m_nodes in CConnman is always empty in connman target (since we don't call CreateNodeFromAcceptedSocket/OpenNetworkConnection for an obvious reason). Because of this, the calls for DisconnectNode, FindNode, ForEachNode, GetNodeStats and many other ones seems to be "useless". That's the reason we're not getting coverage (at all) for many of these covered functions (See: https://marcofalke.github.io/b-c-cov/fuzz.coverage/src/net.cpp.gcov.html).
I suppose we could use ConnmanTestMsg here and then we can use AddTestNode, not sure whether it's the best approach:
diff --git a/src/test/fuzz/connman.cpp b/src/test/fuzz/connma
n.cpp
index f81658b83..607a91488 100644
--- a/src/test/fuzz/connman.cpp
+++ b/src/test/fuzz/connman.cpp
@@ -32,7 +32,7 @@ FUZZ_TARGET_INIT(connman, initialize_connman)
{
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
SetMockTime(ConsumeTime(fuzzed_data_provider));
- CConnman connman{fuzzed_data_provider.ConsumeIntegral<uint64_t>(),
+ ConnmanTestMsg connman{fuzzed_data_provider.ConsumeIntegral<uint64_t>(),
fuzzed_data_provider.ConsumeIntegral<uint64_t>(),
*g_setup->m_node.addrman,
*g_setup->m_node.netgroupman,
@@ -41,6 +41,15 @@ FUZZ_TARGET_INIT(connman, initialize_connman)
CNode random_node = ConsumeNode(fuzzed_data_provider);
CSubNet random_subnet;
std::string random_string;
+
+ {
+ LOCK(NetEventsInterface::g_msgproc_mutex);
+ for (int i = 0; i < 100; i++) {
+ CNode& p2p_node = *ConsumeNodeAsUniquePtr(fuzzed_data_provider).release();
+ connman.AddTestNode(p2p_node);
+ }
+ }
+
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
@@ -128,4 +137,6 @@ FUZZ_TARGET_INIT(connman, initialize_connman)
(void)connman.GetTotalBytesSent();
(void)connman.GetTryNewOutboundPeer();
(void)connman.GetUseAddrmanOutgoing();
+
+ connman.ClearTestNodes();
}
