fuzz: Create a block template in tx_pool targets

knst · May 5, 2021 · fa03d0a · fa03d0a
1 parent fa61ce5
commit fa03d0a
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 13 deletions.
diff --git a/src/test/fuzz/tx_pool.cpp b/src/test/fuzz/tx_pool.cpp
@@ -3,6 +3,7 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <consensus/validation.h>
+#include <miner.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
@@ -77,6 +78,29 @@ void SetMempoolConstraints(ArgsManager& args, FuzzedDataProvider& fuzzed_data_pr
                      ToString(fuzzed_data_provider.ConsumeIntegralInRange<unsigned>(0, 999)));
 }
 
+void Finish(FuzzedDataProvider& fuzzed_data_provider, MockedTxPool& tx_pool, CChainState& chainstate)
+{
+    WITH_LOCK(::cs_main, tx_pool.check(chainstate));
+    {
+        BlockAssembler::Options options;
+        options.nBlockMaxWeight = fuzzed_data_provider.ConsumeIntegralInRange(0U, MAX_BLOCK_WEIGHT);
+        options.blockMinFeeRate = CFeeRate{ConsumeMoney(fuzzed_data_provider)};
+        auto assembler = BlockAssembler{chainstate, *static_cast<CTxMemPool*>(&tx_pool), ::Params(), options};
+        auto block_template = assembler.CreateNewBlock(CScript{} << OP_TRUE);
+        Assert(block_template->block.vtx.size() >= 1);
+    }
+    const auto info_all = tx_pool.infoAll();
+    if (!info_all.empty()) {
+        const auto& tx_to_remove = *PickValue(fuzzed_data_provider, info_all).tx;
+        WITH_LOCK(tx_pool.cs, tx_pool.removeRecursive(tx_to_remove, /* dummy */ MemPoolRemovalReason::BLOCK));
+        std::vector<uint256> all_txids;
+        tx_pool.queryHashes(all_txids);
+        assert(all_txids.size() < info_all.size());
+        WITH_LOCK(::cs_main, tx_pool.check(chainstate));
+    }
+    SyncWithValidationInterfaceQueue();
+}
+
 void MockTime(FuzzedDataProvider& fuzzed_data_provider, const CChainState& chainstate)
 {
     const auto time = ConsumeTime(fuzzed_data_provider,
@@ -245,17 +269,7 @@ FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
             }
         }
     }
-    WITH_LOCK(::cs_main, tx_pool.check(chainstate));
-    const auto info_all = tx_pool.infoAll();
-    if (!info_all.empty()) {
-        const auto& tx_to_remove = *PickValue(fuzzed_data_provider, info_all).tx;
-        WITH_LOCK(tx_pool.cs, tx_pool.removeRecursive(tx_to_remove, /* dummy */ MemPoolRemovalReason::BLOCK));
-        std::vector<uint256> all_txids;
-        tx_pool.queryHashes(all_txids);
-        assert(all_txids.size() < info_all.size());
-        WITH_LOCK(::cs_main, tx_pool.check(chainstate));
-    }
-    SyncWithValidationInterfaceQueue();
+    Finish(fuzzed_data_provider, tx_pool, chainstate);
 }
 
 FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
@@ -308,8 +322,7 @@ FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
         if (accepted) {
             txids.push_back(tx->GetHash());
         }
-
-        SyncWithValidationInterfaceQueue();
     }
+    Finish(fuzzed_data_provider, tx_pool, chainstate);
 }
 } // namespace
diff --git a/test/sanitizer_suppressions/ubsan b/test/sanitizer_suppressions/ubsan
@@ -5,6 +5,8 @@
 # names can be used.
 # See https://github.com/google/sanitizers/issues/1364
 signed-integer-overflow:txmempool.cpp
+# https://github.com/bitcoin/bitcoin/pull/21798#issuecomment-829180719
+signed-integer-overflow:policy/feerate.cpp
 
 # -fsanitize=integer suppressions
 # ===============================