stellar · robertDurst · Jul 30, 2019 · Jul 30, 2019 · Jul 30, 2019 · Jul 30, 2019
diff --git a/src/invariant/Invariant.h b/src/invariant/Invariant.h
@@ -53,5 +53,17 @@ class Invariant
     {
         return std::string{};
     }
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    virtual void
+    snapshotForFuzzer()
+    {
+    }
+
+    virtual void
+    resetForFuzzer()
+    {
+    }
+#endif // FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 };
 }
diff --git a/src/invariant/InvariantManager.h b/src/invariant/InvariantManager.h
@@ -48,6 +48,11 @@ class InvariantManager
 
     virtual void enableInvariant(std::string const& name) = 0;
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    virtual void snapshotForFuzzer() = 0;
+    virtual void resetForFuzzer() = 0;
+#endif // FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+
     template <typename T, typename... Args>
     std::shared_ptr<T>
     registerInvariant(Args&&... args)

diff --git a/src/invariant/InvariantManagerImpl.cpp b/src/invariant/InvariantManagerImpl.cpp
@@ -227,4 +227,24 @@ InvariantManagerImpl::handleInvariantFailure(
         CLOG(ERROR, "Invariant") << REPORT_INTERNAL_BUG;
     }
 }
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+void
+InvariantManagerImpl::snapshotForFuzzer()
+{
+    for (auto const& invariant : mEnabled)
+    {
+        invariant->snapshotForFuzzer();
+    }
+}
+
+void
+InvariantManagerImpl::resetForFuzzer()
+{
+    for (auto const& invariant : mEnabled)
+    {
+        invariant->resetForFuzzer();
+    }
+}
+#endif // FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 }
diff --git a/src/invariant/InvariantManagerImpl.h b/src/invariant/InvariantManagerImpl.h
@@ -50,6 +50,11 @@ class InvariantManagerImpl : public InvariantManager
 
     virtual void enableInvariant(std::string const& name) override;
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    void snapshotForFuzzer() override;
+    void resetForFuzzer() override;
+#endif // FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+
   private:
     void onInvariantFailure(std::shared_ptr<Invariant> invariant,
                             std::string const& message, uint32_t ledger);

diff --git a/src/invariant/OrderBookIsNotCrossed.cpp b/src/invariant/OrderBookIsNotCrossed.cpp
@@ -0,0 +1,174 @@
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+// Copyright 2019 Stellar Development Foundation and contributors. Licensed
+// under the Apache License, Version 2.0. See the COPYING file at the root
+// of this distribution or at http://www.apache.org/licenses/LICENSE-2.0
+
+#include "invariant/OrderBookIsNotCrossed.h"
+#include "invariant/InvariantManager.h"
+#include "ledger/LedgerTxn.h"
+#include "lib/util/format.h"
+#include "main/Application.h"
+#include "xdr/Stellar-ledger-entries.h"
+#include <xdrpp/printer.h>
+
+namespace stellar
+{
+
+static std::set<std::pair<Asset, Asset>>
+extractAssetPairs(LedgerTxnDelta const& ltxd)
+{
+
+    std::set<std::pair<Asset, Asset>> assets;
+    for (auto const& entry : ltxd.entry)
+    {
+        if (entry.first.type() == OFFER && entry.second.current)
+        {
+            auto const& offer = entry.second.current->data.offer();
+
+            auto const& assetPair = std::make_pair(offer.selling, offer.buying);
+            auto const& oppositeAssetPair =
+                std::make_pair(offer.buying, offer.selling);
+            if (assets.find(oppositeAssetPair) == assets.end())
+            {
+                assets.insert(assetPair);
+            }
+        }
+    }
+
+    return assets;
+}
+
+static double
+price(OfferEntry const& offer)
+{
+    return double(offer.price.n) / double(offer.price.d);
+}
+
+static std::string
+checkCrossed(Asset const& a, Asset const& b, OrderBook const& orderBook)
+{
+    // if either side of order book for asset pair empty or does not yet exist,
+    // order book cannot be crossed
+    auto iterA = orderBook.find(a);
+    auto iterB = orderBook.find(b);
+    if (iterA == orderBook.end() || iterB == orderBook.end())
+    {
+        return {};
+    }
+
+    auto const& iterAB = orderBook.at(a).find(b);
+    auto const& iterBA = orderBook.at(b).find(a);
+    if (iterAB == (*iterA).second.end() || iterBA == (*iterB).second.end())
+    {
+        return {};
+    }
+
+    auto const& asks = orderBook.at(a).at(b);
+    auto const& bids = orderBook.at(b).at(a);
+    if (asks.empty() || bids.empty())
+    {
+        return {};
+    }
+
+    // check if crossed
+    auto lowestAsk = price(*asks.cbegin());
+    auto highestBid = 1 / price(*bids.cbegin());
+    if (lowestAsk <= highestBid)
+    {
+        return fmt::format(
+            "Order book is in a crossed state for {} - {} "
+            "asset pair.\nTop of the book is:\n\tAsk price: {}\n\tBid "
+            "price: {}\n\nWhere {} >= {}!",
+            xdr::xdr_to_string(a), xdr::xdr_to_string(b), lowestAsk, highestBid,
+            highestBid, lowestAsk);
+    }
+    return {};
+}
+
+void
+OrderBookIsNotCrossed::deleteFromOrderBook(OfferEntry const& oe)
+{
+    mOrderBook[oe.selling][oe.buying].erase(oe);
+}
+
+void
+OrderBookIsNotCrossed::addToOrderBook(OfferEntry const& oe)
+{
+    mOrderBook[oe.selling][oe.buying].emplace(oe);
+}
+
+void
+OrderBookIsNotCrossed::updateOrderBook(LedgerTxnDelta const& ltxd)
+{
+    for (auto const& entry : ltxd.entry)
+    {
+        // there are three possible "deltas" for an offer:
+        //      CREATED:  (nil)     -> LedgerKey
+        //      MODIFIED: LedgerKey -> LedgerKey
+        //      DELETED:  LedgerKey -> (nil)
+        if (entry.first.type() == OFFER)
+        {
+            if (entry.second.previous)
+            {
+                deleteFromOrderBook(entry.second.previous->data.offer());
+            }
+            if (entry.second.current)
+            {
+                addToOrderBook(entry.second.current->data.offer());
+            }
+        }
+    }
+}
+
+std::string
+OrderBookIsNotCrossed::check(
+    std::set<std::pair<Asset, Asset>> const& assetPairs)
+{
+    for (auto const& assetPair : assetPairs)
+    {
+        auto checkCrossedResult =
+            checkCrossed(assetPair.first, assetPair.second, mOrderBook);
+        if (!checkCrossedResult.empty())
+        {
+            return checkCrossedResult;
+        }
+    }
+
+    return std::string{};
+}
+
+std::shared_ptr<Invariant>
+OrderBookIsNotCrossed::registerInvariant(Application& app)
+{
+    return app.getInvariantManager().registerInvariant<OrderBookIsNotCrossed>();
+}
+
+std::string
+OrderBookIsNotCrossed::getName() const
+{
+    return "OrderBookIsNotCrossed";
+}
+
+std::string
+OrderBookIsNotCrossed::checkOnOperationApply(Operation const& operation,
+                                             OperationResult const& result,
+                                             LedgerTxnDelta const& ltxDelta)
+{
+    updateOrderBook(ltxDelta);
+    auto assetPairs = extractAssetPairs(ltxDelta);
+    return assetPairs.size() > 0 ? check(assetPairs) : std::string{};
+}
+
+void
+OrderBookIsNotCrossed::snapshotForFuzzer()
+{
+    mRolledBackOrderBook = mOrderBook;
+};
+
+void
+OrderBookIsNotCrossed::resetForFuzzer()
+{
+    mOrderBook = mRolledBackOrderBook;
+};
+}
+#endif // FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
diff --git a/src/invariant/OrderBookIsNotCrossed.h b/src/invariant/OrderBookIsNotCrossed.h
@@ -0,0 +1,89 @@
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#pragma once
+
+// Copyright 2019 Stellar Development Foundation and contributors. Licensed
+// under the Apache License, Version 2.0. See the COPYING file at the root
+// of this distribution or at http://www.apache.org/licenses/LICENSE-2.0
+
+#include "crypto/ByteSliceHasher.h"
+#include "invariant/Invariant.h"
+#include "ledger/LedgerHashUtils.h"
+#include "xdr/Stellar-ledger.h"
+
+#include <set>
+#include <unordered_map>
+
+namespace stellar
+{
+
+class Application;
+struct LedgerTxnDelta;
+struct OfferEntry;
+
+// compare two OfferEntry's by price
+struct OfferEntryCmp
+{
+    bool
+    operator()(OfferEntry const& a, OfferEntry const& b) const
+    {
+        double priceA = double(a.price.n) / double(a.price.d);
+        double priceB = double(b.price.n) / double(b.price.d);
+
+        if (priceA < priceB)
+        {
+            return true;
+        }
+        else if (priceA == priceB)
+        {
+            return a.offerID < b.offerID;
+        }
+        else
+        {
+            return false;
+        }
+    }
+};
+
+using Orders = std::set<OfferEntry, OfferEntryCmp>;
+using AssetOrders = std::unordered_map<Asset, Orders>;
+using OrderBook = std::unordered_map<Asset, AssetOrders>;
+
+class OrderBookIsNotCrossed : public Invariant
+{
+  public:
+    explicit OrderBookIsNotCrossed() : Invariant(true)
+    {
+    }
+
+    static std::shared_ptr<Invariant> registerInvariant(Application& app);
+
+    virtual std::string getName() const override;
+
+    virtual std::string
+    checkOnOperationApply(Operation const& operation,
+                          OperationResult const& result,
+                          LedgerTxnDelta const& ltxDelta) override;
+
+    OrderBook const&
+    getOrderBook() const
+    {
+        return mOrderBook;
+    }
+
+    void snapshotForFuzzer() override;
+    void resetForFuzzer() override;
+
+  private:
+    // as of right now, since this is only used in fuzzing, the mOrderBook will
+    // be empty to start. If used in production, since invraiants are
+    // configurable, it is likely that this invariant will be enabled with
+    // pre-existing ledger and thus the mOrderBook will need a way to sync
+    OrderBook mOrderBook;
+    OrderBook mRolledBackOrderBook;
+    void deleteFromOrderBook(OfferEntry const& oe);
+    void addToOrderBook(OfferEntry const& oe);
+    void updateOrderBook(LedgerTxnDelta const& ltxd);
+    std::string check(std::set<std::pair<Asset, Asset>> const& assetPairs);
+};
+}
+#endif // FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
diff --git a/src/invariant/test/InvariantTestUtils.cpp b/src/invariant/test/InvariantTestUtils.cpp
@@ -33,9 +33,30 @@ generateRandomAccount(uint32_t ledgerSeq)
     return le;
 }
 
+LedgerEntry
+generateOffer(Asset const& selling, Asset const& buying, int64_t amount,
+              Price price)
+{
+    REQUIRE(!(selling == buying));
+    REQUIRE(amount >= 1);
+
+    LedgerEntry le;
+    le.lastModifiedLedgerSeq = 2;
+    le.data.type(OFFER);
+
+    auto offer = LedgerTestUtils::generateValidOfferEntry();
+    offer.amount = amount;
+    offer.price = price;
+    offer.selling = selling;
+    offer.buying = buying;
+
+    le.data.offer() = offer;
+    return le;
+}
+
 bool
 store(Application& app, UpdateList const& apply, AbstractLedgerTxn* ltxPtr,
-      OperationResult const* resPtr)
+      OperationResult const* resPtr, Operation const* opPtr)
 {
     bool shouldCommit = !ltxPtr;
     std::unique_ptr<LedgerTxn> ltxStore;
@@ -86,8 +107,16 @@ store(Application& app, UpdateList const& apply, AbstractLedgerTxn* ltxPtr,
     bool doInvariantsHold = true;
     try
     {
-        app.getInvariantManager().checkOnOperationApply({}, *resPtr,
-                                                        ltxPtr->getDelta());
+        if (opPtr == nullptr)
+        {
+            app.getInvariantManager().checkOnOperationApply({}, *resPtr,
+                                                            ltxPtr->getDelta());
+        }
+        else
+        {
+            app.getInvariantManager().checkOnOperationApply(*opPtr, *resPtr,
+                                                            ltxPtr->getDelta());
+        }
     }
     catch (InvariantDoesNotHold&)
     {