aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMarcoFalke <falke.marco@gmail.com>2021-08-21 19:34:13 +0200
committerMarcoFalke <falke.marco@gmail.com>2021-08-21 19:25:33 +0200
commitfaa5fa9a78d6d23b4e9adea07fdfb34ead170a2f (patch)
treea580529d992ddb465c0edfcdfedf57dc830f93c1 /src
parentf5a406f003a060325128db47552089b3254044e3 (diff)
fuzz: Use LIMITED_WHILE instead of limit_max_ops
Diffstat (limited to 'src')
-rw-r--r--src/test/fuzz/banman.cpp10
-rw-r--r--src/test/fuzz/crypto.cpp7
-rw-r--r--src/test/fuzz/fuzz.h4
-rw-r--r--src/test/fuzz/prevector.cpp7
-rw-r--r--src/test/fuzz/rolling_bloom_filter.cpp7
-rw-r--r--src/test/fuzz/tx_pool.cpp14
6 files changed, 19 insertions, 30 deletions
diff --git a/src/test/fuzz/banman.cpp b/src/test/fuzz/banman.cpp
index 46a9f623ac..561cc83c72 100644
--- a/src/test/fuzz/banman.cpp
+++ b/src/test/fuzz/banman.cpp
@@ -41,10 +41,6 @@ static bool operator==(const CBanEntry& lhs, const CBanEntry& rhs)
FUZZ_TARGET_INIT(banman, initialize_banman)
{
- // The complexity is O(N^2), where N is the input size, because each call
- // might call DumpBanlist (or other methods that are at least linear
- // complexity of the input size).
- int limit_max_ops{300};
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
SetMockTime(ConsumeTime(fuzzed_data_provider));
fs::path banlist_file = gArgs.GetDataDirNet() / "fuzzed_banlist";
@@ -63,7 +59,11 @@ FUZZ_TARGET_INIT(banman, initialize_banman)
{
BanMan ban_man{banlist_file, /* client_interface */ nullptr, /* default_ban_time */ ConsumeBanTimeOffset(fuzzed_data_provider)};
- while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
+ // The complexity is O(N^2), where N is the input size, because each call
+ // might call DumpBanlist (or other methods that are at least linear
+ // complexity of the input size).
+ LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
+ {
CallOneOf(
fuzzed_data_provider,
[&] {
diff --git a/src/test/fuzz/crypto.cpp b/src/test/fuzz/crypto.cpp
index f83747e424..84b95117e2 100644
--- a/src/test/fuzz/crypto.cpp
+++ b/src/test/fuzz/crypto.cpp
@@ -19,10 +19,6 @@
FUZZ_TARGET(crypto)
{
- // Hashing is expensive with sanitizers enabled, so limit the number of
- // calls
- int limit_max_ops{30};
-
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
std::vector<uint8_t> data = ConsumeRandomLengthByteVector(fuzzed_data_provider);
if (data.empty()) {
@@ -40,7 +36,8 @@ FUZZ_TARGET(crypto)
SHA3_256 sha3;
CSipHasher sip_hasher{fuzzed_data_provider.ConsumeIntegral<uint64_t>(), fuzzed_data_provider.ConsumeIntegral<uint64_t>()};
- while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
+ LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 30)
+ {
CallOneOf(
fuzzed_data_provider,
[&] {
diff --git a/src/test/fuzz/fuzz.h b/src/test/fuzz/fuzz.h
index ce8fd660aa..c91c33da67 100644
--- a/src/test/fuzz/fuzz.h
+++ b/src/test/fuzz/fuzz.h
@@ -11,6 +11,10 @@
#include <functional>
#include <string_view>
+/**
+ * Can be used to limit a theoretically unbounded loop. This caps the runtime
+ * to avoid timeouts or OOMs.
+ */
#define LIMITED_WHILE(condition, limit) \
for (unsigned _count{limit}; (condition) && _count; --_count)
diff --git a/src/test/fuzz/prevector.cpp b/src/test/fuzz/prevector.cpp
index 447f32ed16..d4b3ed501f 100644
--- a/src/test/fuzz/prevector.cpp
+++ b/src/test/fuzz/prevector.cpp
@@ -206,14 +206,11 @@ public:
FUZZ_TARGET(prevector)
{
- // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
- // inputs.
- int limit_max_ops{3000};
-
FuzzedDataProvider prov(buffer.data(), buffer.size());
prevector_tester<8, int> test;
- while (--limit_max_ops >= 0 && prov.remaining_bytes()) {
+ LIMITED_WHILE(prov.remaining_bytes(), 3000)
+ {
switch (prov.ConsumeIntegralInRange<int>(0, 13 + 3 * (test.size() > 0))) {
case 0:
test.insert(prov.ConsumeIntegralInRange<size_t>(0, test.size()), prov.ConsumeIntegral<int>());
diff --git a/src/test/fuzz/rolling_bloom_filter.cpp b/src/test/fuzz/rolling_bloom_filter.cpp
index 3b33115e72..b9ed497e68 100644
--- a/src/test/fuzz/rolling_bloom_filter.cpp
+++ b/src/test/fuzz/rolling_bloom_filter.cpp
@@ -16,16 +16,13 @@
FUZZ_TARGET(rolling_bloom_filter)
{
- // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
- // inputs.
- int limit_max_ops{3000};
-
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
CRollingBloomFilter rolling_bloom_filter{
fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, 1000),
0.999 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max())};
- while (--limit_max_ops >= 0 && fuzzed_data_provider.remaining_bytes() > 0) {
+ LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 3000)
+ {
CallOneOf(
fuzzed_data_provider,
[&] {
diff --git a/src/test/fuzz/tx_pool.cpp b/src/test/fuzz/tx_pool.cpp
index dadf772bc1..6201cc813c 100644
--- a/src/test/fuzz/tx_pool.cpp
+++ b/src/test/fuzz/tx_pool.cpp
@@ -112,10 +112,6 @@ void MockTime(FuzzedDataProvider& fuzzed_data_provider, const CChainState& chain
FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
{
- // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
- // inputs.
- int limit_max_ops{300};
-
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
const auto& node = g_setup->m_node;
auto& chainstate = node.chainman->ActiveChainstate();
@@ -146,7 +142,8 @@ FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
return c.out.nValue;
};
- while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
+ LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
+ {
{
// Total supply is the mempool fee + all outpoints
CAmount supply_now{WITH_LOCK(tx_pool.cs, return tx_pool.GetTotalFee())};
@@ -289,10 +286,6 @@ FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
{
- // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
- // inputs.
- int limit_max_ops{300};
-
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
const auto& node = g_setup->m_node;
auto& chainstate = node.chainman->ActiveChainstate();
@@ -313,7 +306,8 @@ FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
CTxMemPool tx_pool_{/* estimator */ nullptr, /* check_ratio */ 1};
MockedTxPool& tx_pool = *static_cast<MockedTxPool*>(&tx_pool_);
- while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
+ LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
+ {
const auto mut_tx = ConsumeTransaction(fuzzed_data_provider, txids);
if (fuzzed_data_provider.ConsumeBool()) {