Add simulation-based CCoinsViewCache fuzzer
#27011
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
1a1bd15 to
f87382a
Compare
f87382a to
c7d2009
Compare
There was a problem hiding this comment.
ACK c7d2009 (jamesob/ackr/27011.2.sipa.add_simulation_based_cco)
Built and reviewed locally. Always happy to see more coins tests.
Just a few questions, but as-is this represents a mergeable improvement.
Show signature data
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
ACK c7d20096b6808b11aadda7a652273298b3dd98a8 ([`jamesob/ackr/27011.2.sipa.add_simulation_based_cco`](https://github.com/jamesob/bitcoin/tree/ackr/27011.2.sipa.add_simulation_based_cco))
Built and reviewed locally. Always happy to see more coins tests.
Just a few questions, but as-is this represents a mergeable improvement.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEGNRVI1NPYuZCSIrGepNdrbLETwUFAmPadUMACgkQepNdrbLE
TwUs4w//V3HDJYwqiLfMmjKTT1Mo80v0cyFG2WQrUlnLIEBOdSZSor1ur2AgzOjk
4paKsSCuMzUVfm+CHVvuIRxpPyg9Q4sEONql979/H1yB8VvK7zbddJJ1nyKuEHJQ
mex99u0TWspnQRst6T1B1STwSX7Sjc6UUAcVG1dkIZxHlaR0ll8ZDaQcHo9vUWyy
gHVRi6V+YsiyVqTJ59hEYgkbHQASjLIFFSGyghMDJTp3jTtOKEDJZzdzpL8KgqSE
1Mj1/IsEasgekgxAWKuAC29PetSC+XktzHVrLGfR1IHnWnMQ1eoe8lLg86FD1byS
U+QpTjb4KMf6zWiflzWcIE0EHgmxaBqug4uAuufPrZKd5r2OQyDxy1LkiawatTgu
iwSvFriNH6X2B7I8J34l+/9g9NxubwxVoJvscuuk14vW80IK6lUyPsxc/ujIqiRl
ganCc9Obon1JViEdh/t/sjmmHzCFpYmftvjNn+Kwl0XVSMa2a1zKIKMDoR18l/8L
v60G6haqyl49H2mmjIPEnomsujwtQQW6mGYolYhAI+LuYOCmkPHQ6Mw8VsGZRmdg
xxoATDjx5wMoGCjg3/p8TWszUTHDo3UxpkcBlR9lteWpOTCi3LtaNIYuv8/aBYJJ
nbtJlxNXUGFoYBbC/RxLhTx6orbkcldElwXPtxhx/CYKmxWXMiA=
=f9q/
-----END PGP SIGNATURE-----
Show platform data
Tested on Linux-6.1.6-arch1-3-x86_64-with-glibc2.36
Configured with ./configure LDFLAGS=-L/home/james/src/bitcoin2/db4/lib/ CPPFLAGS=-I/home/james/src/bitcoin2/db4/include/ 'CXXFLAGS=-fPIE -pipe -O2 -g -Wthread-safety-analysis -Wall -Werror=sign-compare -Wsign-compare -Werror=thread-safety-analysis' --enable-wallet --enable-debug --with-daemon --enable-natpmp-default CXX=/usr/bin/clang++ CC=/usr/bin/clang --disable-shared --with-pic --enable-benchmark=no --enable-module-recovery --disable-module-ecdh --no-create --no-recursion
Compiled with /usr/bin/ccache /usr/bin/clang++ -std=c++17 -mavx -mavx2 -mpclmul -fPIE -pipe -O2 -g -Wthread-safety-analysis -Wall -Werror=sign-compare -Wsign-compare -Werror=thread-safety-analysis -O0 -g3 -ftrapv -fdebug-prefix-map=$(abs_top_srcdir)=. -Wstack-protector -fstack-protector-all -fcf-protection=full -fstack-clash-protection -msse4.1 -msse4.2 -msse4 -msha i
Compiler version: clang version 15.0.7
| }, | ||
|
|
||
| [&]() { // Sync. | ||
| // Apply to simulation data (note that in our simulation, syncing and flushing is the same thing). |
There was a problem hiding this comment.
Hm. Can't you emulate Sync() by adding an erase parameter to flush() that just doesn't set the cache entry to EntryType::NONE? If you don't do this, won't the contents of the simulation cache differ from the real caches?
There was a problem hiding this comment.
Semantically, Flush() and Sync() have the same effect: they push the changes made in this cache to the parent coinsview. Whether or not entries stay in a cache is an implementation aspect that's not observable (except through CacheSize() etc).
The NONE entry in the simulated cache is also different from "missing" in the real cache, in that lookups in the simulated cache never pull in entries from parent caches, so you can't really compare the actual cache entrytype with anything the real caches do. They're wholly different implementations, but their observable behavior should be identical.
You're right that I could choose to not reset things to NONE in the simulated cache, but that'd in effect be extending the test to test the behavior of the simulation: resetting to NONE is just a non-observable optimization too there.
c7d2009 to
fd84485
Compare
The fuzzer goes through a sequence of operations that get applied to both a real stack of CCoinsViewCache objects, and to simulation data, comparing the two at the end.
fd84485 to
bc2cc72
Compare
bc2cc72 to
b95982b
Compare
b95982b to
883c2c8
Compare
883c2c8 to
59e6828
Compare
|
re-ACK 561848a |
|
I ran the fuzzer using the latest corpus for about an hour and it didn't find any crashes, so that's nice. |
|
The seeds I've added to qa-assets for this fuzzer (bitcoin-core/qa-assets#103) are the result of a few months of CPU time, FWIW. |
|
Code review ACK 561848a |
561848a Exercise non-DIRTY spent coins in caches in fuzz test (Pieter Wuille) 59e6828 Add deterministic mode to CCoinsViewCache (Pieter Wuille) b0ff310 Add CCoinsViewCache::SanityCheck() and use it in fuzz test (Pieter Wuille) 3c9cea1 Add simulation-based CCoinsViewCache fuzzer (Pieter Wuille) Pull request description: The fuzzer goes through a sequence of operations that get applied to both a real stack of `CCoinsViewCache` objects, and to simulation data, comparing the two at the end. ACKs for top commit: jamesob: re-ACK bitcoin@561848a dergoegge: Code review ACK 561848a Tree-SHA512: 68634f251fdb39436b128ecba093f651bff12ac11508dc9885253e57fd21efd44edf3b22b0f821c228175ec507df7d46c7f9f5404fc1eb8187fdbd136a5d5ee2
|
@sipa While rebasing #25325 I saw that the fuzzer in I can add it while rebasing, I'm touching that line anyways. Unless you want to do this separately EDIT: I had a look what happens when I remove the default |
I think that should probably be addressed.
I believe it does? CCoinsViewCache coins_view_cache{&backend_coins_view, /*deterministic=*/true};
Makes sense to change that too, I think. |
It does in line 49 for |
The fuzzer goes through a sequence of operations that get applied to both a real stack of
CCoinsViewCacheobjects, and to simulation data, comparing the two at the end.