Bitcoin Core 31.99.0
P2P Digital Currency
coinscache_sim.cpp
Go to the documentation of this file.
1// Copyright (c) 2023-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <coins.h>
6#include <crypto/sha256.h>
7#include <primitives/transaction.h>
8#include <test/fuzz/FuzzedDataProvider.h>
9#include <test/fuzz/fuzz.h>
10#include <test/fuzz/util.h>
11
12#include <cassert>
13#include <cstdint>
14#include <memory>
15#include <optional>
16#include <vector>
17
18namespace {
19
21constexpr uint32_t NUM_OUTPOINTS = 256;
23constexpr uint32_t NUM_COINS = 256;
25constexpr uint32_t MAX_CACHES = 4;
27using coinidx_type = uint8_t;
28
29struct PrecomputedData
30{
32 COutPoint outpoints[NUM_OUTPOINTS];
33
35 Coin coins[NUM_COINS];
36
37 PrecomputedData()
38 {
39 static const uint8_t PREFIX_O[1] = {'o'};
40 static const uint8_t PREFIX_S[1] = {'s'};
41 static const uint8_t PREFIX_M[1] = {'m'};
43 for (uint32_t i = 0; i < NUM_OUTPOINTS; ++i) {
44 uint32_t idx = (i * 1200U) >> 12; /* Map 3 or 4 entries to same txid. */
45 const uint8_t ser[4] = {uint8_t(idx), uint8_t(idx >> 8), uint8_t(idx >> 16), uint8_t(idx >> 24)};
46 uint256 txid;
47 CSHA256().Write(PREFIX_O, 1).Write(ser, sizeof(ser)).Finalize(txid.begin());
48 outpoints[i].hash = Txid::FromUint256(txid);
49 outpoints[i].n = i;
50 }
51
52 for (uint32_t i = 0; i < NUM_COINS; ++i) {
53 const uint8_t ser[4] = {uint8_t(i), uint8_t(i >> 8), uint8_t(i >> 16), uint8_t(i >> 24)};
54 uint256 hash;
55 CSHA256().Write(PREFIX_S, 1).Write(ser, sizeof(ser)).Finalize(hash.begin());
56 /* Convert hash to scriptPubkeys (of different lengths, so SanityCheck's cached memory
57 * usage check has a chance to detect mismatches). */
58 switch (i % 5U) {
59 case 0: /* P2PKH */
60 coins[i].out.scriptPubKey.resize(25);
61 coins[i].out.scriptPubKey[0] = OP_DUP;
62 coins[i].out.scriptPubKey[1] = OP_HASH160;
63 coins[i].out.scriptPubKey[2] = 20;
64 std::copy(hash.begin(), hash.begin() + 20, coins[i].out.scriptPubKey.begin() + 3);
65 coins[i].out.scriptPubKey[23] = OP_EQUALVERIFY;
66 coins[i].out.scriptPubKey[24] = OP_CHECKSIG;
67 break;
68 case 1: /* P2SH */
69 coins[i].out.scriptPubKey.resize(23);
70 coins[i].out.scriptPubKey[0] = OP_HASH160;
71 coins[i].out.scriptPubKey[1] = 20;
72 std::copy(hash.begin(), hash.begin() + 20, coins[i].out.scriptPubKey.begin() + 2);
73 coins[i].out.scriptPubKey[12] = OP_EQUAL;
74 break;
75 case 2: /* P2WPKH */
76 coins[i].out.scriptPubKey.resize(22);
77 coins[i].out.scriptPubKey[0] = OP_0;
78 coins[i].out.scriptPubKey[1] = 20;
79 std::copy(hash.begin(), hash.begin() + 20, coins[i].out.scriptPubKey.begin() + 2);
80 break;
81 case 3: /* P2WSH */
82 coins[i].out.scriptPubKey.resize(34);
83 coins[i].out.scriptPubKey[0] = OP_0;
84 coins[i].out.scriptPubKey[1] = 32;
85 std::copy(hash.begin(), hash.begin() + 32, coins[i].out.scriptPubKey.begin() + 2);
86 break;
87 case 4: /* P2TR */
88 coins[i].out.scriptPubKey.resize(34);
89 coins[i].out.scriptPubKey[0] = OP_1;
90 coins[i].out.scriptPubKey[1] = 32;
91 std::copy(hash.begin(), hash.begin() + 32, coins[i].out.scriptPubKey.begin() + 2);
92 break;
93 }
94 /* Hash again to construct nValue and fCoinBase. */
95 CSHA256().Write(PREFIX_M, 1).Write(ser, sizeof(ser)).Finalize(hash.begin());
96 coins[i].out.nValue = CAmount(hash.GetUint64(0) % MAX_MONEY);
97 coins[i].fCoinBase = (hash.GetUint64(1) & 7) == 0;
98 coins[i].nHeight = 0; /* Real nHeight used in simulation is set dynamically. */
99 }
100 }
101};
102
103enum class EntryType : uint8_t
104{
105 /* This entry in the cache does not exist (so we'd have to look in the parent cache). */
106 NONE,
107
108 /* This entry in the cache corresponds to an unspent coin. */
109 UNSPENT,
110
111 /* This entry in the cache corresponds to a spent coin. */
112 SPENT,
113};
114
115struct CacheEntry
116{
117 /* Type of entry. */
118 EntryType entrytype;
119
120 /* Index in the coins array this entry corresponds to (only if entrytype == UNSPENT). */
121 coinidx_type coinidx;
122
123 /* nHeight value for this entry (so the coins[coinidx].nHeight value is ignored; only if entrytype == UNSPENT). */
124 uint32_t height;
125};
126
127struct CacheLevel
128{
129 CacheEntry entry[NUM_OUTPOINTS];
130
131 void Wipe() {
132 for (uint32_t i = 0; i < NUM_OUTPOINTS; ++i) {
133 entry[i].entrytype = EntryType::NONE;
134 }
135 }
136};
137
142class CoinsViewBottom final : public CoinsViewEmpty
143{
144 std::map<COutPoint, Coin> m_data;
145
146public:
147 std::optional<Coin> GetCoin(const COutPoint& outpoint) const final
148 {
149 if (auto it{m_data.find(outpoint)}; it != m_data.end()) {
150 assert(!it->second.IsSpent());
151 return it->second;
152 }
153 return std::nullopt;
154 }
155
156 void BatchWrite(CoinsViewCacheCursor& cursor, const uint256&) final
157 {
158 for (auto it{cursor.Begin()}; it != cursor.End(); it = cursor.NextAndMaybeErase(*it)) {
159 if (it->second.IsDirty()) {
160 if (it->second.coin.IsSpent()) {
161 m_data.erase(it->first);
162 } else {
163 if (cursor.WillErase(*it)) {
164 m_data[it->first] = std::move(it->second.coin);
165 } else {
166 m_data[it->first] = it->second.coin;
167 }
168 }
169 } else {
170 /* For non-dirty entries being written, compare them with what we have. */
171 auto it2 = m_data.find(it->first);
172 if (it->second.coin.IsSpent()) {
173 assert(it2 == m_data.end());
174 } else {
175 assert(it2 != m_data.end());
176 assert(it->second.coin.out == it2->second.out);
177 assert(it->second.coin.fCoinBase == it2->second.fCoinBase);
178 assert(it->second.coin.nHeight == it2->second.nHeight);
179 }
180 }
181 }
182 }
183};
184
185} // namespace
186
187FUZZ_TARGET(coinscache_sim)
188{
190 static const PrecomputedData data;
191
193 CoinsViewBottom bottom;
195 std::vector<std::unique_ptr<CCoinsViewCache>> caches;
197 CacheLevel sim_caches[MAX_CACHES + 1];
199 uint32_t current_height = 1U;
200
201 // Initialize bottom simulated cache.
202 sim_caches[0].Wipe();
203
205 auto lookup = [&](uint32_t outpointidx, int sim_idx = -1) -> std::optional<std::pair<coinidx_type, uint32_t>> {
206 uint32_t cache_idx = sim_idx == -1 ? caches.size() : sim_idx;
207 while (true) {
208 const auto& entry = sim_caches[cache_idx].entry[outpointidx];
209 if (entry.entrytype == EntryType::UNSPENT) {
210 return {{entry.coinidx, entry.height}};
211 } else if (entry.entrytype == EntryType::SPENT) {
212 return std::nullopt;
213 };
214 if (cache_idx == 0) break;
215 --cache_idx;
216 }
217 return std::nullopt;
218 };
219
221 auto flush = [&]() {
222 assert(caches.size() >= 1);
223 auto& cache = sim_caches[caches.size()];
224 auto& prev_cache = sim_caches[caches.size() - 1];
225 for (uint32_t outpointidx = 0; outpointidx < NUM_OUTPOINTS; ++outpointidx) {
226 if (cache.entry[outpointidx].entrytype != EntryType::NONE) {
227 prev_cache.entry[outpointidx] = cache.entry[outpointidx];
228 cache.entry[outpointidx].entrytype = EntryType::NONE;
229 }
230 }
231 };
232
233 // Main simulation loop: read commands from the fuzzer input, and apply them
234 // to both the real cache stack and the simulation.
235 FuzzedDataProvider provider(buffer.data(), buffer.size());
236 LIMITED_WHILE(provider.remaining_bytes(), 10000) {
237 // Every operation (except "Change height") moves current height forward,
238 // so it functions as a kind of epoch, making ~all UTXOs unique.
239 ++current_height;
240 // Make sure there is always at least one CCoinsViewCache.
241 if (caches.empty()) {
242 caches.emplace_back(new CCoinsViewCache(&bottom, /*deterministic=*/true));
243 sim_caches[caches.size()].Wipe();
244 }
245
246 // Execute command.
247 CallOneOf(
248 provider,
249
250 [&]() { // PeekCoin/GetCoin
251 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
252 // Look up in simulation data.
253 auto sim = lookup(outpointidx);
254 // Look up in real caches.
255 auto realcoin = provider.ConsumeBool() ?
256 caches.back()->PeekCoin(data.outpoints[outpointidx]) :
257 caches.back()->GetCoin(data.outpoints[outpointidx]);
258 // Compare results.
259 if (!sim.has_value()) {
260 assert(!realcoin);
261 } else {
262 assert(realcoin && !realcoin->IsSpent());
263 const auto& simcoin = data.coins[sim->first];
264 assert(realcoin->out == simcoin.out);
265 assert(realcoin->fCoinBase == simcoin.fCoinBase);
266 assert(realcoin->nHeight == sim->second);
267 }
268 },
269
270 [&]() { // HaveCoin
271 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
272 // Look up in simulation data.
273 auto sim = lookup(outpointidx);
274 // Look up in real caches.
275 auto real = caches.back()->HaveCoin(data.outpoints[outpointidx]);
276 // Compare results.
277 assert(sim.has_value() == real);
278 },
279
280 [&]() { // HaveCoinInCache
281 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
282 // Invoke on real cache (there is no equivalent in simulation, so nothing to compare result with).
283 (void)caches.back()->HaveCoinInCache(data.outpoints[outpointidx]);
284 },
285
286 [&]() { // AccessCoin
287 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
288 // Look up in simulation data.
289 auto sim = lookup(outpointidx);
290 // Look up in real caches.
291 const auto& realcoin = caches.back()->AccessCoin(data.outpoints[outpointidx]);
292 // Compare results.
293 if (!sim.has_value()) {
294 assert(realcoin.IsSpent());
295 } else {
296 assert(!realcoin.IsSpent());
297 const auto& simcoin = data.coins[sim->first];
298 assert(simcoin.out == realcoin.out);
299 assert(simcoin.fCoinBase == realcoin.fCoinBase);
300 assert(realcoin.nHeight == sim->second);
301 }
302 },
303
304 [&]() { // AddCoin (only possible_overwrite if necessary)
305 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
306 uint32_t coinidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_COINS - 1);
307 // Look up in simulation data (to know whether we must set possible_overwrite or not).
308 auto sim = lookup(outpointidx);
309 // Invoke on real caches.
310 Coin coin = data.coins[coinidx];
311 coin.nHeight = current_height;
312 caches.back()->AddCoin(data.outpoints[outpointidx], std::move(coin), sim.has_value());
313 // Apply to simulation data.
314 auto& entry = sim_caches[caches.size()].entry[outpointidx];
315 entry.entrytype = EntryType::UNSPENT;
316 entry.coinidx = coinidx;
317 entry.height = current_height;
318 },
319
320 [&]() { // AddCoin (always possible_overwrite)
321 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
322 uint32_t coinidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_COINS - 1);
323 // Invoke on real caches.
324 Coin coin = data.coins[coinidx];
325 coin.nHeight = current_height;
326 caches.back()->AddCoin(data.outpoints[outpointidx], std::move(coin), true);
327 // Apply to simulation data.
328 auto& entry = sim_caches[caches.size()].entry[outpointidx];
329 entry.entrytype = EntryType::UNSPENT;
330 entry.coinidx = coinidx;
331 entry.height = current_height;
332 },
333
334 [&]() { // SpendCoin (moveto = nullptr)
335 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
336 // Invoke on real caches.
337 caches.back()->SpendCoin(data.outpoints[outpointidx], nullptr);
338 // Apply to simulation data.
339 sim_caches[caches.size()].entry[outpointidx].entrytype = EntryType::SPENT;
340 },
341
342 [&]() { // SpendCoin (with moveto)
343 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
344 // Look up in simulation data (to compare the returned *moveto with).
345 auto sim = lookup(outpointidx);
346 // Invoke on real caches.
347 Coin realcoin;
348 caches.back()->SpendCoin(data.outpoints[outpointidx], &realcoin);
349 // Apply to simulation data.
350 sim_caches[caches.size()].entry[outpointidx].entrytype = EntryType::SPENT;
351 // Compare *moveto with the value expected based on simulation data.
352 if (!sim.has_value()) {
353 assert(realcoin.IsSpent());
354 } else {
355 assert(!realcoin.IsSpent());
356 const auto& simcoin = data.coins[sim->first];
357 assert(simcoin.out == realcoin.out);
358 assert(simcoin.fCoinBase == realcoin.fCoinBase);
359 assert(realcoin.nHeight == sim->second);
360 }
361 },
362
363 [&]() { // Uncache
364 uint32_t outpointidx = provider.ConsumeIntegralInRange<uint32_t>(0, NUM_OUTPOINTS - 1);
365 // Apply to real caches (there is no equivalent in our simulation).
366 caches.back()->Uncache(data.outpoints[outpointidx]);
367 },
368
369 [&]() { // Add a cache level (if not already at the max).
370 if (caches.size() != MAX_CACHES) {
371 // Apply to real caches.
372 if (provider.ConsumeBool()) {
373 caches.emplace_back(new CCoinsViewCache(&*caches.back(), /*deterministic=*/true));
374 } else {
375 caches.emplace_back(new CoinsViewOverlay(&*caches.back(), /*deterministic=*/true));
376 }
377 // Apply to simulation data.
378 sim_caches[caches.size()].Wipe();
379 }
380 },
381
382 [&]() { // Remove a cache level.
383 // Apply to real caches (this reduces caches.size(), implicitly doing the same on the simulation data).
384 caches.back()->SanityCheck();
385 caches.pop_back();
386 },
387
388 [&]() { // Flush.
389 // Apply to simulation data.
390 flush();
391 // Apply to real caches.
392 caches.back()->Flush(/*reallocate_cache=*/provider.ConsumeBool());
393 },
394
395 [&]() { // Sync.
396 // Apply to simulation data (note that in our simulation, syncing and flushing is the same thing).
397 flush();
398 // Apply to real caches.
399 caches.back()->Sync();
400 },
401
402 [&]() { // Reset.
403 sim_caches[caches.size()].Wipe();
404 // Apply to real caches.
405 {
406 const auto reset_guard{caches.back()->CreateResetGuard()};
407 }
408 },
409
410 [&]() { // GetCacheSize
411 (void)caches.back()->GetCacheSize();
412 },
413
414 [&]() { // DynamicMemoryUsage
415 (void)caches.back()->DynamicMemoryUsage();
416 },
417
418 [&]() { // Change height
419 current_height = provider.ConsumeIntegralInRange<uint32_t>(1, current_height - 1);
420 }
421 );
422 }
423
424 // Sanity check all the remaining caches
425 for (const auto& cache : caches) {
426 cache->SanityCheck();
427 }
428
429 // Full comparison between caches and simulation data, from bottom to top,
430 // as AccessCoin on a higher cache may affect caches below it.
431 for (unsigned sim_idx = 1; sim_idx <= caches.size(); ++sim_idx) {
432 auto& cache = *caches[sim_idx - 1];
433 size_t cache_size = 0;
434
435 for (uint32_t outpointidx = 0; outpointidx < NUM_OUTPOINTS; ++outpointidx) {
436 cache_size += cache.HaveCoinInCache(data.outpoints[outpointidx]);
437 const auto& real = cache.AccessCoin(data.outpoints[outpointidx]);
438 auto sim = lookup(outpointidx, sim_idx);
439 if (!sim.has_value()) {
440 assert(real.IsSpent());
441 } else {
442 assert(!real.IsSpent());
443 assert(real.out == data.coins[sim->first].out);
444 assert(real.fCoinBase == data.coins[sim->first].fCoinBase);
445 assert(real.nHeight == sim->second);
446 }
447 }
448
449 // HaveCoinInCache ignores spent coins, so GetCacheSize() may exceed it. */
450 assert(cache.GetCacheSize() >= cache_size);
451 }
452
453 // Compare the bottom coinsview (not a CCoinsViewCache) with sim_cache[0].
454 for (uint32_t outpointidx = 0; outpointidx < NUM_OUTPOINTS; ++outpointidx) {
455 auto realcoin = bottom.GetCoin(data.outpoints[outpointidx]);
456 auto sim = lookup(outpointidx, 0);
457 if (!sim.has_value()) {
458 assert(!realcoin);
459 } else {
460 assert(realcoin && !realcoin->IsSpent());
461 assert(realcoin->out == data.coins[sim->first].out);
462 assert(realcoin->fCoinBase == data.coins[sim->first].fCoinBase);
463 assert(realcoin->nHeight == sim->second);
464 }
465 }
466}
MAX_MONEY
static constexpr CAmount MAX_MONEY
No amount larger than this (in satoshi) is valid.
Definition: amount.h:26
CAmount
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
CCoinsViewCache
CCoinsView that adds a memory cache for transactions to another CCoinsView.
Definition: coins.h:394
COutPoint
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:29
COutPoint::n
uint32_t n
Definition: transaction.h:32
COutPoint::hash
Txid hash
Definition: transaction.h:31
CSHA256
A hasher class for SHA-256.
Definition: sha256.h:14
CSHA256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha256.cpp:725
CSHA256::Write
CSHA256 & Write(const unsigned char *data, size_t len)
Definition: sha256.cpp:699
CTxOut::scriptPubKey
CScript scriptPubKey
Definition: transaction.h:143
CTxOut::nValue
CAmount nValue
Definition: transaction.h:142
Coin
A UTXO entry.
Definition: coins.h:35
Coin::out
CTxOut out
unspent transaction output
Definition: coins.h:38
Coin::IsSpent
bool IsSpent() const
Either this coin never existed (see e.g.
Definition: coins.h:83
Coin::fCoinBase
bool fCoinBase
whether containing transaction was a coinbase
Definition: coins.h:41
Coin::nHeight
uint32_t nHeight
at which height this containing transaction was included in the active block chain
Definition: coins.h:44
CoinsViewEmpty
Noop coins view.
Definition: coins.h:347
CoinsViewEmpty::BatchWrite
void BatchWrite(CoinsViewCacheCursor &cursor, const uint256 &) override
Do a bulk modification (multiple Coin changes + BestBlock change).
Definition: coins.h:362
CoinsViewEmpty::GetCoin
std::optional< Coin > GetCoin(const COutPoint &) const override
Retrieve the Coin (unspent transaction output) for a given outpoint.
Definition: coins.h:357
CoinsViewOverlay
CCoinsViewCache overlay that avoids populating/mutating parent cache layers on cache misses.
Definition: coins.h:565
FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition: FuzzedDataProvider.h:205
base_blob::GetUint64
constexpr uint64_t GetUint64(int pos) const
Definition: uint256.h:109
base_blob::begin
constexpr unsigned char * begin()
Definition: uint256.h:101
prevector::resize
void resize(size_type new_size)
Definition: prevector.h:276
transaction_identifier< false >::FromUint256
static transaction_identifier FromUint256(const uint256 &id)
Definition: transaction_identifier.h:49
uint256
256-bit opaque blob.
Definition: uint256.h:196
SPENT
constexpr CAmount SPENT
Definition: coins_tests.cpp:571
FUZZ_TARGET
FUZZ_TARGET(coinscache_sim)
Definition: coinscache_sim.cpp:187
LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:22
BCLog::NONE
@ NONE
Definition: categories.h:15
test_vectors_musig2_generate.data
data
Definition: test_vectors_musig2_generate.py:98
OP_CHECKSIG
@ OP_CHECKSIG
Definition: script.h:190
OP_EQUAL
@ OP_EQUAL
Definition: script.h:146
OP_DUP
@ OP_DUP
Definition: script.h:125
OP_HASH160
@ OP_HASH160
Definition: script.h:187
OP_1
@ OP_1
Definition: script.h:83
OP_0
@ OP_0
Definition: script.h:76
OP_EQUALVERIFY
@ OP_EQUALVERIFY
Definition: script.h:147
CoinsViewCacheCursor
Cursor for iterating over the linked list of flagged entries in CCoinsViewCache.
Definition: coins.h:261
CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35
assert
assert(!tx.IsCoinBase())
Generated on Fri Apr 24 2026 20:00:30 for Bitcoin Core by doxygen 1.9.4