test_2fuzz_2dbwrapper_8cpp_source.html

// Copyright (c) The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <dbwrapper.h>

#include <compat/byteswap.h>

#include <test/fuzz/FuzzedDataProvider.h>

#include <test/fuzz/fuzz.h>

#include <test/fuzz/util.h>

#include <test/util/random.h>

#include <test/util/setup_common.h>

#include <util/byte_units.h>


#include <leveldb/env.h>

#include <leveldb/helpers/memenv/memenv.h>


#include <algorithm>

#include <cassert>

#include <cstdint>

#include <deque>

#include <map>

#include <memory>

#include <numeric>

#include <optional>

#include <set>

#include <string>

#include <vector>


namespace {


class DeterministicEnv final : public leveldb::EnvWrapper

{

    using WorkFunction = void (*)(void*);


    struct Work {

        WorkFunction function;

        void* arg;

    };


    std::deque<Work> m_queue;


public:

    explicit DeterministicEnv(leveldb::Env* base) : EnvWrapper(base) {}


    void Schedule(WorkFunction function, void* arg) override

    {

        m_queue.push_back({function, arg});

    }


    bool RunOne()

    {

        if (m_queue.empty()) return false;

        const Work work{m_queue.front()};

        m_queue.pop_front();

        work.function(work.arg);

        return true;

    }


    void DrainWork() { while (RunOne()) {} }

};


constexpr size_t MAX_VALUE_LEN{4096};

constexpr uint8_t MAX_VALUE_MULTIPLIER{8};

constexpr size_t WRITE_BATCH_HEADER{12}; // See kHeader in db/write_batch.cc


const std::string OBFUSCATION_KEY{"\000obfuscate_key", 14};


std::vector<uint8_t> MakeValue(uint16_t key, uint32_t size)

{

    std::vector<uint8_t> v(size);

    std::iota(v.begin(), v.end(), static_cast<uint8_t>(key ^ (key >> 8)));

    return v;

}


struct LevelDBBytewiseU16Cmp {

    bool operator()(uint16_t a, uint16_t b) const { return internal_bswap_16(a) < internal_bswap_16(b); }

};


using Oracle = std::map<uint16_t, uint32_t, LevelDBBytewiseU16Cmp>;


struct FailUnserialize {

    template <typename Stream>

    void Unserialize(Stream&) { throw std::ios_base::failure{"always fail"}; }

};


uint16_t ConsumeKey(FuzzedDataProvider& provider) { return provider.ConsumeIntegral<uint16_t>(); }

uint32_t ConsumeValueSize(FuzzedDataProvider& provider)

{

    const uint16_t len{provider.ConsumeIntegralInRange<uint16_t>(0, MAX_VALUE_LEN)};

    const uint8_t multiplier{provider.ConsumeIntegralInRange<uint8_t>(1, MAX_VALUE_MULTIPLIER)};

    return static_cast<uint32_t>(len) * multiplier;

}


void VerifyIterator(CDBWrapper& dbw, const Oracle& oracle,

                    bool obfuscate, std::optional<uint16_t> seek_key = std::nullopt)

{

    const std::unique_ptr<CDBIterator> it{dbw.NewIterator()};

    auto oracle_it{seek_key ? oracle.lower_bound(*seek_key) : oracle.begin()};

    if (seek_key) {

        it->Seek(*seek_key);

    } else {

        it->SeekToFirst();

    }

    for (; it->Valid(); it->Next()) {

        uint16_t db_key;

        assert(it->GetKey(db_key));

        if (oracle_it != oracle.end() && db_key == oracle_it->first) {

            std::vector<uint8_t> db_value;

            assert(it->GetValue(db_value));

            assert(db_value == MakeValue(db_key, oracle_it->second));

            ++oracle_it;

        } else {

            assert(obfuscate);

            std::string key_str;

            assert(it->GetKey(key_str));

            assert(key_str == OBFUSCATION_KEY);

        }

    }

    assert(oracle_it == oracle.end());

}


template <typename DrainWorkFn, typename RunOneFn>

void TestDbWrapper(FuzzedDataProvider& provider,

                      leveldb::Env* testing_env,

                      DrainWorkFn drain_work,

                      RunOneFn run_one,

                      bool allow_force_compact)

{

    SeedRandomStateForTest(SeedRand::ZEROS);


    const bool obfuscate{provider.ConsumeBool()};


    const auto make_db{[&](DBOptions options = {}) {

        return std::make_unique<CDBWrapper>(DBParams{

            .path = "dbwrapper_fuzz",

            .cache_bytes = provider.ConsumeIntegralInRange<size_t>(64 << 10, 1_MiB),

            .obfuscate = obfuscate,

            .options = options,

            .testing_env = testing_env,

            .max_file_size = provider.ConsumeBool()

                ? DBWRAPPER_MAX_FILE_SIZE

                : provider.ConsumeIntegralInRange<size_t>(1_MiB, 4_MiB),

        });

    }};

    std::unique_ptr<CDBWrapper> dbw{make_db()};


    // Oracle: key → value size. Content is reconstructed via MakeValue().

    Oracle oracle;


    LIMITED_WHILE(provider.ConsumeBool(), 1'000)

    {

        CallOneOf(

            provider,

            // --- Mutations ---

            [&] {

                const auto key{ConsumeKey(provider)};

                const auto size{ConsumeValueSize(provider)};

                drain_work();

                dbw->Write(key, MakeValue(key, size), /*fSync=*/provider.ConsumeBool());

                oracle[key] = size;

            },

            [&] {

                const auto key{ConsumeKey(provider)};

                drain_work();

                dbw->Erase(key, /*fSync=*/provider.ConsumeBool());

                oracle.erase(key);

            },

            [&] {

                CDBBatch batch{*dbw};

                std::map<uint16_t, uint32_t> batch_writes;

                std::set<uint16_t> batch_erases;

                const auto fill{[&] {

                    LIMITED_WHILE(provider.ConsumeBool(), 20)

                    {

                        const auto key{ConsumeKey(provider)};

                        if (provider.ConsumeBool()) {

                            const auto size{ConsumeValueSize(provider)};

                            batch.Write(key, MakeValue(key, size));

                            batch_writes[key] = size;

                            batch_erases.erase(key);

                        } else {

                            batch.Erase(key);

                            batch_erases.insert(key);

                            batch_writes.erase(key);

                        }

                    }

                }};

                fill();

                if (provider.ConsumeBool()) {

                    assert(batch.ApproximateSize() >= WRITE_BATCH_HEADER);

                    batch.Clear();

                    assert(batch.ApproximateSize() == WRITE_BATCH_HEADER);

                    batch_writes.clear();

                    batch_erases.clear();

                    fill();

                }

                drain_work();

                dbw->WriteBatch(batch, /*fSync=*/provider.ConsumeBool());

                for (const auto& [k, v] : batch_writes) oracle[k] = v;

                for (const auto& k : batch_erases) oracle.erase(k);

            },

            [&] {

                drain_work();

                dbw.reset();

                DBOptions options{};

                if (allow_force_compact && provider.ConsumeBool()) {

                    options.force_compact = true;

                }

                dbw = make_db(options);

                VerifyIterator(*dbw, oracle, obfuscate);

            },

            // --- Reads ---

            [&] {

                const auto key{ConsumeKey(provider)};

                std::vector<uint8_t> value;

                const bool found{dbw->Read(key, value)};

                if (const auto it{oracle.find(key)}; it != oracle.end()) {

                    assert(found && value == MakeValue(key, it->second));

                } else {

                    assert(!found);

                }

            },

            [&] {

                const auto key{ConsumeKey(provider)};

                assert(dbw->Exists(key) == oracle.contains(key));

            },

            [&] {

                uint16_t key{};

                if (!oracle.empty() && provider.ConsumeBool()) {

                    auto it{oracle.begin()};

                    std::advance(it, provider.ConsumeIntegralInRange<size_t>(0, oracle.size() - 1));

                    key = it->first;

                } else {

                    key = ConsumeKey(provider);

                }

                FailUnserialize wrong_type;

                assert(!dbw->Read(key, wrong_type));

            },

            [&] {

                const auto seek_key{provider.ConsumeBool()

                                        ? std::optional<uint16_t>{ConsumeKey(provider)}

                                        : std::nullopt};

                VerifyIterator(*dbw, oracle, obfuscate, seek_key);

            },

            // --- Stats ---

            [&] {

                assert(dbw->IsEmpty() == (oracle.empty() && !obfuscate));

            },

            [&] {

                const auto [k1, k2]{std::minmax({ConsumeKey(provider), ConsumeKey(provider)}, LevelDBBytewiseU16Cmp{})};

                const size_t estimate_size{dbw->EstimateSize(k1, k2)};

                if (k1 == k2) assert(estimate_size == 0);

            },

            [&] {

                (void)dbw->DynamicMemoryUsage();

            },

            // --- Compaction control (no-op when run_one is no-op) ---

            [&] {

                run_one();

            });

    }


    VerifyIterator(*dbw, oracle, obfuscate);

    drain_work();

}


} // namespace


FUZZ_TARGET(dbwrapper, .init = [] { static auto setup{MakeNoLogFileContext<>()}; })

{

    FuzzedDataProvider provider{buffer.data(), buffer.size()};


    const auto memenv{std::unique_ptr<leveldb::Env>{leveldb::NewMemEnv(leveldb::Env::Default())}};

    DeterministicEnv det_env{memenv.get()};

    TestDbWrapper(

        provider, &det_env,

        [&] { det_env.DrainWork(); },

        [&] { return det_env.RunOne(); },

        /*allow_force_compact=*/false);

}


FUZZ_TARGET(dbwrapper_threaded, .init = [] { static auto setup{MakeNoLogFileContext<>()}; })

{

    FuzzedDataProvider provider{buffer.data(), buffer.size()};


    const auto memenv{std::unique_ptr<leveldb::Env>{leveldb::NewMemEnv(leveldb::Env::Default())}};

    TestDbWrapper(

        provider, memenv.get(),

        /*drain_work=*/[] {},

        /*run_one=*/[] { return false; },

        /*allow_force_compact=*/true);

}

FuzzedDataProvider.h

byte_units.h

byteswap.h

internal_bswap_16
BSWAP_CONSTEXPR uint16_t internal_bswap_16(uint16_t x)
Definition: byteswap.h:44

CDBBatch
Batch of changes queued to be written to a CDBWrapper.
Definition: dbwrapper.h:83

CDBIterator::Seek
void Seek(const K &key)
Definition: dbwrapper.h:153

CDBWrapper
Definition: dbwrapper.h:187

CDBWrapper::DynamicMemoryUsage
size_t DynamicMemoryUsage() const
Definition: dbwrapper.cpp:304

CDBWrapper::Read
bool Read(const K &key, V &value) const
Definition: dbwrapper.h:215

CDBWrapper::NewIterator
CDBIterator * NewIterator()
Definition: dbwrapper.cpp:373

CDBWrapper::Exists
bool Exists(const K &key) const
Definition: dbwrapper.h:243

CDBWrapper::Erase
void Erase(const K &key, bool fSync=false)
Definition: dbwrapper.h:252

CDBWrapper::WriteBatch
void WriteBatch(CDBBatch &batch, bool fSync=false)
Definition: dbwrapper.cpp:288

CDBWrapper::Write
void Write(const K &key, const V &value, bool fSync=false)
Definition: dbwrapper.h:235

CDBWrapper::IsEmpty
bool IsEmpty()
Return true if the database managed by this class contains no entries.
Definition: dbwrapper.cpp:354

CDBWrapper::EstimateSize
size_t EstimateSize(const K &key_begin, const K &key_end) const
Definition: dbwrapper.h:272

FuzzedDataProvider
Definition: FuzzedDataProvider.h:32

FuzzedDataProvider::ConsumeBool
bool ConsumeBool()
Definition: FuzzedDataProvider.h:289

FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition: FuzzedDataProvider.h:205

FuzzedDataProvider::ConsumeIntegral
T ConsumeIntegral()
Definition: FuzzedDataProvider.h:195

dbwrapper.h

DBWRAPPER_MAX_FILE_SIZE
static const size_t DBWRAPPER_MAX_FILE_SIZE
Definition: dbwrapper.h:29

fuzz.h

FUZZ_TARGET
#define FUZZ_TARGET(...)
Definition: fuzz.h:35

LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:22

init
Definition: basic.cpp:8

Unserialize
void Unserialize(Stream &, V)=delete

setup_common.h

ByteUnit::k
@ k

DBOptions
User-controlled performance and debug options.
Definition: dbwrapper.h:32

DBOptions::force_compact
bool force_compact
Compact database on startup.
Definition: dbwrapper.h:34

DBParams
Application-specific storage settings.
Definition: dbwrapper.h:38

DBParams::path
fs::path path
Location in the filesystem where leveldb data will be stored.
Definition: dbwrapper.h:40

TestDbWrapper
TestDbWrapper(provider, &det_env, [&] { det_env.DrainWork();}, [&] { return det_env.RunOne();}, false)

det_env
DeterministicEnv det_env
Definition: dbwrapper.cpp:307

memenv
const auto memenv
Definition: dbwrapper.cpp:306

util.h

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:37

SeedRandomStateForTest
void SeedRandomStateForTest(SeedRand seedtype)
Seed the global RNG state for testing and log the seed value.
Definition: random.cpp:19

random.h

SeedRand::ZEROS
@ ZEROS
Seed with a compile time constant of zeros.

setup
static int setup(void)
Definition: tests.c:8040

assert
assert(!tx.IsCoinBase())