fuzz: Fuzzing harnesses for ActivateBestChainStep and ActivateBestChain #34895

1. 
   RobinDavid commented at 3:29 pm on March 22, 2026: contributor

   Hi Bitcoin Core maintainers.

   This PR is the second part of #34651 and provides the following two fuzzing harnesses:

   • activate_best_chain_step: Test the ActivateBestChainStep() function responsible of activating the most worked-chain (not selecting it). The harness is written in a way that enable the fuzzer triggering a chain reorganization if it generates two valid branches.
   • activate_best_chain: Test the ActivateBestChain() function responsible of selecting and activating the most worked-chain.

   In the two later harnesses, some internal state cleaning is required to avoid non-reproducibility issues. Also they might produce file artifacts on disk by means of writing blocks.

   These two harnesses are built upon the connect_block harness thus the PR shall be merged first.

   These harnesses enables improving function coverage on ActivateBestChainStep, removeForBlock and to cover function uncovered by fuzzing at the time of fuzzing harness development (mid-2025). Functions newly covered include DisconnectTip, DisconnectBlock, ApplyTxInUndo, MaybeUpdateMempoolForReorg, removeForReorg etc.

   Authored by @RobinDavid and @nsurbay

   (note shall be rebased on the other PR so that it only contains 1 commit)

2. Implement connect_block fuzzing harness c14b46ad07
3. Add activate_best_chain_step and activate_best_chain fuzzing harnesses 68cb3c18b1
4. DrahtBot added the label Fuzzing on Mar 22, 2026
5. 
   DrahtBot commented at 3:30 pm on March 22, 2026: contributor

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Reviews

   See the guideline for information on the review process. A summary of reviews will appear here.

   LLM Linter (✨ experimental)

   Possible typos and grammar issues:

   • “It intend to leave more space to craft complex transactions and especially with various scripts types …” -> “It intends to leave more space to craft complex transactions, especially with various script types …” [“intend” is a verb form error; “scripts types” should be “script types” for readability]

   • “It is exclusively used by ConsumeBlock to read transaction inside a block.” -> “It is exclusively used by ConsumeBlock to read transactions inside a block.” [singular “transaction” is inconsistent with “Read … transactions” meaning]

   • “Load the chain mined in ResetChainman in global variables listBlocks and allUTXOCTxIn …” -> “Load the chain mined in ResetChainman into global variables listBlocks and allUTXOCTxIn …” [“in” → “into” to express the correct action (“loaded into” variables)]

   • “Step4: If reach here try switching …” -> “Step4: If we reach here, try switching …” [missing “we” makes the sentence harder to parse]

   Possible places where named args for integral literals may be used (e.g. func(x, /*named_arg=*/0) in C++, and func(x, named_arg=0) in Python):

   • csm.AcceptBlock(std::make_shared<CBlock>(block), state, &blockIndex, true, nullptr, &isNewBlock, true) in src/test/fuzz/connect_block.cpp
   • ConsumeBlock(fuzzed_data_provider, *currentBlock, active_tip->nHeight + 1 + i, additionalUTXO, true) in src/test/fuzz/connect_block.cpp
   • ConsumeBlock(fuzzed_data_provider, *currentBlock, originTip->nHeight + 1 + i, additionalUTXO, true) in src/test/fuzz/connect_block.cpp
   • ConsumeBlock(fuzzed_data_provider, *currentBlock, originTip->nHeight + 1 + i, additionalUTXO, true) in src/test/fuzz/connect_block.cpp
   • ConsumeBlock(fuzzed_data_provider, *currentBlock, originTip->nHeight + 1 + i, additionalUTXO, true) in src/test/fuzz/connect_block.cpp

   2026-03-22 15:30:26

Contributors
RobinDavid DrahtBot

Labels
Fuzzing