feefrac: avoid explicitly computing diagram; compare based on chunks

[sipa]

This merges the BuildDiagramFromChunks and CompareFeeRateDiagram introduced in #29242 into a single CompareChunks function, which operates on sorted chunk data rather than diagrams, instead computing the diagram on the fly.

This avoids the need for the construction of an intermediary diagram object, and removes the slightly arbitrary "all diagrams must start at (0, 0)" requirement.

Not a big deal, but I think the result is a bit cleaner and not really more complicated.

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	glozow, instagibbs

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

No conflicts as of last run.

[instagibbs]

approach ACK

this conflicts with #29724 so I'll give it a fuller treatment after

[sipa]

Rebased after #29724, and made a few more minor code simplifications.

[instagibbs]

ACK 4bf7e1a

didn't run fuzz tests

[instagibbs]

ACK 43e2f6d

[glozow]

code review ACK 43e2f6d

[instagibbs]

ACK c2fdcf4

[glozow]

reACK c2fdcf4

[dergoegge]

package_rbf crash (base64): rbf-2369c110673171b822af54ba3f33aabab58e7aeb.crash.txt

util/feefrac.cpp:44 CompareChunks: Assertion slope_ap.size > 0 failed.

[dergoegge]

UBSan package_rbf crash (base64):
rbf-ubsan-fac11eca92adf89df0e6840e5faa58873144d98a.crash.txt

INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3880912967
INFO: Loaded 1 modules   (756212 inline 8-bit counters): 756212 [0xaaaadcf1c108, 0xaaaadcfd4afc),
INFO: Loaded 1 PC tables (756212 PCs): 756212 [0xaaaadcfd4b00,0xaaaaddb5ea40),
/workdir/fuzz_bins/fuzz_libfuzzer_ubsan: Running 1 inputs 1 time(s) each.
Running: /workdir/crashes/fac11eca92adf89df0e6840e5faa58873144d98a
util/feefrac.h:84:14: runtime error: signed integer overflow: 2146794745 + 784680 cannot be represented in type 'int32_t' (aka 'int')
    #0 0xaaaada9508ac in FeeFrac::operator+=(FeeFrac const&) src/./util/feefrac.h:84:14
    #1 0xaaaada9508ac in package_rbf_fuzz_target(Span<unsigned char const>) src/test/fuzz/rbf.cpp:150:23
    #2 0xaaaadaaaee28 in std::function<void (Span<unsigned char const>)>::operator()(Span<unsigned char const>) const /usr/lib/gcc/aarch64-linux-gnu/13/../../../../include/c++/13/bits/std_function.h:591:9
    #3 0xaaaadaaaee28 in LLVMFuzzerTestOneInput src/test/fuzz/fuzz.cpp:180:5
    #4 0xaaaada28e6a8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
    #5 0xaaaada27a0f0 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #6 0xaaaada27f3a8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:859:9
    #7 0xaaaada2a9174 in main /llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #8 0xffffaa4e6dc0  (/lib/aarch64-linux-gnu/libc.so.6+0x26dc0) (BuildId: dd6b2df07eec5dadc4ad6d330cdf600ad76785aa)
    #9 0xffffaa4e6e94 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x26e94) (BuildId: dd6b2df07eec5dadc4ad6d330cdf600ad76785aa)
    #10 0xaaaada27226c in _start (/workdir/fuzz_bins/fuzz_libfuzzer_ubsan+0x291226c)

SUMMARY: UndefinedBehaviorSanitizer: signed-integer-overflow util/feefrac.h:84:14 in

[sipa]

@dergoegge Do those fuzz seeds trigger issues on master too?

[instagibbs]

looks to be happening on master and I think both reports are from the same underlying issue. Investigating.

[maflcko]

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68020#c1

[sipa]

Rebased after the merge of #29879.

[glozow]

reACK b22901d

[instagibbs]

reACK b22901d