Bitcoin Core  26.99.0
P2P Digital Currency
coins_view.cpp
Go to the documentation of this file.
1 // Copyright (c) 2020-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <coins.h>
6 #include <consensus/amount.h>
7 #include <consensus/tx_check.h>
8 #include <consensus/tx_verify.h>
9 #include <consensus/validation.h>
10 #include <policy/policy.h>
11 #include <primitives/transaction.h>
12 #include <script/interpreter.h>
13 #include <test/fuzz/FuzzedDataProvider.h>
14 #include <test/fuzz/fuzz.h>
15 #include <test/fuzz/util.h>
16 #include <test/util/setup_common.h>
17 #include <util/hasher.h>
18 
19 #include <cassert>
20 #include <cstdint>
21 #include <limits>
22 #include <memory>
23 #include <optional>
24 #include <stdexcept>
25 #include <string>
26 #include <utility>
27 #include <vector>
28 
29 namespace {
30 const TestingSetup* g_setup;
31 const Coin EMPTY_COIN{};
32 
33 bool operator==(const Coin& a, const Coin& b)
34 {
35  if (a.IsSpent() && b.IsSpent()) return true;
36  return a.fCoinBase == b.fCoinBase && a.nHeight == b.nHeight && a.out == b.out;
37 }
38 } // namespace
39 
40 void initialize_coins_view()
41 {
42  static const auto testing_setup = MakeNoLogFileContext<const TestingSetup>();
43  g_setup = testing_setup.get();
44 }
45 
46 FUZZ_TARGET(coins_view, .init = initialize_coins_view)
47 {
48  FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
49  bool good_data{true};
50 
51  CCoinsView backend_coins_view;
52  CCoinsViewCache coins_view_cache{&backend_coins_view, /*deterministic=*/true};
53  COutPoint random_out_point;
54  Coin random_coin;
55  CMutableTransaction random_mutable_transaction;
56  LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 10'000)
57  {
58  CallOneOf(
59  fuzzed_data_provider,
60  [&] {
61  if (random_coin.IsSpent()) {
62  return;
63  }
64  Coin coin = random_coin;
65  bool expected_code_path = false;
66  const bool possible_overwrite = fuzzed_data_provider.ConsumeBool();
67  try {
68  coins_view_cache.AddCoin(random_out_point, std::move(coin), possible_overwrite);
69  expected_code_path = true;
70  } catch (const std::logic_error& e) {
71  if (e.what() == std::string{"Attempted to overwrite an unspent coin (when possible_overwrite is false)"}) {
72  assert(!possible_overwrite);
73  expected_code_path = true;
74  }
75  }
76  assert(expected_code_path);
77  },
78  [&] {
79  (void)coins_view_cache.Flush();
80  },
81  [&] {
82  (void)coins_view_cache.Sync();
83  },
84  [&] {
85  coins_view_cache.SetBestBlock(ConsumeUInt256(fuzzed_data_provider));
86  },
87  [&] {
88  Coin move_to;
89  (void)coins_view_cache.SpendCoin(random_out_point, fuzzed_data_provider.ConsumeBool() ? &move_to : nullptr);
90  },
91  [&] {
92  coins_view_cache.Uncache(random_out_point);
93  },
94  [&] {
95  if (fuzzed_data_provider.ConsumeBool()) {
96  backend_coins_view = CCoinsView{};
97  }
98  coins_view_cache.SetBackend(backend_coins_view);
99  },
100  [&] {
101  const std::optional<COutPoint> opt_out_point = ConsumeDeserializable<COutPoint>(fuzzed_data_provider);
102  if (!opt_out_point) {
103  good_data = false;
104  return;
105  }
106  random_out_point = *opt_out_point;
107  },
108  [&] {
109  const std::optional<Coin> opt_coin = ConsumeDeserializable<Coin>(fuzzed_data_provider);
110  if (!opt_coin) {
111  good_data = false;
112  return;
113  }
114  random_coin = *opt_coin;
115  },
116  [&] {
117  const std::optional<CMutableTransaction> opt_mutable_transaction = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS);
118  if (!opt_mutable_transaction) {
119  good_data = false;
120  return;
121  }
122  random_mutable_transaction = *opt_mutable_transaction;
123  },
124  [&] {
125  CCoinsMapMemoryResource resource;
126  CCoinsMap coins_map{0, SaltedOutpointHasher{/*deterministic=*/true}, CCoinsMap::key_equal{}, &resource};
127  LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 10'000)
128  {
129  CCoinsCacheEntry coins_cache_entry;
130  coins_cache_entry.flags = fuzzed_data_provider.ConsumeIntegral<unsigned char>();
131  if (fuzzed_data_provider.ConsumeBool()) {
132  coins_cache_entry.coin = random_coin;
133  } else {
134  const std::optional<Coin> opt_coin = ConsumeDeserializable<Coin>(fuzzed_data_provider);
135  if (!opt_coin) {
136  good_data = false;
137  return;
138  }
139  coins_cache_entry.coin = *opt_coin;
140  }
141  coins_map.emplace(random_out_point, std::move(coins_cache_entry));
142  }
143  bool expected_code_path = false;
144  try {
145  coins_view_cache.BatchWrite(coins_map, fuzzed_data_provider.ConsumeBool() ? ConsumeUInt256(fuzzed_data_provider) : coins_view_cache.GetBestBlock());
146  expected_code_path = true;
147  } catch (const std::logic_error& e) {
148  if (e.what() == std::string{"FRESH flag misapplied to coin that exists in parent cache"}) {
149  expected_code_path = true;
150  }
151  }
152  assert(expected_code_path);
153  });
154  }
155 
156  {
157  const Coin& coin_using_access_coin = coins_view_cache.AccessCoin(random_out_point);
158  const bool exists_using_access_coin = !(coin_using_access_coin == EMPTY_COIN);
159  const bool exists_using_have_coin = coins_view_cache.HaveCoin(random_out_point);
160  const bool exists_using_have_coin_in_cache = coins_view_cache.HaveCoinInCache(random_out_point);
161  Coin coin_using_get_coin;
162  const bool exists_using_get_coin = coins_view_cache.GetCoin(random_out_point, coin_using_get_coin);
163  if (exists_using_get_coin) {
164  assert(coin_using_get_coin == coin_using_access_coin);
165  }
166  assert((exists_using_access_coin && exists_using_have_coin_in_cache && exists_using_have_coin && exists_using_get_coin) ||
167  (!exists_using_access_coin && !exists_using_have_coin_in_cache && !exists_using_have_coin && !exists_using_get_coin));
168  // If HaveCoin on the backend is true, it must also be on the cache if the coin wasn't spent.
169  const bool exists_using_have_coin_in_backend = backend_coins_view.HaveCoin(random_out_point);
170  if (!coin_using_access_coin.IsSpent() && exists_using_have_coin_in_backend) {
171  assert(exists_using_have_coin);
172  }
173  Coin coin_using_backend_get_coin;
174  if (backend_coins_view.GetCoin(random_out_point, coin_using_backend_get_coin)) {
175  assert(exists_using_have_coin_in_backend);
176  // Note we can't assert that `coin_using_get_coin == coin_using_backend_get_coin` because the coin in
177  // the cache may have been modified but not yet flushed.
178  } else {
179  assert(!exists_using_have_coin_in_backend);
180  }
181  }
182 
183  {
184  bool expected_code_path = false;
185  try {
186  (void)coins_view_cache.Cursor();
187  } catch (const std::logic_error&) {
188  expected_code_path = true;
189  }
190  assert(expected_code_path);
191  (void)coins_view_cache.DynamicMemoryUsage();
192  (void)coins_view_cache.EstimateSize();
193  (void)coins_view_cache.GetBestBlock();
194  (void)coins_view_cache.GetCacheSize();
195  (void)coins_view_cache.GetHeadBlocks();
196  (void)coins_view_cache.HaveInputs(CTransaction{random_mutable_transaction});
197  }
198 
199  {
200  std::unique_ptr<CCoinsViewCursor> coins_view_cursor = backend_coins_view.Cursor();
201  assert(!coins_view_cursor);
202  (void)backend_coins_view.EstimateSize();
203  (void)backend_coins_view.GetBestBlock();
204  (void)backend_coins_view.GetHeadBlocks();
205  }
206 
207  if (fuzzed_data_provider.ConsumeBool()) {
208  CallOneOf(
209  fuzzed_data_provider,
210  [&] {
211  const CTransaction transaction{random_mutable_transaction};
212  bool is_spent = false;
213  for (const CTxOut& tx_out : transaction.vout) {
214  if (Coin{tx_out, 0, transaction.IsCoinBase()}.IsSpent()) {
215  is_spent = true;
216  }
217  }
218  if (is_spent) {
219  // Avoid:
220  // coins.cpp:69: void CCoinsViewCache::AddCoin(const COutPoint &, Coin &&, bool): Assertion `!coin.IsSpent()' failed.
221  return;
222  }
223  bool expected_code_path = false;
224  const int height{int(fuzzed_data_provider.ConsumeIntegral<uint32_t>() >> 1)};
225  const bool possible_overwrite = fuzzed_data_provider.ConsumeBool();
226  try {
227  AddCoins(coins_view_cache, transaction, height, possible_overwrite);
228  expected_code_path = true;
229  } catch (const std::logic_error& e) {
230  if (e.what() == std::string{"Attempted to overwrite an unspent coin (when possible_overwrite is false)"}) {
231  assert(!possible_overwrite);
232  expected_code_path = true;
233  }
234  }
235  assert(expected_code_path);
236  },
237  [&] {
238  (void)AreInputsStandard(CTransaction{random_mutable_transaction}, coins_view_cache);
239  },
240  [&] {
241  TxValidationState state;
242  CAmount tx_fee_out;
243  const CTransaction transaction{random_mutable_transaction};
244  if (ContainsSpentInput(transaction, coins_view_cache)) {
245  // Avoid:
246  // consensus/tx_verify.cpp:171: bool Consensus::CheckTxInputs(const CTransaction &, TxValidationState &, const CCoinsViewCache &, int, CAmount &): Assertion `!coin.IsSpent()' failed.
247  return;
248  }
249  TxValidationState dummy;
250  if (!CheckTransaction(transaction, dummy)) {
251  // It is not allowed to call CheckTxInputs if CheckTransaction failed
252  return;
253  }
254  if (Consensus::CheckTxInputs(transaction, state, coins_view_cache, fuzzed_data_provider.ConsumeIntegralInRange<int>(0, std::numeric_limits<int>::max()), tx_fee_out)) {
255  assert(MoneyRange(tx_fee_out));
256  }
257  },
258  [&] {
259  const CTransaction transaction{random_mutable_transaction};
260  if (ContainsSpentInput(transaction, coins_view_cache)) {
261  // Avoid:
262  // consensus/tx_verify.cpp:130: unsigned int GetP2SHSigOpCount(const CTransaction &, const CCoinsViewCache &): Assertion `!coin.IsSpent()' failed.
263  return;
264  }
265  (void)GetP2SHSigOpCount(transaction, coins_view_cache);
266  },
267  [&] {
268  const CTransaction transaction{random_mutable_transaction};
269  if (ContainsSpentInput(transaction, coins_view_cache)) {
270  // Avoid:
271  // consensus/tx_verify.cpp:130: unsigned int GetP2SHSigOpCount(const CTransaction &, const CCoinsViewCache &): Assertion `!coin.IsSpent()' failed.
272  return;
273  }
274  const auto flags{fuzzed_data_provider.ConsumeIntegral<uint32_t>()};
275  if (!transaction.vin.empty() && (flags & SCRIPT_VERIFY_WITNESS) != 0 && (flags & SCRIPT_VERIFY_P2SH) == 0) {
276  // Avoid:
277  // script/interpreter.cpp:1705: size_t CountWitnessSigOps(const CScript &, const CScript &, const CScriptWitness *, unsigned int): Assertion `(flags & SCRIPT_VERIFY_P2SH) != 0' failed.
278  return;
279  }
280  (void)GetTransactionSigOpCost(transaction, coins_view_cache, flags);
281  },
282  [&] {
283  (void)IsWitnessStandard(CTransaction{random_mutable_transaction}, coins_view_cache);
284  });
285  }
286 }
MoneyRange
bool MoneyRange(const CAmount &nValue)
Definition: amount.h:27
CAmount
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
catch
catch(const std::exception &e)
Definition: bitcoin-cli.cpp:1256
flags
int flags
Definition: bitcoin-tx.cpp:528
CCoinsViewCache
CCoinsView that adds a memory cache for transactions to another CCoinsView.
Definition: coins.h:229
CCoinsView
Abstract view on the open txout dataset.
Definition: coins.h:173
CCoinsView::GetCoin
virtual bool GetCoin(const COutPoint &outpoint, Coin &coin) const
Retrieve the Coin (unspent transaction output) for a given outpoint.
Definition: coins.cpp:12
CCoinsView::HaveCoin
virtual bool HaveCoin(const COutPoint &outpoint) const
Just check whether a given outpoint is unspent.
Definition: coins.cpp:18
COutPoint
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:29
CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:296
CTxOut
An output of a transaction.
Definition: transaction.h:150
Coin
A UTXO entry.
Definition: coins.h:32
Coin::out
CTxOut out
unspent transaction output
Definition: coins.h:35
Coin::IsSpent
bool IsSpent() const
Either this coin never existed (see e.g.
Definition: coins.h:80
Coin::nHeight
uint32_t nHeight
at which height this containing transaction was included in the active block chain
Definition: coins.h:41
Coin::fCoinBase
unsigned int fCoinBase
whether containing transaction was a coinbase
Definition: coins.h:38
AddCoins
void AddCoins(CCoinsViewCache &cache, const CTransaction &tx, int nHeight, bool check_for_overwrite)
Utility function to add all of a transaction's outputs to a cache.
Definition: coins.cpp:117
CCoinsMap
std::unordered_map< COutPoint, CCoinsCacheEntry, SaltedOutpointHasher, std::equal_to< COutPoint >, PoolAllocator< std::pair< const COutPoint, CCoinsCacheEntry >, sizeof(std::pair< const COutPoint, CCoinsCacheEntry >)+sizeof(void *) *4 > > CCoinsMap
PoolAllocator's MAX_BLOCK_SIZE_BYTES parameter here uses sizeof the data, and adds the size of 4 poin...
Definition: coins.h:148
CCoinsMapMemoryResource
CCoinsMap::allocator_type::ResourceType CCoinsMapMemoryResource
Definition: coins.h:150
FUZZ_TARGET
FUZZ_TARGET(coins_view,.init=initialize_coins_view)
Definition: coins_view.cpp:46
initialize_coins_view
void initialize_coins_view()
Definition: coins_view.cpp:40
LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:23
SCRIPT_VERIFY_P2SH
@ SCRIPT_VERIFY_P2SH
Definition: interpreter.h:49
SCRIPT_VERIFY_WITNESS
@ SCRIPT_VERIFY_WITNESS
Definition: interpreter.h:108
Consensus::CheckTxInputs
bool CheckTxInputs(const CTransaction &tx, TxValidationState &state, const CCoinsViewCache &inputs, int nSpendHeight, CAmount &txfee)
Check whether all inputs of this transaction are valid (no double spends and amounts) This does not m...
Definition: tx_verify.cpp:168
operator==
bool operator==(const CNetAddr &a, const CNetAddr &b)
Definition: netaddress.cpp:604
AreInputsStandard
bool AreInputsStandard(const CTransaction &tx, const CCoinsViewCache &mapInputs)
Check transaction inputs to mitigate two potential denial-of-service attacks:
Definition: policy.cpp:177
IsWitnessStandard
bool IsWitnessStandard(const CTransaction &tx, const CCoinsViewCache &mapInputs)
Check if the transaction is over standard P2WSH resources limit: 3600bytes witnessScript size,...
Definition: policy.cpp:211
TX_WITH_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:195
setup_common.h
CCoinsCacheEntry
A Coin in one level of the coins database caching hierarchy.
Definition: coins.h:105
CCoinsCacheEntry::flags
unsigned char flags
Definition: coins.h:107
CCoinsCacheEntry::coin
Coin coin
Definition: coins.h:106
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:378
TestingSetup
Testing setup that configures a complete environment.
Definition: setup_common.h:77
ContainsSpentInput
bool ContainsSpentInput(const CTransaction &tx, const CCoinsViewCache &inputs) noexcept
Definition: util.cpp:237
ConsumeUInt256
uint256 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:169
CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35
CheckTransaction
bool CheckTransaction(const CTransaction &tx, TxValidationState &state)
Definition: tx_check.cpp:11
tx_check.h
GetTransactionSigOpCost
int64_t GetTransactionSigOpCost(const CTransaction &tx, const CCoinsViewCache &inputs, uint32_t flags)
Compute total signature operation cost of a transaction.
Definition: tx_verify.cpp:147
GetP2SHSigOpCount
unsigned int GetP2SHSigOpCount(const CTransaction &tx, const CCoinsViewCache &inputs)
Count ECDSA signature operations in pay-to-script-hash inputs.
Definition: tx_verify.cpp:130
tx_verify.h
assert
assert(!tx.IsCoinBase())
Generated on Sat Dec 2 2023 02:42:49 for Bitcoin Core by doxygen 1.9.1