fuzz: add low-level target for txorphanage #25447
Conversation
chinggg
changed the title
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
src/test/fuzz/orphanage.cpp
Outdated
There was a problem hiding this comment.
nit: I think this is no longer needed?
src/test/fuzz/orphanage.cpp
Outdated
There was a problem hiding this comment.
| LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 2 * DEFAULT_MAX_ORPHAN_TRANSACTIONS) | |
| LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10 * DEFAULT_MAX_ORPHAN_TRANSACTIONS) |
nit: I think this can be larger, unless it takes a long time?
There was a problem hiding this comment.
There are two LIMITED_WHILE loops in the file, the outer loop determines how many transactions can be constructed, and the inner loop (the one you suggested) determines how many times can TxOrphange methods be triggered. I am not sure about the exact value to be set. I think it can be bigger, though the probability of actually reaching the limit may be very low.
src/test/fuzz/orphanage.cpp
Outdated
There was a problem hiding this comment.
could assert that the return value of HaveTx is true here?
chinggg
force-pushed
the
fuzz-txorphan
branch
2 times, most recently
from
2ebb93d to
a5b4de3
Compare
maflcko
left a comment
maflcko
left a comment
There was a problem hiding this comment.
If you want you can submit fuzz inputs to the qa-assets repo
src/test/fuzz/orphanage.cpp
Outdated
There was a problem hiding this comment.
I think you'll need to use SetMockTime throughout the test to expire txs
There was a problem hiding this comment.
Also there is a non-deterministic FastRandomContext in this function, but I guess it won't be possible to fix that without touching non-fuzz code.
src/test/fuzz/orphanage.cpp
Outdated
There was a problem hiding this comment.
I find most targets set mocktime at the beginning so I put it here. How can we achieve better coverage by controlling mocktime/expiry?
There was a problem hiding this comment.
This will just set it once and keep it constant. To change it you'd have to set it in the loop below
src/test/fuzz/orphanage.cpp
Outdated
There was a problem hiding this comment.
| FUZZ_TARGET_INIT(orphanage, initialize_orphanage) | |
| FUZZ_TARGET_INIT(txorphanage, initialize_orphanage) |
Maybe rename the file and target to txorphanage?
There was a problem hiding this comment.
Sure. orphanage is not so explicit. But the source file has the same name txorphanage.cpp, is txorphan better?
maflcko
left a comment
maflcko
left a comment
There was a problem hiding this comment.
Approach ACK.
While the existing process_messages target can achieve line coverage in this module, it fails to generate any meaningful path/branch coverage. So it makes sense to add a "unit" fuzz test.
|
review ACK 6eb0909 🐈 Show signatureSignature: |
3 participants
This adds a low-level fuzz target for orphan transaction handling by creating random transactions and calling all functions in
TxOrphanage.It cannot simulate real-world
orphan/unorphanscenarios effectively since it does not maintain any state about the node and the chain. A high-level fuzz target which construct well-designed transaction graphs will be added later.