fuzz: Add tx_pool fuzz target #21142

maflcko · 2021-02-10T17:55:25Z

No description provided.

DrahtBot · 2021-02-10T19:09:44Z

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

No conflicts as of last run.

practicalswift · 2021-02-10T21:06:15Z

Concept ACK: very nice to see the mempool logic more thoroughly fuzzed!

maflcko · 2021-02-11T13:51:40Z

Rebased

practicalswift · 2021-02-28T20:13:39Z

Tested ACK e4e253d

Very nice to see the mempool logic more thoroughly fuzzed!
Achieves good coverage quickly.
Touches only src/test/fuzz/.

glozow

Concept ACK, very excited to see fuzzing in ATMP :) I have a lot of questions.

Got it running and have reviewed tx_pool.cpp so far. My biggest suggestion is to try to hit the RBF code by keeping track of outpoints in the mempool and potentially pulling input(s) from there as well.

I'm a fuzzing noob, ran into a sanitizer error on my mac so I ran it in docker instead

(Commands if anyone's interested)

docker run -it ubuntu:bionic /bin/bash
apt update
apt install -y git
apt install -y sudo
git clone https://github.com/bitcoin/bitcoin
cd bitcoin
git remote add marco https://github.com/MarcoFalke/bitcoin-core.git
git fetch marco 2102-fuzzPool
git checkout 2102-fuzzPool
sudo apt-get install build-essential libtool autotools-dev automake pkg-config bsdmainutils python3
sudo apt-get install libevent-dev libboost-system-dev libboost-filesystem-dev libboost-test-dev libboost-thread-dev
sudo apt-get install clang
./autogen.sh
CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=address,fuzzer,undefined --without-gui --disable-wallet
make
FUZZ=tx_pool src/test/fuzz/fuzz

src/test/fuzz/tx_pool.cpp

jonatack

Light ACK bcf96cd

Good to see added and improved coverage and efficiency. AFAICT after the first minute, the tx_pool fuzzer is doing roughly 2-3 times the exec/s of the process_message_tx and the tx_pool_standard fuzzers.

src/test/fuzz/tx_pool.cpp

maflcko · 2021-03-17T20:07:09Z

Only for tx_pool_standard: https://drahtbot.space/host_reports/DrahtBot/reports/coverage_fuzz/monotree/fa5382241f7943a7/fuzz.coverage/index.html

maflcko · 2021-03-17T20:34:19Z

I pushed an update for RBF. Will push some more stuff tomorrow 😴

ghost · 2021-03-18T06:01:49Z

ACK fa53822

Reviewed the code and ran the fuzz coverage tests before & after running for a few hours. Definitely getting better coverage with this, especially with the mempool/validation files.

Before


              Hit     Total  Coverage      
Lines:       28292    43939   64.4 %
Functions:    7835    11651   67.2 %
Branches:   101626   333283   30.5 %


                             
Filename                     Line Coverage             Functions               Branches
....
txmempool.cpp             35.7 %    262 / 734      50.8 %     31 / 61     15.8 %   782 / 4940
txmempool.h               61.9 %     99 / 160      60.0 %     42 / 70     30.2 %   189 / 626
txorphanage.cpp           61.7 %     74 / 120      66.7 %      6 / 9      25.0 %   205 / 820
txorphanage.h            100.0 %      4 / 4       100.0 %      5 / 5      50.0 %     4 / 8
txrequest.cpp             99.3 %    292 / 294     100.0 %     78 / 78     53.2 %  1330 / 2500
uint256.cpp              100.0 %     32 / 32       60.0 %      6 / 10     32.3 %    62 / 192
uint256.h                100.0 %     54 / 54       92.0 %     46 / 50     41.0 %    77 / 188
undo.h                   100.0 %     22 / 22       59.6 %     28 / 47     30.7 %    54 / 176
validation.cpp            45.4 %   1338 / 2945     59.9 %    115 / 192    20.1 %  3992 / 19900
validation.h              52.0 %     26 / 50       53.8 %     14 / 26     21.4 %    39 / 182
validationinterface.cpp   46.8 %     58 / 124      39.8 %     35 / 88      8.8 %   178 / 2016
validationinterface.h     20.0 %      2 / 10       20.0 %      2 / 10          -     0 / 0
...

After

              Hit     Total  Coverage
Lines:       28933    43936   65.9 %
Functions:    7934    11652   68.1 %
Branches:   104236   333473   31.3 %




Filename                     Line Coverage             Functions               Branches
....
txmempool.cpp             54.9 %    403 / 734      67.2 %     41 / 61     25.6 %  1267 / 4940
txmempool.h               66.2 %    106 / 160      65.7 %     46 / 70     31.6 %   198 / 626
txorphanage.cpp           61.7 %     74 / 120      66.7 %      6 / 9      25.0 %   205 / 820
txorphanage.h            100.0 %      4 / 4       100.0 %      5 / 5      50.0 %     4 / 8
txrequest.cpp             99.3 %    292 / 294     100.0 %     78 / 78     53.2 %  1330 / 2500
uint256.cpp              100.0 %     32 / 32       60.0 %      6 / 10     32.3 %    62 / 192
uint256.h                100.0 %     54 / 54       92.0 %     46 / 50     41.0 %    77 / 188
undo.h                   100.0 %     22 / 22       59.6 %     28 / 47     30.7 %    54 / 176
validation.cpp            53.9 %   1586 / 2945     65.1 %    125 / 192    25.3 %  5044 / 19900
validation.h              66.0 %     33 / 50       69.2 %     18 / 26     27.5 %    50 / 182
validationinterface.cpp   81.5 %    101 / 124      71.6 %     63 / 88     19.9 %   402 / 2016
validationinterface.h     30.0 %      3 / 10       30.0 %      3 / 10          -     0 / 0
...

maflcko · 2021-03-18T11:23:54Z

https://drahtbot.space/host_reports/DrahtBot 8000 /reports/coverage_fuzz/monotree/fa6cb809bc934009/fuzz.coverage/index.html

jonatack · 2021-03-18T15:02:13Z

@MarcoFalke as you requested in the review club yesterday, I ran the tx_pool fuzzer since then for 20+ hours and didn't see an accepted transaction.

         if (accepted) {
             txids.push_back(tx->GetHash());
+            std::cout << "\n\n\n*********************** SUCCESS ***************************\n\n\n";
         }

#7104574	NEW    cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 393483/902446 MS: 3 EraseBytes-ChangeByte-CMP- DE: "\x01\x00\x00\x00\x10\x8b\x12\xb3"-
#7104591	REDUCE cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 70/902446 MS: 1 EraseBytes-
#7104827	REDUCE cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 451/902446 MS: 1 EraseBytes-
#7104855	REDUCE cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 118/902446 MS: 3 CMP-CMP-EraseBytes- DE: "\xff\xff\xff\xff\xff\xff\xff\xff"-"\x00\x00\x00\x00\x00\x00\x00\x01"-
#7105353	REDUCE cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 15731/902446 MS: 2 InsertRepeatedBytes-EraseBytes-
#7107174	REDUCE cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 111/902446 MS: 1 EraseBytes-
#7108811	REDUCE cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 160/902446 MS: 1 EraseBytes-
#7109018	REDUCE cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 5278/902446 MS: 2 InsertByte-EraseBytes-
#7109675	REDUCE cov: 10002 ft: 58007 corp: 2495/59Mb lim: 907880 exec/s: 93 rss: 1733Mb L: 42/902446 MS: 2 ChangeBinInt-EraseBytes-

maflcko · 2021-03-18T17:57:28Z

I quickly ran 15kk iterations (double the 7kk iterations of yours) and it did hit a valid tx.

#15766688	REDUCE cov: 3250 ft: 28506 corp: 8582/1579Kb lim: 4096 exec/s: 2341 rss: 98Mb L: 49/4096 MS: 1 EraseBytes-

However, I pushed a patch, where you should see a valid tx within ~100k iterations.

All feedback has been addressed, this is now ready for re-ACKs.

jonatack · 2021-03-18T18:59:37Z

Valid tx within a few seconds with latest push.

#35708	NEW    cov: 5635 ft: 14652 corp: 159/22Kb lim: 163 exec/s: 2975 rss: 587Mb L: 163/163 MS: 3 ShuffleBytes-InsertRepeatedBytes-CrossOver-
#36093	REDUCE cov: 5635 ft: 14652 corp: 159/22Kb lim: 163 exec/s: 3007 rss: 587Mb L: 136/163 MS: 5 ChangeBinInt-CrossOver-PersAutoDict-ChangeByte-InsertRepeatedBytes- DE: "\x15\x00\x00\x00\x00\x00\x00\x00"-

*********************** SUCCESS ***************************

	NEW_FUNC[1/335]: 0x559b1920a260 in std::vector<int, std::allocator<int> >::~vector() /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:679
	NEW_FUNC[2/335]: 0x559b1920a870 in std::_Vector_base<int, std::allocator<int> >::_Vector_impl::_Vector_impl() /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:134

Edit: and many valid txs.

ghost · 2021-03-19T02:40:05Z

reACK faa9ef4

Getting a better overall coverage profile (though I have been running for a lot longer and probably have better seeds by now)

Summary coverage rate:                                              
  lines......: 66.4% (29127 of 43873 lines)                         
  functions..: 68.3% (7960 of 11646 functions)                      
  branches...: 31.5% (104949 of 333689 branches)

Plus got 378 accepted transactions for the tx_pool target between try #65536 & #131072.

practicalswift · 2021-03-20T23:07:13Z

Tested ACK faa9ef4

Very nice fuzzing harness! Thanks @MarcoFalke!

glozow

code review ACK faa9ef4, a bunch of comments but non blocking

@MarcoFalke why do you call it tx_pool, is it the cool way of saying mempool? I would've called this mempool_validation.cpp and s/tx_pool/mempool

glozow · 2021-03-22T22:50:47Z

src/test/fuzz/tx_pool.cpp

+    constexpr CAmount SUPPLY_TOTAL{COINBASE_MATURITY * 50 * COIN};
+
+    CTxMemPool tx_pool_{/* estimator */ nullptr, /* check_ratio */ 1};
+    MockedTxPool& tx_pool = *(MockedTxPool*)&tx_pool_;


Question: Why can't you use a static_cast here instead?

Thanks, done in follow-up

glozow · 2021-03-22T22:52:57Z

src/test/fuzz/tx_pool.cpp

+        amount_view.GetCoin(outpoint, c);
+        Assert(!c.IsSpent());


This can just be:

Suggested change

amount_view.GetCoin(outpoint, c);

Assert(!c.IsSpent());

Assert(amount_view.GetCoin(outpoint, c));

Thanks, done in follow-up

Isn't it better to not have side-effects from asserts?

glozow · 2021-03-22T23:31:57Z

src/test/fuzz/tx_pool.cpp

+    const auto& node = g_setup->m_node;
+
+    std::vector<uint256> txids;
+    for (const auto& outpoint : g_outpoints_coinbase_init) {


Question: is the same g_outpoints_coinbase_init used for both the tx_pool and tx_pool_standard targets?

glozow · 2021-03-22T23:32:43Z

src/test/fuzz/tx_pool.cpp

+    }
+    for (int i{0}; i <= 3; ++i) {
+        // Add some immature and non-existent outpoints
+        txids.push_back(g_outpoints_coinbase_init.at(i).hash);


Aren't the ones at the beginning the mature ones?
It could also be more clear to have two sets g_outpoints_coinbases_mature and g_outpoints_coinbases_immature.

Suggested change

txids.push_back(g_outpoints_coinbase_init.at(i).hash);

txids.push_back(g_outpoints_coinbase_init.at(COINBASE_MATURITY + i).hash);

Ouch 🤦 . Good catch.

glozow · 2021-03-22T23:45:18Z

src/test/fuzz/tx_pool.cpp

+                auto pop = outpoints_rbf.begin();
+                std::advance(pop, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, outpoints_rbf.size() - 1));
+                const auto outpoint = *pop;


Why not use PickValue for this? It could take a bool to PickAndMaybeDelete?

Wouldn't that make PickValue unsuitable for collections that can't erase elements. E.g. std::array

glozow · 2021-03-22T23:48:54Z

src/test/fuzz/util.h

@@ -48,6 +48,16 @@ void CallOneOf(FuzzedDataProvider& fuzzed_data_provider, Callables... callables)
    return ((i++ == call_index ? callables() : void()), ...);
 }

+template <typename Collection>
+const auto& PickValue(FuzzedDataProvider& fuzzed_data_provider, const Collection& col)


Why not make this a member function of FuzzedDataProvider like PickValueInArray is?

FuzzedDataProvider is taken from upstream, so someone needs to submit this to upstream first.

Oh, is it not src/test/fuzz/FuzzedDataProvider.h?

It is, but it is only synced from upstream: https://github.com/llvm/llvm-project/blob/main/compiler-rt/include/fuzzer/FuzzedDataProvider.h

glozow · 2021-03-23T00:06:14Z

src/txmempool.h

-private:
+protected:


It seems a bit invasive to change all of these mempool members... can you just call something that automatically does RollingFeeUpdate like tx_pool.GetMinFee()? Or just set the members you need to protected?

tx_pool.GetMinFee exists early because of !blockSinceLastRollingFeeBump, so I can't use that. protected as a replacement for private seems fine generally, because it allows tests to mock any private member without having to mark each member individually or add a friend TestClass01 for each class that mocks the mempool. Since mempool isn't derived outside of tests, protected shouldn't come with any risks either.

Sure, makes sense 👍

glozow · 2021-03-23T00:11:02Z

src/test/fuzz/util.h

+[[nodiscard]] CMutableTransaction ConsumeTransaction(FuzzedDataProvider& fuzzed_data_provider, const std::optional<std::vector<uint256>>& prevout_txids, const int max_num_in = 10, const int max_num_out = 10) noexcept;
+
+[[nodiscard]] CScriptWitness ConsumeScriptWitness(FuzzedDataProvider& fuzzed_data_provider, const size_t max_stack_elem_size = 32) noexcept;
+
+[[nodiscard]] CScript ConsumeScript(FuzzedDataProvider& fuzzed_data_provider, const size_t max_length = 4096, const bool maybe_p2wsh = false) noexcept;
+
+[[nodiscard]] uint32_t ConsumeSequence(FuzzedDataProvider& fuzzed_data_provider) noexcept;


Add comments for the util functions? e.g. I think it'd be helpful to document that ConsumeTransaction will give a tx that's well-formed but not necessarily valid, and it takes prevout_txids as input but won't necessarily use a txid from there.

If prevout_txids is passed, it should only pick from there. As none of the functions in this file have doxygen comments, so I'll skip them for now. Though, I am more than happy to review a pull adding docs :)

glozow · 2021-03-23T00:20:08Z

src/test/fuzz/util.cpp

+    tx_mut.nLockTime = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
+    const auto num_in = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, max_num_in);
+    const auto num_out = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, max_num_out);
+    for (int i = 0; i < num_in; ++i) {


In some places you do braced, and in some places you do = 🤷

Suggested change

for (int i = 0; i < num_in; ++i) {

for (int i{0}; i < num_in; ++i) {

Right, this isn't consistent. Though, I'll leave as is for now and remember to write for (int i{0}; i < ... in the future.

Why not for (auto i{0} ...? 👀

int is one character shorter 🩳

glozow · 2021-03-23T00:36:36Z

src/test/fuzz/tx_pool.cpp

+    // All RBF-spendable outpoints
+    std::set<COutPoint> outpoints_rbf;
+    // All outpoints counting toward the total supply (subset of outpoints_rbf)
+    std::set<COutPoint> outpoints_supply;


These comments are confusing 😢
outpoints_rbf includes all spendable outpoints including ones that would be RBFs, but "RBF-spendable" sounds like they're only the ones in the mempool.
outpoints_supply doesn't actually include all the outpoints that count towards total supply. It doesn't include the mempool inputs which is why we need to add mempool GetTotalFee to it...

outpoints_rbf

Happy to rename if you have suggestions.

It doesn't include the mempool inputs which is why we need to add mempool GetTotalFee to it...

I don't understand what you mean with "mempool inputs". outpoints_supply does include all outpoints from the mempool. The reason that GetTotalFee needs to be added is that the fee in the mempool isn't assigned to an outpoint (yet). The fee is collected in the coinbase transaction in a block, which doesn't exist because this fuzz target doesn't mine any blocks with mempool txs.

outpoints_supply does include all outpoints from the mempool.

A right 🤦 I was confoozed

maflcko

replied to comments

maflcko · 2021-03-23T09:31:24Z

src/test/fuzz/tx_pool.cpp

+                auto pop = outpoints_rbf.begin();
+                std::advance(pop, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, outpoints_rbf.size() - 1));
+                const auto outpoint = *pop;


Wouldn't that make PickValue unsuitable for collections that can't erase elements. E.g. std::array

maflcko · 2021-03-23T09:31:38Z

src/test/fuzz/tx_pool.cpp

+    constexpr CAmount SUPPLY_TOTAL{COINBASE_MATURITY * 50 * COIN};
+
+    CTxMemPool tx_pool_{/* estimator */ nullptr, /* check_ratio */ 1};
+    MockedTxPool& tx_pool = *(MockedTxPool*)&tx_pool_;


Thanks, done in follow-up

maflcko · 2021-03-23T09:31:42Z

src/test/fuzz/tx_pool.cpp

+        amount_view.GetCoin(outpoint, c);
+        Assert(!c.IsSpent());


Thanks, done in follow-up

maflcko · 2021-03-23T09:36:17Z

src/test/fuzz/tx_pool.cpp

+    // All RBF-spendable outpoints
+    std::set<COutPoint> outpoints_rbf;
+    // All outpoints counting toward the total supply (subset of outpoints_rbf)
+    std::set<COutPoint> outpoints_supply;


outpoints_rbf

Happy to rename if you have suggestions.

It doesn't include the mempool inputs which is why we need to add mempool GetTotalFee to it...

I don't understand what you mean with "mempool inputs". outpoints_supply does include all outpoints from the mempool. The reason that GetTotalFee needs to be added is that the fee in the mempool isn't assigned to an outpoint (yet). The fee is collected in the coinbase transaction in a block, which doesn't exist because this fuzz target doesn't mine any blocks with mempool txs.

maflcko · 2021-03-23T09:37:19Z

src/test/fuzz/tx_pool.cpp

+    const auto& node = g_setup->m_node;
+
+    std::vector<uint256> txids;
+    for (const auto& outpoint : g_outpoints_coinbase_init) {


maflcko · 2021-03-23T09:37:52Z

src/test/fuzz/tx_pool.cpp

+    }
+    for (int i{0}; i <= 3; ++i) {
+        // Add some immature and non-existent outpoints
+        txids.push_back(g_outpoints_coinbase_init.at(i).hash);


Ouch 🤦 . Good catch.

maflcko · 2021-03-23T09:39:43Z

src/test/fuzz/util.cpp

+    tx_mut.nLockTime = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
+    const auto num_in = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, max_num_in);
+    const auto num_out = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, max_num_out);
+    for (int i = 0; i < num_in; ++i) {


Right, this isn't consistent. Though, I'll leave as is for now and remember to write for (int i{0}; i < ... in the future.

maflcko · 2021-03-23T09:40:37Z

src/test/fuzz/util.h

@@ -48,6 +48,16 @@ void CallOneOf(FuzzedDataProvider& fuzzed_data_provider, Callables... callables)
    return ((i++ == call_index ? callables() : void()), ...);
 }

+template <typename Collection>
+const auto& PickValue(FuzzedDataProvider& fuzzed_data_provider, const Collection& col)


FuzzedDataProvider is taken from upstream, so someone needs to submit this to upstream first.

maflcko · 2021-03-23T09:45:32Z

src/txmempool.h

-private:
+protected:


tx_pool.GetMinFee exists early because of !blockSinceLastRollingFeeBump, so I can't use that. protected as a replacement for private seems fine generally, because it allows tests to mock any private member without having to mark each member individually or add a friend TestClass01 for each class that mocks the mempool. Since mempool isn't derived outside of tests, protected shouldn't come with any risks either.

maflcko · 2021-03-23T09:47:39Z

src/test/fuzz/util.h

+[[nodiscard]] CMutableTransaction ConsumeTransaction(FuzzedDataProvider& fuzzed_data_provider, const std::optional<std::vector<uint256>>& prevout_txids, const int max_num_in = 10, const int max_num_out = 10) noexcept;
+
+[[nodiscard]] CScriptWitness ConsumeScriptWitness(FuzzedDataProvider& fuzzed_data_provider, const size_t max_stack_elem_size = 32) noexcept;
+
+[[nodiscard]] CScript ConsumeScript(FuzzedDataProvider& fuzzed_data_provider, const size_t max_length = 4096, const bool maybe_p2wsh = false) noexcept;
+
+[[nodiscard]] uint32_t ConsumeSequence(FuzzedDataProvider& fuzzed_data_provider) noexcept;


If prevout_txids is passed, it should only pick from there. As none of the functions in this file have doxygen comments, so I'll skip them for now. Though, I am more than happy to review a pull adding docs :)

faa9ef4 fuzz: Add tx_pool fuzz targets (MarcoFalke) Pull request description: ACKs for top commit: AnthonyRonning: reACK faa9ef4 practicalswift: Tested ACK faa9ef4 glozow: code review ACK faa9ef4, a bunch of comments but non blocking Tree-SHA512: 8d404398faa46d8e7bf93060a2fe9afd5c0c2bd6e549ff6588d2f3dd1b912dff6c5416d5477c18edecc2e85b00db4fdf4790c3e6597a5149b0d40c9d5014d82f

maflcko force-pushed the 2102-fuzzPool branch from ced2dbe to cf801da Compare February 10, 2021 18:15

DrahtBot added Build system P2P RPC/REST/ZMQ Validation labels Feb 10, 2021

This was referenced Feb 10, 2021

[Bundle 3/n] Prune remaining g_chainman usage in validation functions #21055

Merged

test: Move MakeNoLogFileContext to libtest_util, and use it in bench #21003

Merged

maflcko force-pushed the 2102-fuzzPool branch from cf801da to 4e197bb Compare February 11, 2021 08:36

maflcko removed Build system P2P RPC/REST/ZMQ Validation labels Feb 11, 2021

maflcko marked this pull request as ready for review February 11, 2021 13:46

maflcko force-pushed the 2102-fuzzPool branch from 4e197bb to faa542a Compare February 11, 2021 13:51

DrahtBot added the Build system label Feb 11, 2021

maflcko added Tests and removed Build system labels Feb 12, 2021

maflcko force-pushed the 2102-fuzzPool branch from faa542a to e4e253d Compare February 19, 2021 12:18

This was referenced Mar 7, 2021

tests: Add fuzzing harness for versionbits #21380

Merged

BIP 341: Add Speedy Trial activation parameters #21393

Closed

Implement BIP 8 based Speedy Trial activation #21392

Closed

DrahtBot removed the Needs rebase label Mar 15, 2021

glozow reviewed Mar 17, 2021

View reviewed changes

maflcko force-pushed the 2102-fuzzPool branch 3 times, most recently from 593c7af to bcf96cd Compare March 17, 2021 14:49

jonatack reviewed Mar 17, 2021

View reviewed changes

src/test/fuzz/tx_pool.cpp Outdated Show resolved Hide resolved

src/test/fuzz/tx_pool.cpp Outdated Show resolved Hide resolved

src/test/fuzz/tx_pool.cpp Outdated Show resolved Hide resolved

maflcko force-pushed the 2102-fuzzPool branch from bcf96cd to fa53822 Compare March 17, 2021 19:30

maflcko force-pushed the 2102-fuzzPool branch 2 times, most recently from fae8741 to fab3bee Compare March 18, 2021 10:39

maflcko force-pushed the 2102-fuzzPool branch 3 times, most recently from fab6b16 to fae1617 Compare March 18, 2021 14:26

fuzz: Add tx_pool fuzz targets

faa9ef4

maflcko force-pushed the 2102-fuzzPool branch from fae1617 to faa9ef4 Compare March 18, 2021 17:56

glozow reviewed Mar 23, 2021

View reviewed changes

maflcko merged commit fd2b22b into bitcoin:master Mar 23, 2021

maflcko commented Mar 23, 2021

View reviewed changes

maflcko deleted the 2102-fuzzPool branch March 23, 2021 09:59

maflcko mentioned this pull request Mar 23, 2021

fuzz: Fix tx_pool target to properly fuzz immature outpoints #21512

Merged

bitcoin locked as resolved and limited conversation to collaborators Aug 16, 2022

	amount_view.GetCoin(outpoint, c);
	Assert(!c.IsSpent());
	Assert(amount_view.GetCoin(outpoint, c));

	txids.push_back(g_outpoints_coinbase_init.at(i).hash);
	txids.push_back(g_outpoints_coinbase_init.at(COINBASE_MATURITY + i).hash);

	for (int i = 0; i < num_in; ++i) {
	for (int i{0}; i < num_in; ++i) {

		private:
		protected:

		private:
		protected:

fuzz: Add tx_pool fuzz target #21142

fuzz: Add tx_pool fuzz target #21142

Uh oh!

Conversation

Uh oh!

Uh oh!

Conflicts

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!