2987636f

in src/Makefile.test.include:319 in fad17fc3a1 outdated

 314 | @@ -321,6 +315,12 @@ test_fuzz_blocktransactionsrequest_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCO
 315 |  test_fuzz_blocktransactionsrequest_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 316 |  test_fuzz_blocktransactionsrequest_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 317 |  test_fuzz_blocktransactionsrequest_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 318 | +test_fuzz_transaction_SOURCES = $(FUZZ_SUITE) test/fuzz/transaction.cpp

MarcoFalke commented at 1:47 PM on October 9, 2019:

style-nit: new line?

practicalswift commented at 1:54 PM on October 9, 2019:

Fixed!

practicalswift force-pushed on Oct 9, 2019
MarcoFalke commented at 2:11 PM on October 9, 2019: member

ACK 5c2987636faa5bc175b37b81fd98ab48e576da0b
MarcoFalke referenced this in commit 2352aec9fc on Oct 10, 2019
MarcoFalke merged this on Oct 10, 2019
MarcoFalke closed this on Oct 10, 2019
mzumsande cross-referenced this on Oct 25, 2019 from issue validation: Tidy up ValidationState interface by jnewbery
MarkLTZ cross-referenced this on Apr 4, 2020 from issue Bitcoin PR tracking by MarkLTZ
jasonbcox referenced this in commit 9e0128d086 on Jul 1, 2020
furszy cross-referenced this on Mar 24, 2021 from issue Fuzzing framework support by furszy
practicalswift deleted the branch on Apr 10, 2021
random-zebra referenced this in commit 44b5327e61 on May 28, 2021
kwvg referenced this in commit 14c9dfae5d on Aug 2, 2021
kwvg referenced this in commit 54c67774ea on Aug 5, 2021
kwvg referenced this in commit 1fc41b57c6 on Aug 5, 2021
kwvg referenced this in commit 00bd32844f on Aug 5, 2021
PastaPastaPasta referenced this in commit 515640b35f on Aug 6, 2021
kwvg referenced this in commit af0ec26170 on Aug 8, 2021
kwvg referenced this in commit 19b94c6dfa on Aug 11, 2021
PastaPastaPasta referenced this in commit 90e7119a8b on Aug 11, 2021
5tefan referenced this in commit fdb3ad7532 on Aug 12, 2021
gades referenced this in commit de468fed94 on May 6, 2022
bitcoin locked this on Aug 18, 2022

Contributors

Labels

Linked (view graph)

#15921 validation: Tidy up ValidationState interface #17000 tests: Add test_fuzzing_harnesses.sh for quick testing/verification of fuzzing harness coverage

tests: Add fuzzing harness for CheckTransaction(...), IsStandardTx(...) and other CTransaction related functions #17076

Conflicts