fuzz: Avoid integer sanitizer warnings in policy_estimator target #32154

pull maflcko wants to merge 1 commits into bitcoin:master from maflcko:2503-fuzz-isan changing 4 files +16 −11
  1. maflcko commented at 11:16 am on March 27, 2025: member

    It seems odd to write a fuzz target to trigger integer sanitizer warnings in CBlockPolicyEstimator::processBlockTx and then suppress them. If the scenario can happen in reality, the code should be properly fixed to handle the cases. If not, it seems better to fix the fuzz target to not trigger meaningless traces.

    Do that here by keeping track of the current height and limiting mempool entries to at most this entry height.

  2. fuzz: Avoid integer sanitizer warnings in policy_estimator target fa6a007b8e
  3. DrahtBot commented at 11:16 am on March 27, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32154.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK brunoerg

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #31382 (kernel: Flush in ChainstateManager destructor by TheCharlatan)
    • #28676 ([WIP] Cluster mempool implementation by sdaftuar)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  4. DrahtBot added the label Tests on Mar 27, 2025
  5. brunoerg approved
  6. brunoerg commented at 2:21 pm on April 2, 2025: contributor

    ACK fa6a007b8e7b68d559b30c04dd8d76c877bef133

    Tested that the integer sanitizer warnings don’t happen anymore for processBlockTx.

    master (without suppressions):

     0/Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:213:47: runtime error: unsigned integer overflow: 2147483647 - 18446744071562067968 cannot be represented in type 'uint64_t' (aka 'unsigned long long')
 1SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:213:47
 2/Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:234:52: runtime error: unsigned integer overflow: 18446744071562067968 + 2147483665 cannot be represented in type 'uint64_t' (aka 'unsigned long long')
 3SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:234:52
 4/Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:290:49: runtime error: unsigned integer overflow: 0 - 17 cannot be represented in type 'unsigned int'
 5SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:290:49
 6/Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:213:47: runtime error: unsigned integer overflow: 9223372036854775807 - 9223372036854775808 cannot be represented in type 'uint64_t' (aka 'unsigned long long')
 7SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:213:47
 8/Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:278:81: runtime error: implicit conversion from type 'uint64_t' (aka 'unsigned long long') of value 17942391492978933760 (64-bit, unsigned) to type 'int64_t' (aka 'long long') changed the value to -504352580730617856 (64-bit, signed)
 9SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:278:81
10/Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:234:52: runtime error: unsigned integer overflow: 9223372036854775808 + 18374786535238140023 cannot be represented in type 'uint64_t' (aka 'unsigned long long')
11SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:234:52
12/Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:263:93: runtime error: implicit conversion from type 'int64_t' (aka 'long long') of value -1152077079676715007 (64-bit, signed) to type 'uint64_t' (aka 'unsigned long long') changed the value to 17294666994032836609 (64-bit, unsigned)
13SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:263:93
14/Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:263:93: runtime error: implicit conversion from type 'int64_t' (aka 'long long') of value -1152077079676715007 (64-bit, signed) to type 'uint64_t' (aka 'unsigned long long') changed the value to 17294666994032836609 (64-bit, unsigned)
15SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:263:93
16/Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:651:40: runtime error: unsigned integer overflow: 348 - 4294177791 cannot be represented in type 'unsigned int'
17SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:651:40
18/Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:487:21: runtime error: implicit conversion from type 'unsigned int' of value 2434498561 (32-bit, unsigned) to type 'int' changed the value to -1860468735 (32-bit, signed)
19SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:487:21
20/Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:651:27: runtime error: implicit conversion from type 'unsigned int' of value 4261412923 (32-bit, unsigned) to type 'int' changed the value to -33554373 (32-bit, signed)
21SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:651:27

    fa6a007b8e7b68d559b30c04dd8d76c877bef133:

     0/Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:213:47: runtime error: unsigned integer overflow: 2147483647 - 18446744071562067968 cannot be represented in type 'uint64_t' (aka 'unsigned long long')
 1SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:213:47
 2/Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:234:52: runtime error: unsigned integer overflow: 18446744071562067968 + 4289986048 cannot be represented in type 'uint64_t' (aka 'unsigned long long')
 3SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:234:52
 4/Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:213:47: runtime error: unsigned integer overflow: 9223372036854775807 - 9223372036854775808 cannot be represented in type 'uint64_t' (aka 'unsigned long long')
 5SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:213:47
 6/Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:278:81: runtime error: implicit conversion from type 'uint64_t' (aka 'unsigned long long') of value 17942391492978933760 (64-bit, unsigned) to type 'int64_t' (aka 'long long') changed the value to -504352580730617856 (64-bit, signed)
 7SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:278:81
 8/Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:234:52: runtime error: unsigned integer overflow: 9223372036854775808 + 18439245404546350336 cannot be represented in type 'uint64_t' (aka 'unsigned long long')
 9SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/test/fuzz/FuzzedDataProvider.h:234:52
10/Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:290:49: runtime error: unsigned integer overflow: 0 - 21 cannot be represented in type 'unsigned int'
11SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/policy/fees.cpp:290:49
12/Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:263:93: runtime error: implicit conversion from type 'int64_t' (aka 'long long') of value -144110613935638779 (64-bit, signed) to type 'uint64_t' (aka 'unsigned long long') changed the value to 18302633459773912837 (64-bit, unsigned)
13SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:263:93
14/Users/brunogarcia/projects/bitcoin-core-dev/src/serialize.h:263:93: runtime error: implicit conversion from type 'int64_t' (aka 'long long') of value -144110613935638779 (64-bit, signed) to type 'uint64_t' (aka 'unsigned long long') changed the value to 18302633459773912837 (64-bit, unsigned)


maflcko DrahtBot brunoerg

Labels
Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-04-16 18:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me