fuzz script execution with dummy signature checker #17986

[13:37] <sipa> i haven't followed up on the fuzzing work that's been done to the codebase... but i wonder has anyone considered using a dummy signature checker, and fuzzing script execution with it?
[13:50] <wumpus> not sure either, would be best to ask practicalswift
[14:02] <phantomcircuit> sipa, i dont think anybody has done that
[14:02] <sipa> maybe i'll spend some time looking into how fuzzing works :)
<snip>
[14:31] <phantomcircuit> sipa, is it easy to replace the signature checker for a script instance?
[14:31] <phantomcircuit> iirc i looked into it but realized i'd need to much with the internals of the scripting stuff more than i wanted to
[14:31] <sipa> phantomcircuit: the script interpreter literally takes in an object that abstracts that out
[14:32] <sipa> you can pass one in that always returns true
[14:32] <sipa> no code changes to the script interpreter itself needed
<snip>
[14:37] <phantomcircuit> sipa, neat, then it should be pretty easy to do
[14:39] <sipa> see the BaseSignatureChecker passed to EvalScript/VerifyScript

There is https://github.com/bitcoin/bitcoin/blob/master/src/test/fuzz/eval_script.cpp and https://github.com/bitcoin/bitcoin/blob/master/src/test/fuzz/script_flags.cpp

It could make sense to extend the script_flags fuzzer to use a dummy signature checker as well

Fuzzing docs are here: https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md

cc @sipa

Please review #18155 ("tests: Add harness which fuzzes EvalScript and VerifyScript using a fuzzed signature checker") :)