fuzz: exercise ForNode/ForEachNode callbacks in connman fuzz harness #34934

pull frankomosh wants to merge 1 commits into bitcoin:master from frankomosh:fuzz-connman-fornode-coverage changing 1 files +17 −2
  1. frankomosh commented at 9:01 am on March 27, 2026: contributor

    Track inserted node IDs and sometimes reuse them in ForNode() so the successful lookup path is exercised more reliably. Replace no-op callbacks with lightweight CNode accessor calls to make ForEachNode() and ForNode() cover previously unreached callback code paths.

    This addresses feedback from #34830 (comment) where it was noted that the callbacks had “neither the return type checked nor its side-effect”.

    Coverage reports from the connman fuzz corpus, before and after the change:

    diff cov_show_before.txt cov_show_after.txt filtered to ForNode/ForEachNode/IsFullOutboundConn/ConnectionTypeAsString:

    IsFullOutboundConnnet.h:786-788

    0-  786|      0|    bool IsFullOutboundConn() const {
1-  787|      0|        return m_conn_type == ConnectionType::OUTBOUND_FULL_RELAY;
2-  788|      0|    }
3+  786|  1.13M|    bool IsFullOutboundConn() const {
4+  787|  1.13M|        return m_conn_type == ConnectionType::OUTBOUND_FULL_RELAY;
5+  788|  1.13M|    }

    ConnectionTypeAsStringnet.h:967

    0-  967|      0|    std::string ConnectionTypeAsString() const { return ::ConnectionTypeAsString(m_conn_type); }
1+  967|  1.11M|    std::string ConnectionTypeAsString() const { return ::ConnectionTypeAsString(m_conn_type); }

    ForNodenet.cpp:4126-4131

    0-  4126|  1.08k|        if(pnode->GetId() == id) {
1-    |  Branch (4126:12): [True: 0, False: 1.08k]
2-  4127|      0|            found = pnode;
3-  4131|     39|    return found != nullptr && NodeFullyConnected(found) && func(found);
4-                                              ^0                          ^0
5+  4126|    602|        if(pnode->GetId() == id) {
6+    |  Branch (4126:12): [True: 1, False: 601]
7+  4127|      1|            found = pnode;
8+  4131|     28|    return found != nullptr && NodeFullyConnected(found) && func(found);
9+                                              ^1                          ^1

    ForEachNodenet.h:1270-1271

    0-  1270|  1.13M|            if (NodeFullyConnected(node))
1-    |  Branch (1270:17): [True: 0, False: 1.13M]
2-  1271|      0|                func(node);
3+  1270|  1.11M|            if (NodeFullyConnected(node))
4+    |  Branch (1270:17): [True: 1.11M, False: 0]
5+  1271|  1.11M|                func(node);

    Two previously uncovered functions (IsFullOutboundConn, ConnectionTypeAsString) are now exercised through the iteration callbacks. ForNode finds matching nodes.

  2. fuzz: exercise ForNode/ForEachNode callbacks in connman fuzz harness 
    Track inserted node IDs and select from them when calling ForNode, so the ID-match branch is reliably hit. Replace no-op callbacks with CNode accessor calls to exercise previously uncovered code
paths (IsFullOutboundConn, ConnectionTypeAsString) through the iteration.
    b6d846147b
  3. DrahtBot added the label Fuzzing on Mar 27, 2026
  4. DrahtBot commented at 9:01 am on March 27, 2026: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK maflcko

    If your review is incorrectly listed, please copy-paste <!–meta-tag:bot-skip–> into the comment that the bot should ignore.

  5. maflcko commented at 1:41 pm on March 27, 2026: member

    lgtm ACK b6d846147bbeb38833bd768829d1dadf904527e5

    Seems fine


frankomosh DrahtBot maflcko

Labels
Fuzzing

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-03-31 12:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me