fuzz: Fuzzing harnesses for ActivateBestChainStep and ActivateBestChain #34895

pull RobinDavid wants to merge 2 commits into bitcoin:master from RobinDavid:fuzz-harness-activate-chains changing 3 files +972 −2
  1. RobinDavid commented at 3:29 pm on March 22, 2026: contributor

    Hi Bitcoin Core maintainers.

    This PR is the second part of #34651 and provides the following two fuzzing harnesses:

    • activate_best_chain_step: Test the ActivateBestChainStep() function responsible of activating the most worked-chain (not selecting it). The harness is written in a way that enable the fuzzer triggering a chain reorganization if it generates two valid branches.
    • activate_best_chain: Test the ActivateBestChain() function responsible of selecting and activating the most worked-chain.

    In the two later harnesses, some internal state cleaning is required to avoid non-reproducibility issues. Also they might produce file artifacts on disk by means of writing blocks.

    These two harnesses are built upon the connect_block harness thus the PR shall be merged first.

    These harnesses enables improving function coverage on ActivateBestChainStep, removeForBlock and to cover function uncovered by fuzzing at the time of fuzzing harness development (mid-2025). Functions newly covered include DisconnectTip, DisconnectBlock, ApplyTxInUndo, MaybeUpdateMempoolForReorg, removeForReorg etc.

    Authored by @RobinDavid and @nsurbay

    (note shall be rebased on the other PR so that it only contains 1 commit)

  2. DrahtBot added the label Fuzzing on Mar 22, 2026
  3. DrahtBot commented at 3:30 pm on March 22, 2026: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #34651 (fuzz: Block connection and chain reorganization fuzzing harnesses by RobinDavid)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

    LLM Linter (✨ experimental)

    Possible typos and grammar issues:

    • // It intend to leave more space to craft complex transactions... -> // It is intended to leave more space... [Subject/verb agreement is incorrect (“intend” vs “intends/ is intended”), hurting readability.]
    • // It is exclusively used by ConsumeBlock to read transaction inside a block. -> // ... to read transactions inside a block. [Singular/plural mismatch (“transaction” → “transactions”).]
    • /** Vector of blocks to keep a references on blocks ... */ -> /** Vector of blocks to keep references on blocks ... */ [Incorrect article/plural (“a references”).]
    • /** Spending script for all UTXOs ... including not mature CoinBase and already spend one */ -> /** ... including immature coinbase and already spent one */ [Wording is grammatically broken (“not mature”, “CoinBase”, “already spend one”) and unclear without guessing intent.]
    • // ... is not read from the input per-se -> // ... is not read from the input per se [Typo: “per-se” → “per se”.]
    • // ... create the associated spending script to enable to be spent in later transactions. -> // ... create the associated spending script so that they can be spent in later transactions. [Broken grammar (“enable to be spent”), making the meaning awkward.]

    Possible places where named args for integral literals may be used (e.g. func(x, /*named_arg=*/0) in C++, and func(x, named_arg=0) in Python):

    • ConsumeTransaction(fuzzed_data_provider, additionalUTXO, true, targetHeight) in src/test/fuzz/connect_block.cpp
    • active_chainstate.ConnectBlock(block, state, &new_index, active_coins, /* justCheck*/ true) in src/test/fuzz/connect_block.cpp
    • ConsumeBlock(fuzzed_data_provider, *currentBlock, active_tip->nHeight + 1 + i, additionalUTXO, true) in src/test/fuzz/connect_block.cpp
    • ConsumeBlock(fuzzed_data_provider, *currentBlock, originTip->nHeight + 1 + i, additionalUTXO, true) in src/test/fuzz/connect_block.cpp
    • csm.AcceptBlock(std::make_shared<CBlock>(block), state, &blockIndex, true, nullptr, &isNewBlock, true) in src/test/fuzz/connect_block.cpp
    • ConsumeBlock(fuzzed_data_provider, *currentBlock, originTip->nHeight + 1 + i, additionalUTXO, true) in src/test/fuzz/connect_block.cpp
    • ConsumeBlock(fuzzed_data_provider, *currentBlock, originTip->nHeight + 1 + i, additionalUTXO, true) in src/test/fuzz/connect_block.cpp

    2026-04-08 21:45:47

  4. DrahtBot added the label Needs rebase on Apr 7, 2026
  5. Implement connect_block fuzzing harness 19c2d7236d
  6. Add activate_best_chain_step and activate_best_chain fuzzing harnesses 392fac5d0c
  7. RobinDavid force-pushed on Apr 8, 2026
  8. DrahtBot removed the label Needs rebase on Apr 8, 2026


RobinDavid DrahtBot

Labels
Fuzzing

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-12 09:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me