2022-06-22 20:44:43 +08:00
|
|
|
// Copyright (c) 2022 The Bitcoin Core developers
|
|
|
|
|
// Distributed under the MIT software license, see the accompanying
|
|
|
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
|
|
|
|
|
|
#include <consensus/amount.h>
|
2022-07-16 09:41:50 +08:00
|
|
|
#include <consensus/validation.h>
|
2022-06-22 20:44:43 +08:00
|
|
|
#include <net_processing.h>
|
2022-07-16 09:41:50 +08:00
|
|
|
#include <node/eviction.h>
|
|
|
|
|
#include <policy/policy.h>
|
2022-06-22 20:44:43 +08:00
|
|
|
#include <primitives/transaction.h>
|
|
|
|
|
#include <script/script.h>
|
|
|
|
|
#include <sync.h>
|
|
|
|
|
#include <test/fuzz/FuzzedDataProvider.h>
|
|
|
|
|
#include <test/fuzz/fuzz.h>
|
|
|
|
|
#include <test/fuzz/util.h>
|
|
|
|
|
#include <test/util/setup_common.h>
|
|
|
|
|
#include <txorphanage.h>
|
|
|
|
|
#include <uint256.h>
|
|
|
|
|
#include <util/check.h>
|
|
|
|
|
#include <util/time.h>
|
|
|
|
|
|
|
|
|
|
#include <cstdint>
|
|
|
|
|
#include <memory>
|
|
|
|
|
#include <set>
|
|
|
|
|
#include <utility>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
|
|
void initialize_orphanage()
|
|
|
|
|
{
|
|
|
|
|
static const auto testing_setup = MakeNoLogFileContext();
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-11 14:33:31 +02:00
|
|
|
FUZZ_TARGET(txorphan, .init = initialize_orphanage)
|
2022-06-22 20:44:43 +08:00
|
|
|
{
|
|
|
|
|
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
2023-12-08 13:14:46 +00:00
|
|
|
FastRandomContext limit_orphans_rng{/*fDeterministic=*/true};
|
2022-06-22 20:44:43 +08:00
|
|
|
SetMockTime(ConsumeTime(fuzzed_data_provider));
|
|
|
|
|
|
|
|
|
|
TxOrphanage orphanage;
|
fuzz: txorphan tests fixups
Adds the following fixups in txorphan fuzz tests:
- Don't bond the output count of the created orphans based on the number of available coins
- Allow duplicate inputs, when applicable, but don't store duplicate outpoints
Rationale
---------
The way the test is currently written, duplicate inputs are allowed based on a random flag (`duplicate_input`).
If the flag is unset, upon selecting an outpoint as input for a new transaction, the input is popped to prevent re-selection,
and later re-added to the collection (once all inputs have been picked). However, the re-addition to the collection is performed independently of whether the flag was set or not.
This means that, if the flag is set, the selected inputs are duplicated which in turn makes these inputs more likely to be re-picked in the following iteration of the loop.
Additionally, both the input and output count of the transaction and bonded to the number of available outpoints. This makes sense for the former, but the latter shouldn't be.
2024-04-26 14:28:53 -04:00
|
|
|
std::set<COutPoint> outpoints;
|
|
|
|
|
|
2022-06-22 20:44:43 +08:00
|
|
|
// initial outpoints used to construct transactions later
|
|
|
|
|
for (uint8_t i = 0; i < 4; i++) {
|
fuzz: txorphan tests fixups
Adds the following fixups in txorphan fuzz tests:
- Don't bond the output count of the created orphans based on the number of available coins
- Allow duplicate inputs, when applicable, but don't store duplicate outpoints
Rationale
---------
The way the test is currently written, duplicate inputs are allowed based on a random flag (`duplicate_input`).
If the flag is unset, upon selecting an outpoint as input for a new transaction, the input is popped to prevent re-selection,
and later re-added to the collection (once all inputs have been picked). However, the re-addition to the collection is performed independently of whether the flag was set or not.
This means that, if the flag is set, the selected inputs are duplicated which in turn makes these inputs more likely to be re-picked in the following iteration of the loop.
Additionally, both the input and output count of the transaction and bonded to the number of available outpoints. This makes sense for the former, but the latter shouldn't be.
2024-04-26 14:28:53 -04:00
|
|
|
outpoints.emplace(Txid::FromUint256(uint256{i}), 0);
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
|
|
|
|
|
2024-03-28 17:15:11 +00:00
|
|
|
CTransactionRef ptx_potential_parent = nullptr;
|
|
|
|
|
|
2022-09-30 17:00:11 +02:00
|
|
|
LIMITED_WHILE(outpoints.size() < 200'000 && fuzzed_data_provider.ConsumeBool(), 10 * DEFAULT_MAX_ORPHAN_TRANSACTIONS)
|
2022-06-22 20:44:43 +08:00
|
|
|
{
|
|
|
|
|
// construct transaction
|
|
|
|
|
const CTransactionRef tx = [&] {
|
|
|
|
|
CMutableTransaction tx_mut;
|
|
|
|
|
const auto num_in = fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(1, outpoints.size());
|
fuzz: txorphan tests fixups
Adds the following fixups in txorphan fuzz tests:
- Don't bond the output count of the created orphans based on the number of available coins
- Allow duplicate inputs, when applicable, but don't store duplicate outpoints
Rationale
---------
The way the test is currently written, duplicate inputs are allowed based on a random flag (`duplicate_input`).
If the flag is unset, upon selecting an outpoint as input for a new transaction, the input is popped to prevent re-selection,
and later re-added to the collection (once all inputs have been picked). However, the re-addition to the collection is performed independently of whether the flag was set or not.
This means that, if the flag is set, the selected inputs are duplicated which in turn makes these inputs more likely to be re-picked in the following iteration of the loop.
Additionally, both the input and output count of the transaction and bonded to the number of available outpoints. This makes sense for the former, but the latter shouldn't be.
2024-04-26 14:28:53 -04:00
|
|
|
const auto num_out = fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(1, 256);
|
|
|
|
|
// pick outpoints from outpoints as input. We allow input duplicates on purpose, given we are not
|
|
|
|
|
// running any transaction validation logic before adding transactions to the orphanage
|
2022-06-22 20:44:43 +08:00
|
|
|
for (uint32_t i = 0; i < num_in; i++) {
|
|
|
|
|
auto& prevout = PickValue(fuzzed_data_provider, outpoints);
|
fuzz: txorphan tests fixups
Adds the following fixups in txorphan fuzz tests:
- Don't bond the output count of the created orphans based on the number of available coins
- Allow duplicate inputs, when applicable, but don't store duplicate outpoints
Rationale
---------
The way the test is currently written, duplicate inputs are allowed based on a random flag (`duplicate_input`).
If the flag is unset, upon selecting an outpoint as input for a new transaction, the input is popped to prevent re-selection,
and later re-added to the collection (once all inputs have been picked). However, the re-addition to the collection is performed independently of whether the flag was set or not.
This means that, if the flag is set, the selected inputs are duplicated which in turn makes these inputs more likely to be re-picked in the following iteration of the loop.
Additionally, both the input and output count of the transaction and bonded to the number of available outpoints. This makes sense for the former, but the latter shouldn't be.
2024-04-26 14:28:53 -04:00
|
|
|
// try making transactions unique by setting a random nSequence, but allow duplicate transactions if they happen
|
|
|
|
|
tx_mut.vin.emplace_back(prevout, CScript{}, fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, CTxIn::SEQUENCE_FINAL));
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
|
|
|
|
// output amount will not affect txorphanage
|
|
|
|
|
for (uint32_t i = 0; i < num_out; i++) {
|
|
|
|
|
tx_mut.vout.emplace_back(CAmount{0}, CScript{});
|
|
|
|
|
}
|
2022-12-27 15:25:51 +00:00
|
|
|
auto new_tx = MakeTransactionRef(tx_mut);
|
fuzz: txorphan tests fixups
Adds the following fixups in txorphan fuzz tests:
- Don't bond the output count of the created orphans based on the number of available coins
- Allow duplicate inputs, when applicable, but don't store duplicate outpoints
Rationale
---------
The way the test is currently written, duplicate inputs are allowed based on a random flag (`duplicate_input`).
If the flag is unset, upon selecting an outpoint as input for a new transaction, the input is popped to prevent re-selection,
and later re-added to the collection (once all inputs have been picked). However, the re-addition to the collection is performed independently of whether the flag was set or not.
This means that, if the flag is set, the selected inputs are duplicated which in turn makes these inputs more likely to be re-picked in the following iteration of the loop.
Additionally, both the input and output count of the transaction and bonded to the number of available outpoints. This makes sense for the former, but the latter shouldn't be.
2024-04-26 14:28:53 -04:00
|
|
|
// add newly constructed outpoints to the coin pool
|
2022-06-22 20:44:43 +08:00
|
|
|
for (uint32_t i = 0; i < num_out; i++) {
|
fuzz: txorphan tests fixups
Adds the following fixups in txorphan fuzz tests:
- Don't bond the output count of the created orphans based on the number of available coins
- Allow duplicate inputs, when applicable, but don't store duplicate outpoints
Rationale
---------
The way the test is currently written, duplicate inputs are allowed based on a random flag (`duplicate_input`).
If the flag is unset, upon selecting an outpoint as input for a new transaction, the input is popped to prevent re-selection,
and later re-added to the collection (once all inputs have been picked). However, the re-addition to the collection is performed independently of whether the flag was set or not.
This means that, if the flag is set, the selected inputs are duplicated which in turn makes these inputs more likely to be re-picked in the following iteration of the loop.
Additionally, both the input and output count of the transaction and bonded to the number of available outpoints. This makes sense for the former, but the latter shouldn't be.
2024-04-26 14:28:53 -04:00
|
|
|
outpoints.emplace(new_tx->GetHash(), i);
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
|
|
|
|
return new_tx;
|
|
|
|
|
}();
|
|
|
|
|
|
2024-03-28 17:15:11 +00:00
|
|
|
// Trigger orphanage functions that are called using parents. ptx_potential_parent is a tx we constructed in a
|
|
|
|
|
// previous loop and potentially the parent of this tx.
|
|
|
|
|
if (ptx_potential_parent) {
|
|
|
|
|
// Set up future GetTxToReconsider call.
|
|
|
|
|
orphanage.AddChildrenToWorkSet(*ptx_potential_parent);
|
|
|
|
|
|
|
|
|
|
// Check that all txns returned from GetChildrenFrom* are indeed a direct child of this tx.
|
|
|
|
|
NodeId peer_id = fuzzed_data_provider.ConsumeIntegral<NodeId>();
|
|
|
|
|
for (const auto& child : orphanage.GetChildrenFromSamePeer(ptx_potential_parent, peer_id)) {
|
|
|
|
|
assert(std::any_of(child->vin.cbegin(), child->vin.cend(), [&](const auto& input) {
|
|
|
|
|
return input.prevout.hash == ptx_potential_parent->GetHash();
|
|
|
|
|
}));
|
|
|
|
|
}
|
|
|
|
|
for (const auto& [child, peer] : orphanage.GetChildrenFromDifferentPeer(ptx_potential_parent, peer_id)) {
|
|
|
|
|
assert(std::any_of(child->vin.cbegin(), child->vin.cend(), [&](const auto& input) {
|
|
|
|
|
return input.prevout.hash == ptx_potential_parent->GetHash();
|
|
|
|
|
}));
|
|
|
|
|
assert(peer != peer_id);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-22 20:44:43 +08:00
|
|
|
// trigger orphanage functions
|
|
|
|
|
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10 * DEFAULT_MAX_ORPHAN_TRANSACTIONS)
|
|
|
|
|
{
|
|
|
|
|
NodeId peer_id = fuzzed_data_provider.ConsumeIntegral<NodeId>();
|
|
|
|
|
|
|
|
|
|
CallOneOf(
|
|
|
|
|
fuzzed_data_provider,
|
|
|
|
|
[&] {
|
|
|
|
|
{
|
2023-01-25 18:13:00 +10:00
|
|
|
CTransactionRef ref = orphanage.GetTxToReconsider(peer_id);
|
|
|
|
|
if (ref) {
|
2024-05-10 10:55:39 +01:00
|
|
|
Assert(orphanage.HaveTx(ref->GetWitnessHash()));
|
2021-02-25 00:28:16 +10:00
|
|
|
}
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
[&] {
|
2024-05-10 10:55:39 +01:00
|
|
|
bool have_tx = orphanage.HaveTx(tx->GetWitnessHash());
|
2022-06-22 20:44:43 +08:00
|
|
|
// AddTx should return false if tx is too big or already have it
|
2022-07-16 09:41:50 +08:00
|
|
|
// tx weight is unknown, we only check when tx is already in orphanage
|
2022-06-22 20:44:43 +08:00
|
|
|
{
|
2022-07-16 09:41:50 +08:00
|
|
|
bool add_tx = orphanage.AddTx(tx, peer_id);
|
|
|
|
|
// have_tx == true -> add_tx == false
|
|
|
|
|
Assert(!have_tx || !add_tx);
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
2024-05-10 10:55:39 +01:00
|
|
|
have_tx = orphanage.HaveTx(tx->GetWitnessHash());
|
2022-06-22 20:44:43 +08:00
|
|
|
{
|
2022-07-16 09:41:50 +08:00
|
|
|
bool add_tx = orphanage.AddTx(tx, peer_id);
|
|
|
|
|
// if have_tx is still false, it must be too big
|
2022-07-19 10:46:10 +01:00
|
|
|
Assert(!have_tx == (GetTransactionWeight(*tx) > MAX_STANDARD_TX_WEIGHT));
|
2022-07-16 09:41:50 +08:00
|
|
|
Assert(!have_tx || !add_tx);
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
[&] {
|
2024-05-10 10:55:39 +01:00
|
|
|
bool have_tx = orphanage.HaveTx(tx->GetWitnessHash());
|
2022-06-22 20:44:43 +08:00
|
|
|
// EraseTx should return 0 if m_orphans doesn't have the tx
|
|
|
|
|
{
|
2024-05-10 12:04:50 +01:00
|
|
|
Assert(have_tx == orphanage.EraseTx(tx->GetWitnessHash()));
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
2024-05-10 10:55:39 +01:00
|
|
|
have_tx = orphanage.HaveTx(tx->GetWitnessHash());
|
2022-06-22 20:44:43 +08:00
|
|
|
// have_tx should be false and EraseTx should fail
|
|
|
|
|
{
|
2024-05-10 12:04:50 +01:00
|
|
|
Assert(!have_tx && !orphanage.EraseTx(tx->GetWitnessHash()));
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
[&] {
|
|
|
|
|
orphanage.EraseForPeer(peer_id);
|
|
|
|
|
},
|
|
|
|
|
[&] {
|
|
|
|
|
// test mocktime and expiry
|
|
|
|
|
SetMockTime(ConsumeTime(fuzzed_data_provider));
|
|
|
|
|
auto limit = fuzzed_data_provider.ConsumeIntegral<unsigned int>();
|
2023-12-08 13:14:46 +00:00
|
|
|
orphanage.LimitOrphans(limit, limit_orphans_rng);
|
2022-06-22 20:44:43 +08:00
|
|
|
Assert(orphanage.Size() <= limit);
|
|
|
|
|
});
|
2024-03-28 17:15:11 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
// Set tx as potential parent to be used for future GetChildren() calls.
|
|
|
|
|
if (!ptx_potential_parent || fuzzed_data_provider.ConsumeBool()) {
|
|
|
|
|
ptx_potential_parent = tx;
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
2024-03-28 17:15:11 +00:00
|
|
|
|
2022-06-22 20:44:43 +08:00
|
|
|
}
|
|
|
|
|
}
|