Branch data Line data Source code
1 : : // Copyright (c) 2021-present The Bitcoin Core developers
2 : : // Distributed under the MIT software license, see the accompanying
3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 : :
5 : : #include <core_io.h>
6 : : #include <hash.h>
7 : : #include <key.h>
8 : : #include <script/miniscript.h>
9 : : #include <script/script.h>
10 : : #include <script/signingprovider.h>
11 : : #include <test/fuzz/FuzzedDataProvider.h>
12 : : #include <test/fuzz/fuzz.h>
13 : : #include <test/fuzz/util.h>
14 : : #include <test/fuzz/util/descriptor.h>
15 : : #include <util/strencodings.h>
16 : :
17 : : #include <algorithm>
18 : : #include <optional>
19 : :
20 : : namespace {
21 : :
22 : : using Fragment = miniscript::Fragment;
23 : : using Node = miniscript::Node<CPubKey>;
24 : : using Type = miniscript::Type;
25 : : using MsCtx = miniscript::MiniscriptContext;
26 : : using miniscript::operator""_mst;
27 : :
28 : : //! Some pre-computed data for more efficient string roundtrips and to simulate challenges.
29 : : struct TestData {
30 : : typedef CPubKey Key;
31 : :
32 : : // Precomputed public keys, and a dummy signature for each of them.
33 : : std::vector<Key> dummy_keys;
34 : : std::map<Key, int> dummy_key_idx_map;
35 : : std::map<CKeyID, Key> dummy_keys_map;
36 : : std::map<Key, std::pair<std::vector<unsigned char>, bool>> dummy_sigs;
37 : : std::map<XOnlyPubKey, std::pair<std::vector<unsigned char>, bool>> schnorr_sigs;
38 : :
39 : : // Precomputed hashes of each kind.
40 : : std::vector<std::vector<unsigned char>> sha256;
41 : : std::vector<std::vector<unsigned char>> ripemd160;
42 : : std::vector<std::vector<unsigned char>> hash256;
43 : : std::vector<std::vector<unsigned char>> hash160;
44 : : std::map<std::vector<unsigned char>, std::vector<unsigned char>> sha256_preimages;
45 : : std::map<std::vector<unsigned char>, std::vector<unsigned char>> ripemd160_preimages;
46 : : std::map<std::vector<unsigned char>, std::vector<unsigned char>> hash256_preimages;
47 : : std::map<std::vector<unsigned char>, std::vector<unsigned char>> hash160_preimages;
48 : :
49 : : //! Set the precomputed data.
50 : 3 : void Init() {
51 : 3 : unsigned char keydata[32] = {1};
52 : : // All our signatures sign (and are required to sign) this constant message.
53 : 3 : constexpr uint256 MESSAGE_HASH{"0000000000000000f5cd94e18b6fe77dd7aca9e35c2b0c9cbd86356c80a71065"};
54 : : // We don't pass additional randomness when creating a schnorr signature.
55 : 3 : const auto EMPTY_AUX{uint256::ZERO};
56 : :
57 [ + + ]: 771 : for (size_t i = 0; i < 256; i++) {
58 : 768 : keydata[31] = i;
59 : 768 : CKey privkey;
60 [ + - ]: 768 : privkey.Set(keydata, keydata + 32, true);
61 [ + - ]: 768 : const Key pubkey = privkey.GetPubKey();
62 : :
63 [ + - ]: 768 : dummy_keys.push_back(pubkey);
64 [ + - ]: 768 : dummy_key_idx_map.emplace(pubkey, i);
65 [ + - + - ]: 768 : dummy_keys_map.insert({pubkey.GetID(), pubkey});
66 : 768 : XOnlyPubKey xonly_pubkey{pubkey};
67 [ + - ]: 768 : dummy_key_idx_map.emplace(xonly_pubkey, i);
68 [ + - ]: 768 : uint160 xonly_hash{Hash160(xonly_pubkey)};
69 [ + - ]: 768 : dummy_keys_map.emplace(xonly_hash, pubkey);
70 : :
71 [ + - ]: 768 : std::vector<unsigned char> sig, schnorr_sig(64);
72 [ + - ]: 768 : privkey.Sign(MESSAGE_HASH, sig);
73 [ + - ]: 768 : sig.push_back(1); // SIGHASH_ALL
74 [ + - + - ]: 1536 : dummy_sigs.insert({pubkey, {sig, i & 1}});
75 [ - + + - : 768 : assert(privkey.SignSchnorr(MESSAGE_HASH, schnorr_sig, nullptr, EMPTY_AUX));
- + ]
76 [ + - ]: 768 : schnorr_sig.push_back(1); // Maximally-sized signature has sighash byte
77 [ + - ]: 768 : schnorr_sigs.emplace(XOnlyPubKey{pubkey}, std::make_pair(std::move(schnorr_sig), i & 1));
78 : :
79 : 768 : std::vector<unsigned char> hash;
80 [ + - ]: 768 : hash.resize(32);
81 [ + - + - : 768 : CSHA256().Write(keydata, 32).Finalize(hash.data());
+ - ]
82 [ + - ]: 768 : sha256.push_back(hash);
83 [ + + + - : 768 : if (i & 1) sha256_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
+ - ]
84 [ + - + - : 768 : CHash256().Write(keydata).Finalize(hash);
- + + - ]
85 [ + - ]: 768 : hash256.push_back(hash);
86 [ + + + - : 768 : if (i & 1) hash256_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
+ - ]
87 [ + - ]: 768 : hash.resize(20);
88 [ + - + - : 768 : CRIPEMD160().Write(keydata, 32).Finalize(hash.data());
+ - ]
89 [ - + - + ]: 768 : assert(hash.size() == 20);
90 [ + - ]: 768 : ripemd160.push_back(hash);
91 [ + + + - : 768 : if (i & 1) ripemd160_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
+ - ]
92 [ + - + - : 768 : CHash160().Write(keydata).Finalize(hash);
- + + - ]
93 [ + - ]: 768 : hash160.push_back(hash);
94 [ + + + - : 768 : if (i & 1) hash160_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
+ - ]
95 : 768 : }
96 : 3 : }
97 : :
98 : : //! Get the (Schnorr or ECDSA, depending on context) signature for this pubkey.
99 : 403287 : const std::pair<std::vector<unsigned char>, bool>* GetSig(const MsCtx script_ctx, const Key& key) const {
100 [ + + ]: 403287 : if (!miniscript::IsTapscript(script_ctx)) {
101 : 216849 : const auto it = dummy_sigs.find(key);
102 [ + - ]: 216849 : if (it == dummy_sigs.end()) return nullptr;
103 : 216849 : return &it->second;
104 : : } else {
105 : 186438 : const auto it = schnorr_sigs.find(XOnlyPubKey{key});
106 [ + - ]: 186438 : if (it == schnorr_sigs.end()) return nullptr;
107 : 186438 : return &it->second;
108 : : }
109 : : }
110 : : } TEST_DATA;
111 : :
112 : : /**
113 : : * Context to parse a Miniscript node to and from Script or text representation.
114 : : * Uses an integer (an index in the dummy keys array from the test data) as keys in order
115 : : * to focus on fuzzing the Miniscript nodes' test representation, not the key representation.
116 : : */
117 : : struct ParserContext {
118 : : typedef CPubKey Key;
119 : :
120 : : const MsCtx script_ctx;
121 : :
122 : 17818 : constexpr ParserContext(MsCtx ctx) noexcept : script_ctx(ctx) {}
123 : :
124 : 1365620 : bool KeyCompare(const Key& a, const Key& b) const {
125 [ + + + + : 1365620 : return a < b;
- - - - -
- - - + +
+ + + + ]
126 : : }
127 : :
128 : 212863 : std::optional<std::string> ToString(const Key& key, bool& has_priv_key) const
129 : : {
130 : 212863 : has_priv_key = false;
131 : 212863 : auto it = TEST_DATA.dummy_key_idx_map.find(key);
132 [ - + ]: 212863 : if (it == TEST_DATA.dummy_key_idx_map.end()) {
133 : 0 : return HexStr(key);
134 : : }
135 : 212863 : has_priv_key = true;
136 : 212863 : uint8_t idx = it->second;
137 : 212863 : return HexStr(std::span{&idx, 1});
138 : : }
139 : :
140 : 273388 : std::vector<unsigned char> ToPKBytes(const Key& key) const {
141 [ + + ]: 273388 : if (!miniscript::IsTapscript(script_ctx)) {
142 : 147568 : return {key.begin(), key.end()};
143 : : }
144 : 125820 : const XOnlyPubKey xonly_pubkey{key};
145 : 125820 : return {xonly_pubkey.begin(), xonly_pubkey.end()};
146 : : }
147 : :
148 : 22318 : std::vector<unsigned char> ToPKHBytes(const Key& key) const {
149 [ + + ]: 22318 : if (!miniscript::IsTapscript(script_ctx)) {
150 : 11992 : const auto h = Hash160(key);
151 : 11992 : return {h.begin(), h.end()};
152 : : }
153 : 10326 : const auto h = Hash160(XOnlyPubKey{key});
154 : 10326 : return {h.begin(), h.end()};
155 : : }
156 : :
157 : 243107 : std::optional<Key> FromString(std::span<const char>& in) const {
158 [ + + ]: 243107 : if (in.size() != 2) return {};
159 [ - + + - ]: 243057 : auto idx = ParseHex(std::string(in.begin(), in.end()));
160 [ - + + + ]: 243057 : if (idx.size() != 1) return {};
161 : 243019 : return TEST_DATA.dummy_keys[idx[0]];
162 : 243057 : }
163 : :
164 : : template<typename I>
165 : 123481 : std::optional<Key> FromPKBytes(I first, I last) const {
166 [ + + ]: 123481 : if (!miniscript::IsTapscript(script_ctx)) {
167 [ + - ]: 66425 : Key key{first, last};
168 [ + - ]: 66425 : if (key.IsValid()) return key;
169 : 0 : return {};
170 : : }
171 [ - + ]: 57056 : if (last - first != 32) return {};
172 : 57056 : XOnlyPubKey xonly_pubkey;
173 : 57056 : std::copy(first, last, xonly_pubkey.begin());
174 : 57056 : return xonly_pubkey.GetEvenCorrespondingCPubKey();
175 : : }
176 : :
177 : : template<typename I>
178 [ - + ]: 10948 : std::optional<Key> FromPKHBytes(I first, I last) const {
179 [ - + ]: 10948 : assert(last - first == 20);
180 : 10948 : CKeyID keyid;
181 : 10948 : std::copy(first, last, keyid.begin());
182 [ - + ]: 10948 : const auto it = TEST_DATA.dummy_keys_map.find(keyid);
183 [ - + ]: 10948 : if (it == TEST_DATA.dummy_keys_map.end()) return {};
184 : 10948 : return it->second;
185 : : }
186 : :
187 : 4899043 : MsCtx MsContext() const {
188 [ + - + - : 4899043 : return script_ctx;
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + + + -
+ - ]
189 : : }
190 : : };
191 : :
192 : : //! Context that implements naive conversion from/to script only, for roundtrip testing.
193 : : struct ScriptParserContext {
194 : : const MsCtx script_ctx;
195 : :
196 : 2073 : constexpr ScriptParserContext(MsCtx ctx) noexcept : script_ctx(ctx) {}
197 : :
198 : : //! For Script roundtrip we never need the key from a key hash.
199 [ + - ]: 72362 : struct Key {
200 : : bool is_hash;
201 : : std::vector<unsigned char> data;
202 : : };
203 : :
204 : 26635 : bool KeyCompare(const Key& a, const Key& b) const {
205 [ + + + + : 26635 : return a.data < b.data;
- - - - -
- - - + +
+ + + + ]
206 : : }
207 : :
208 : 1484 : const std::vector<unsigned char>& ToPKBytes(const Key& key) const
209 : : {
210 [ - + ]: 1484 : assert(!key.is_hash);
211 : 1484 : return key.data;
212 : : }
213 : :
214 : 769 : std::vector<unsigned char> ToPKHBytes(const Key& key) const
215 : : {
216 [ + - ]: 769 : if (key.is_hash) return key.data;
217 : 0 : const auto h = Hash160(key.data);
218 : 0 : return {h.begin(), h.end()};
219 : : }
220 : :
221 : : template<typename I>
222 [ + - ]: 8185 : std::optional<Key> FromPKBytes(I first, I last) const
223 : : {
224 [ + - ]: 8185 : Key key;
225 : 8185 : key.data.assign(first, last);
226 : 8185 : key.is_hash = false;
227 : 8185 : return key;
228 : 8185 : }
229 : :
230 : : template<typename I>
231 [ + - ]: 6867 : std::optional<Key> FromPKHBytes(I first, I last) const
232 : : {
233 [ + - ]: 6867 : Key key;
234 : 6867 : key.data.assign(first, last);
235 : 6867 : key.is_hash = true;
236 : 6867 : return key;
237 : 6867 : }
238 : :
239 : 8761986 : MsCtx MsContext() const {
240 [ + - + - : 8761986 : return script_ctx;
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - + -
+ - + - +
- + - +
- ]
241 : : }
242 : : };
243 : :
244 : : //! Context to produce a satisfaction for a Miniscript node using the pre-computed data.
245 : : struct SatisfierContext : ParserContext {
246 : :
247 : 7303 : constexpr SatisfierContext(MsCtx ctx) noexcept : ParserContext(ctx) {}
248 : :
249 : : // Timelock challenges satisfaction. Make the value (deterministically) vary to explore different
250 : : // paths.
251 [ + + ]: 13124 : bool CheckAfter(uint32_t value) const { return value % 2; }
252 [ + + ]: 14898 : bool CheckOlder(uint32_t value) const { return value % 2; }
253 : :
254 : : // Signature challenges fulfilled with a dummy signature, if it was one of our dummy keys.
255 : 268858 : miniscript::Availability Sign(const CPubKey& key, std::vector<unsigned char>& sig) const {
256 : 268858 : bool sig_available{false};
257 [ + - ]: 268858 : if (auto res = TEST_DATA.GetSig(script_ctx, key)) {
258 : 268858 : std::tie(sig, sig_available) = *res;
259 : : }
260 [ + + ]: 268858 : return sig_available ? miniscript::Availability::YES : miniscript::Availability::NO;
261 : : }
262 : :
263 : : //! Lookup generalization for all the hash satisfactions below
264 : 42006 : miniscript::Availability LookupHash(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage,
265 : : const std::map<std::vector<unsigned char>, std::vector<unsigned char>>& map) const
266 : : {
267 : 42006 : const auto it = map.find(hash);
268 [ + + ]: 42006 : if (it == map.end()) return miniscript::Availability::NO;
269 : 25578 : preimage = it->second;
270 : 25578 : return miniscript::Availability::YES;
271 : : }
272 : 10050 : miniscript::Availability SatSHA256(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
273 [ + - ]: 10050 : return LookupHash(hash, preimage, TEST_DATA.sha256_preimages);
274 : : }
275 : 10438 : miniscript::Availability SatRIPEMD160(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
276 [ + - ]: 10438 : return LookupHash(hash, preimage, TEST_DATA.ripemd160_preimages);
277 : : }
278 : 11450 : miniscript::Availability SatHASH256(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
279 [ + - ]: 11450 : return LookupHash(hash, preimage, TEST_DATA.hash256_preimages);
280 : : }
281 : 10068 : miniscript::Availability SatHASH160(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
282 [ + - ]: 10068 : return LookupHash(hash, preimage, TEST_DATA.hash160_preimages);
283 : : }
284 : : };
285 : :
286 : : //! Context to check a satisfaction against the pre-computed data.
287 : : const struct CheckerContext: BaseSignatureChecker {
288 : : // Signature checker methods. Checks the right dummy signature is used.
289 : 40282 : bool CheckECDSASignature(const std::vector<unsigned char>& sig, const std::vector<unsigned char>& vchPubKey,
290 : : const CScript& scriptCode, SigVersion sigversion) const override
291 : : {
292 [ - + ]: 40282 : const CPubKey key{vchPubKey};
293 : 40282 : const auto it = TEST_DATA.dummy_sigs.find(key);
294 [ + - ]: 40282 : if (it == TEST_DATA.dummy_sigs.end()) return false;
295 : 40282 : return it->second.first == sig;
296 : : }
297 : 16008 : bool CheckSchnorrSignature(std::span<const unsigned char> sig, std::span<const unsigned char> pubkey, SigVersion,
298 : : ScriptExecutionData&, ScriptError*) const override {
299 : 16008 : XOnlyPubKey pk{pubkey};
300 : 16008 : auto it = TEST_DATA.schnorr_sigs.find(pk);
301 [ + - ]: 16008 : if (it == TEST_DATA.schnorr_sigs.end()) return false;
302 : 16008 : return std::ranges::equal(it->second.first, sig);
303 : : }
304 : 2332 : bool CheckLockTime(const CScriptNum& nLockTime) const override { return nLockTime.GetInt64() & 1; }
305 : 3410 : bool CheckSequence(const CScriptNum& nSequence) const override { return nSequence.GetInt64() & 1; }
306 : : } CHECKER_CTX;
307 : :
308 : : //! Context to check for duplicates when instancing a Node.
309 : : const struct KeyComparator {
310 : 475602 : bool KeyCompare(const CPubKey& a, const CPubKey& b) const {
311 [ + + + + : 475602 : return a < b;
- - - - -
- - - + +
+ + + + ]
312 : : }
313 : : } KEY_COMP;
314 : :
315 : : // A dummy scriptsig to pass to VerifyScript (we always use Segwit v0).
316 : : const CScript DUMMY_SCRIPTSIG;
317 : :
318 : : /** Information about a yet to be constructed Miniscript node. */
319 : : struct NodeInfo {
320 : : //! The type of this node
321 : : Fragment fragment;
322 : : //! The timelock value for older() and after(), the threshold value for multi() and thresh()
323 : : uint32_t k;
324 : : //! Keys for this node, if it has some
325 : : std::vector<CPubKey> keys;
326 : : //! The hash value for this node, if it has one
327 : : std::vector<unsigned char> hash;
328 : : //! The type requirements for the children of this node.
329 : : std::vector<Type> subtypes;
330 : :
331 : 66205 : NodeInfo(Fragment frag): fragment(frag), k(0) {}
332 : 34650 : NodeInfo(Fragment frag, CPubKey key): fragment(frag), k(0), keys({key}) {}
333 : 10971 : NodeInfo(Fragment frag, uint32_t _k): fragment(frag), k(_k) {}
334 : 23702 : NodeInfo(Fragment frag, std::vector<unsigned char> h): fragment(frag), k(0), hash(std::move(h)) {}
335 : 197777 : NodeInfo(std::vector<Type> subt, Fragment frag): fragment(frag), k(0), subtypes(std::move(subt)) {}
336 : 19461 : NodeInfo(std::vector<Type> subt, Fragment frag, uint32_t _k): fragment(frag), k(_k), subtypes(std::move(subt)) {}
337 : 16476 : NodeInfo(Fragment frag, uint32_t _k, std::vector<CPubKey> _keys): fragment(frag), k(_k), keys(std::move(_keys)) {}
338 : : };
339 : :
340 : : /** Pick an index in a collection from a single byte in the fuzzer's output. */
341 : : template<typename T, typename A>
342 : 191624 : T ConsumeIndex(FuzzedDataProvider& provider, A& col) {
343 : 191624 : const uint8_t i = provider.ConsumeIntegral<uint8_t>();
344 : 191624 : return col[i];
345 : : }
346 : :
347 : 178180 : CPubKey ConsumePubKey(FuzzedDataProvider& provider) {
348 : 178180 : return ConsumeIndex<CPubKey>(provider, TEST_DATA.dummy_keys);
349 : : }
350 : :
351 : 2965 : std::vector<unsigned char> ConsumeSha256(FuzzedDataProvider& provider) {
352 : 2965 : return ConsumeIndex<std::vector<unsigned char>>(provider, TEST_DATA.sha256);
353 : : }
354 : :
355 : 3680 : std::vector<unsigned char> ConsumeHash256(FuzzedDataProvider& provider) {
356 : 3680 : return ConsumeIndex<std::vector<unsigned char>>(provider, TEST_DATA.hash256);
357 : : }
358 : :
359 : 3501 : std::vector<unsigned char> ConsumeRipemd160(FuzzedDataProvider& provider) {
360 : 3501 : return ConsumeIndex<std::vector<unsigned char>>(provider, TEST_DATA.ripemd160);
361 : : }
362 : :
363 : 3298 : std::vector<unsigned char> ConsumeHash160(FuzzedDataProvider& provider) {
364 : 3298 : return ConsumeIndex<std::vector<unsigned char>>(provider, TEST_DATA.hash160);
365 : : }
366 : :
367 : 11064 : std::optional<uint32_t> ConsumeTimeLock(FuzzedDataProvider& provider) {
368 : 11064 : const uint32_t k = provider.ConsumeIntegral<uint32_t>();
369 [ + + ]: 11064 : if (k == 0 || k >= 0x80000000) return {};
370 : 10971 : return k;
371 : : }
372 : :
373 : : /**
374 : : * Consume a Miniscript node from the fuzzer's output.
375 : : *
376 : : * This version is intended to have a fixed, stable, encoding for Miniscript nodes:
377 : : * - The first byte sets the type of the fragment. 0, 1 and all non-leaf fragments but thresh() are a
378 : : * single byte.
379 : : * - For the other leaf fragments, the following bytes depend on their type.
380 : : * - For older() and after(), the next 4 bytes define the timelock value.
381 : : * - For pk_k(), pk_h(), and all hashes, the next byte defines the index of the value in the test data.
382 : : * - For multi(), the next 2 bytes define respectively the threshold and the number of keys. Then as many
383 : : * bytes as the number of keys define the index of each key in the test data.
384 : : * - For multi_a(), same as for multi() but the threshold and the keys count are encoded on two bytes.
385 : : * - For thresh(), the next byte defines the threshold value and the following one the number of subs.
386 : : */
387 : 323230 : std::optional<NodeInfo> ConsumeNodeStable(MsCtx script_ctx, FuzzedDataProvider& provider, Type type_needed) {
388 [ + + + + ]: 323230 : bool allow_B = (type_needed == ""_mst) || (type_needed << "B"_mst);
389 [ + + + + ]: 323230 : bool allow_K = (type_needed == ""_mst) || (type_needed << "K"_mst);
390 [ + + + + ]: 323230 : bool allow_V = (type_needed == ""_mst) || (type_needed << "V"_mst);
391 [ + + + + ]: 323230 : bool allow_W = (type_needed == ""_mst) || (type_needed << "W"_mst);
392 : :
393 [ + + + + : 323230 : switch (provider.ConsumeIntegral<uint8_t>()) {
+ + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + + ]
394 : 49716 : case 0:
395 [ + + ]: 49716 : if (!allow_B) return {};
396 : 49619 : return {{Fragment::JUST_0}};
397 : 16597 : case 1:
398 [ + + ]: 16597 : if (!allow_B) return {};
399 : 16586 : return {{Fragment::JUST_1}};
400 : 9678 : case 2:
401 [ + + ]: 9678 : if (!allow_K) return {};
402 : 9671 : return {{Fragment::PK_K, ConsumePubKey(provider)}};
403 : 6561 : case 3:
404 [ + + ]: 6561 : if (!allow_K) return {};
405 : 6548 : return {{Fragment::PK_H, ConsumePubKey(provider)}};
406 : 5844 : case 4: {
407 [ + + ]: 5844 : if (!allow_B) return {};
408 : 5832 : const auto k = ConsumeTimeLock(provider);
409 [ + + ]: 5832 : if (!k) return {};
410 : 5773 : return {{Fragment::OLDER, *k}};
411 : : }
412 : 5238 : case 5: {
413 [ + + ]: 5238 : if (!allow_B) return {};
414 : 5232 : const auto k = ConsumeTimeLock(provider);
415 [ + + ]: 5232 : if (!k) return {};
416 : 5198 : return {{Fragment::AFTER, *k}};
417 : : }
418 : 2971 : case 6:
419 [ + + ]: 2971 : if (!allow_B) return {};
420 : 2965 : return {{Fragment::SHA256, ConsumeSha256(provider)}};
421 : 3687 : case 7:
422 [ + + ]: 3687 : if (!allow_B) return {};
423 : 3680 : return {{Fragment::HASH256, ConsumeHash256(provider)}};
424 : 3504 : case 8:
425 [ + + ]: 3504 : if (!allow_B) return {};
426 : 3501 : return {{Fragment::RIPEMD160, ConsumeRipemd160(provider)}};
427 : 3301 : case 9:
428 [ + + ]: 3301 : if (!allow_B) return {};
429 : 3298 : return {{Fragment::HASH160, ConsumeHash160(provider)}};
430 : 7248 : case 10: {
431 [ + + + + ]: 7248 : if (!allow_B || IsTapscript(script_ctx)) return {};
432 : 6098 : const auto k = provider.ConsumeIntegral<uint8_t>();
433 : 6098 : const auto n_keys = provider.ConsumeIntegral<uint8_t>();
434 [ + + + + ]: 6098 : if (n_keys > 20 || k == 0 || k > n_keys) return {};
435 : 6083 : std::vector<CPubKey> keys{n_keys};
436 [ + + ]: 35744 : for (auto& key: keys) key = ConsumePubKey(provider);
437 : 6083 : return {{Fragment::MULTI, k, std::move(keys)}};
438 : 6083 : }
439 : 15825 : case 11:
440 [ + + + + ]: 15825 : if (!(allow_B || allow_K || allow_V)) return {};
441 : 15822 : return {{{"B"_mst, type_needed, type_needed}, Fragment::ANDOR}};
442 : 41451 : case 12:
443 [ + + + + ]: 41451 : if (!(allow_B || allow_K || allow_V)) return {};
444 : 41445 : return {{{"V"_mst, type_needed}, Fragment::AND_V}};
445 : 7707 : case 13:
446 [ + + ]: 7707 : if (!allow_B) return {};
447 : 7703 : return {{{"B"_mst, "W"_mst}, Fragment::AND_B}};
448 : 5220 : case 15:
449 [ + + ]: 5220 : if (!allow_B) return {};
450 : 5213 : return {{{"B"_mst, "W"_mst}, Fragment::OR_B}};
451 : 3580 : case 16:
452 [ + + ]: 3580 : if (!allow_V) return {};
453 : 3572 : return {{{"B"_mst, "V"_mst}, Fragment::OR_C}};
454 : 10004 : case 17:
455 [ + + ]: 10004 : if (!allow_B) return {};
456 : 9997 : return {{{"B"_mst, "B"_mst}, Fragment::OR_D}};
457 : 21178 : case 18:
458 [ + + + + ]: 21178 : if (!(allow_B || allow_K || allow_V)) return {};
459 : 21169 : return {{{type_needed, type_needed}, Fragment::OR_I}};
460 : 8601 : case 19: {
461 [ + + ]: 8601 : if (!allow_B) return {};
462 : 8592 : auto k = provider.ConsumeIntegral<uint8_t>();
463 : 8592 : auto n_subs = provider.ConsumeIntegral<uint8_t>();
464 [ + + ]: 8592 : if (k == 0 || k > n_subs) return {};
465 : 8556 : std::vector<Type> subtypes;
466 [ + - ]: 8556 : subtypes.reserve(n_subs);
467 [ + - ]: 8556 : subtypes.emplace_back("B"_mst);
468 [ + - + + ]: 32703 : for (size_t i = 1; i < n_subs; ++i) subtypes.emplace_back("W"_mst);
469 : 8556 : return {{std::move(subtypes), Fragment::THRESH, k}};
470 : 8556 : }
471 : 20147 : case 20:
472 [ + + ]: 20147 : if (!allow_W) return {};
473 : 20138 : return {{{"B"_mst}, Fragment::WRAP_A}};
474 : 1796 : case 21:
475 [ + + ]: 1796 : if (!allow_W) return {};
476 : 1788 : return {{{"B"_mst}, Fragment::WRAP_S}};
477 : 13115 : case 22:
478 [ + + ]: 13115 : if (!allow_B) return {};
479 : 13106 : return {{{"K"_mst}, Fragment::WRAP_C}};
480 : 1435 : case 23:
481 [ + + ]: 1435 : if (!allow_B) return {};
482 : 1432 : return {{{"V"_mst}, Fragment::WRAP_D}};
483 : 41921 : case 24:
484 [ + + ]: 41921 : if (!allow_V) return {};
485 : 41913 : return {{{"B"_mst}, Fragment::WRAP_V}};
486 : 2869 : case 25:
487 [ + + ]: 2869 : if (!allow_B) return {};
488 : 2860 : return {{{"B"_mst}, Fragment::WRAP_J}};
489 : 11625 : case 26:
490 [ + + ]: 11625 : if (!allow_B) return {};
491 : 11619 : return {{{"B"_mst}, Fragment::WRAP_N}};
492 : 2377 : case 27: {
493 [ + + + + ]: 2377 : if (!allow_B || !IsTapscript(script_ctx)) return {};
494 : 1861 : const auto k = provider.ConsumeIntegral<uint16_t>();
495 : 1861 : const auto n_keys = provider.ConsumeIntegral<uint16_t>();
496 [ + + + + ]: 1861 : if (n_keys > 999 || k == 0 || k > n_keys) return {};
497 : 1831 : std::vector<CPubKey> keys{n_keys};
498 [ + + ]: 40134 : for (auto& key: keys) key = ConsumePubKey(provider);
499 : 1831 : return {{Fragment::MULTI_A, k, std::move(keys)}};
500 : 1831 : }
501 : 34 : default:
502 : 34 : break;
503 : : }
504 : 34 : return {};
505 : : }
506 : :
507 : : /* This structure contains a table which for each "target" Type a list of recipes
508 : : * to construct it, automatically inferred from the behavior of ComputeType.
509 : : * Note that the Types here are not the final types of the constructed Nodes, but
510 : : * just the subset that are required. For example, a recipe for the "Bo" type
511 : : * might construct a "Bondu" sha256() NodeInfo, but cannot construct a "Bz" older().
512 : : * Each recipe is a Fragment together with a list of required types for its subnodes.
513 : : */
514 : : struct SmartInfo
515 : : {
516 : : using recipe = std::pair<Fragment, std::vector<Type>>;
517 : : std::map<Type, std::vector<recipe>> wsh_table, tap_table;
518 : :
519 : 1 : void Init()
520 : : {
521 : 1 : Init(wsh_table, MsCtx::P2WSH);
522 : 1 : Init(tap_table, MsCtx::TAPSCRIPT);
523 : 1 : }
524 : :
525 : 2 : void Init(std::map<Type, std::vector<recipe>>& table, MsCtx script_ctx)
526 : : {
527 : : /* Construct a set of interesting type requirements to reason with (sections of BKVWzondu). */
528 : 2 : std::vector<Type> types;
529 [ + + ]: 10 : for (int base = 0; base < 4; ++base) { /* select from B,K,V,W */
530 [ + + + + : 8 : Type type_base = base == 0 ? "B"_mst : base == 1 ? "K"_mst : base == 2 ? "V"_mst : "W"_mst;
+ + ]
531 [ + + ]: 32 : for (int zo = 0; zo < 3; ++zo) { /* select from z,o,(none) */
532 [ + + + + ]: 24 : Type type_zo = zo == 0 ? "z"_mst : zo == 1 ? "o"_mst : ""_mst;
533 [ + + ]: 72 : for (int n = 0; n < 2; ++n) { /* select from (none),n */
534 [ + + ]: 48 : if (zo == 0 && n == 1) continue; /* z conflicts with n */
535 [ + + ]: 40 : if (base == 3 && n == 1) continue; /* W conflicts with n */
536 [ + + ]: 36 : Type type_n = n == 0 ? ""_mst : "n"_mst;
537 [ + + ]: 108 : for (int d = 0; d < 2; ++d) { /* select from (none),d */
538 [ + + ]: 72 : if (base == 2 && d == 1) continue; /* V conflicts with d */
539 [ + + ]: 62 : Type type_d = d == 0 ? ""_mst : "d"_mst;
540 [ + + ]: 186 : for (int u = 0; u < 2; ++u) { /* select from (none),u */
541 [ + + ]: 124 : if (base == 2 && u == 1) continue; /* V conflicts with u */
542 [ + + ]: 114 : Type type_u = u == 0 ? ""_mst : "u"_mst;
543 [ + - ]: 114 : Type type = type_base | type_zo | type_n | type_d | type_u;
544 [ + - ]: 114 : types.push_back(type);
545 : : }
546 : : }
547 : : }
548 : : }
549 : : }
550 : :
551 : : /* We define a recipe a to be a super-recipe of recipe b if they use the same
552 : : * fragment, the same number of subexpressions, and each of a's subexpression
553 : : * types is a supertype of the corresponding subexpression type of b.
554 : : * Within the set of recipes for the construction of a given type requirement,
555 : : * no recipe should be a super-recipe of another (as the super-recipe is
556 : : * applicable in every place the sub-recipe is, the sub-recipe is redundant). */
557 : 260828 : auto is_super_of = [](const recipe& a, const recipe& b) {
558 [ + + ]: 260826 : if (a.first != b.first) return false;
559 [ - + - + : 26260 : if (a.second.size() != b.second.size()) return false;
+ + ]
560 [ + + ]: 91420 : for (size_t i = 0; i < a.second.size(); ++i) {
561 [ + + ]: 66654 : if (!(b.second[i] << a.second[i])) return false;
562 : : }
563 : : return true;
564 : : };
565 : :
566 : : /* Sort the type requirements. Subtypes will always sort later (e.g. Bondu will
567 : : * sort after Bo or Bu). As we'll be constructing recipes using these types, in
568 : : * order, in what follows, we'll construct super-recipes before sub-recipes.
569 : : * That means we never need to go back and delete a sub-recipe because a
570 : : * super-recipe got added. */
571 : 2 : std::sort(types.begin(), types.end());
572 : :
573 : : // Iterate over all possible fragments.
574 [ + + ]: 56 : for (int fragidx = 0; fragidx <= int(Fragment::MULTI_A); ++fragidx) {
575 : 54 : int sub_count = 0; //!< The minimum number of child nodes this recipe has.
576 : 54 : int sub_range = 1; //!< The maximum number of child nodes for this recipe is sub_count+sub_range-1.
577 : 54 : size_t data_size = 0;
578 : 54 : size_t n_keys = 0;
579 : 54 : uint32_t k = 0;
580 : 54 : Fragment frag{fragidx};
581 : :
582 : : // Only produce recipes valid in the given context.
583 [ + + ]: 81 : if ((!miniscript::IsTapscript(script_ctx) && frag == Fragment::MULTI_A)
584 [ + + + + : 80 : || (miniscript::IsTapscript(script_ctx) && frag == Fragment::MULTI)) {
+ + ]
585 : 2 : continue;
586 : : }
587 : :
588 : : // Based on the fragment, determine #subs/data/k/keys to pass to ComputeType. */
589 [ + + + + : 52 : switch (frag) {
+ + + + +
+ ]
590 : 4 : case Fragment::PK_K:
591 : 4 : case Fragment::PK_H:
592 : 4 : n_keys = 1;
593 : 4 : break;
594 : 2 : case Fragment::MULTI:
595 : 2 : case Fragment::MULTI_A:
596 : 2 : n_keys = 1;
597 : 2 : k = 1;
598 : 2 : break;
599 : 4 : case Fragment::OLDER:
600 : 4 : case Fragment::AFTER:
601 : 4 : k = 1;
602 : 4 : break;
603 : 4 : case Fragment::SHA256:
604 : 4 : case Fragment::HASH256:
605 : 4 : data_size = 32;
606 : 4 : break;
607 : 4 : case Fragment::RIPEMD160:
608 : 4 : case Fragment::HASH160:
609 : 4 : data_size = 20;
610 : 4 : break;
611 : : case Fragment::JUST_0:
612 : : case Fragment::JUST_1:
613 : : break;
614 : 14 : case Fragment::WRAP_A:
615 : 14 : case Fragment::WRAP_S:
616 : 14 : case Fragment::WRAP_C:
617 : 14 : case Fragment::WRAP_D:
618 : 14 : case Fragment::WRAP_V:
619 : 14 : case Fragment::WRAP_J:
620 : 14 : case Fragment::WRAP_N:
621 : 14 : sub_count = 1;
622 : 14 : break;
623 : 12 : case Fragment::AND_V:
624 : 12 : case Fragment::AND_B:
625 : 12 : case Fragment::OR_B:
626 : 12 : case Fragment::OR_C:
627 : 12 : case Fragment::OR_D:
628 : 12 : case Fragment::OR_I:
629 : 12 : sub_count = 2;
630 : 12 : break;
631 : 2 : case Fragment::ANDOR:
632 : 2 : sub_count = 3;
633 : 2 : break;
634 : 2 : case Fragment::THRESH:
635 : : // Thresh logic is executed for 1 and 2 arguments. Larger numbers use ad-hoc code to extend.
636 : 2 : sub_count = 1;
637 : 2 : sub_range = 2;
638 : 2 : k = 1;
639 : 2 : break;
640 : : }
641 : :
642 : : // Iterate over the number of subnodes (sub_count...sub_count+sub_range-1).
643 : 52 : std::vector<Type> subt;
644 [ + + ]: 106 : for (int subs = sub_count; subs < sub_count + sub_range; ++subs) {
645 : : // Iterate over the possible subnode types (at most 3).
646 [ + + ]: 1878 : for (Type x : types) {
647 [ + + ]: 53830 : for (Type y : types) {
648 [ + + ]: 2886502 : for (Type z : types) {
649 : : // Compute the resulting type of a node with the selected fragment / subnode types.
650 [ + + ]: 2836790 : subt.clear();
651 [ + + + - ]: 2836790 : if (subs > 0) subt.push_back(x);
652 [ + + + - ]: 2836768 : if (subs > 1) subt.push_back(y);
653 [ + + + - ]: 2796208 : if (subs > 2) subt.push_back(z);
654 [ + - ]: 2836790 : Type res = miniscript::internal::ComputeType(frag, x, y, z, subt, k, data_size, subs, n_keys, script_ctx);
655 : : // Continue if the result is not a valid node.
656 [ + + ]: 2836790 : if ((res << "K"_mst) + (res << "V"_mst) + (res << "B"_mst) + (res << "W"_mst) != 1) continue;
657 : :
658 [ + - ]: 11456 : recipe entry{frag, subt};
659 [ + + ]: 260826 : auto super_of_entry = [&](const recipe& rec) { return is_super_of(rec, entry); };
660 : : // Iterate over all supertypes of res (because if e.g. our selected fragment/subnodes result
661 : : // in a Bondu, they can form a recipe that is also applicable for constructing a B, Bou, Bdu, ...).
662 [ + + ]: 664448 : for (Type s : types) {
663 [ + + ]: 652992 : if ((res & "BKVWzondu"_mst) << s) {
664 [ + - ]: 25510 : auto& recipes = table[s];
665 : : // If we don't already have a super-recipe to the new one, add it.
666 [ + + ]: 25510 : if (!std::any_of(recipes.begin(), recipes.end(), super_of_entry)) {
667 [ + - ]: 744 : recipes.push_back(entry);
668 : : }
669 : : }
670 : : }
671 : :
672 [ + + ]: 11456 : if (subs <= 2) break;
673 : 11456 : }
674 [ + + ]: 52918 : if (subs <= 1) break;
675 : : }
676 [ + + ]: 1846 : if (subs <= 0) break;
677 : : }
678 : : }
679 : : }
680 : :
681 : : /* Find which types are useful. The fuzzer logic only cares about constructing
682 : : * B,V,K,W nodes, so any type that isn't needed in any recipe (directly or
683 : : * indirectly) for the construction of those is uninteresting. */
684 [ + - ]: 4 : std::set<Type> useful_types{"B"_mst, "V"_mst, "K"_mst, "W"_mst};
685 : : // Find the transitive closure by adding types until the set of types does not change.
686 : 4 : while (true) {
687 : 4 : size_t set_size = useful_types.size();
688 [ + + ]: 200 : for (const auto& [type, recipes] : table) {
689 [ + + ]: 196 : if (useful_types.contains(type)) {
690 [ + + ]: 1129 : for (const auto& [_, subtypes] : recipes) {
691 [ + - + + ]: 2379 : for (auto subtype : subtypes) useful_types.insert(subtype);
692 : : }
693 : : }
694 : : }
695 [ + + ]: 4 : if (useful_types.size() == set_size) break;
696 : : }
697 : : // Remove all rules that construct uninteresting types.
698 [ + + ]: 100 : for (auto type_it = table.begin(); type_it != table.end();) {
699 [ + + ]: 98 : if (!useful_types.contains(type_it->first)) {
700 : 34 : type_it = table.erase(type_it);
701 : : } else {
702 : 64 : ++type_it;
703 : : }
704 : : }
705 : :
706 : : /* Find which types are constructible. A type is constructible if there is a leaf
707 : : * node recipe for constructing it, or a recipe whose subnodes are all constructible.
708 : : * Types can be non-constructible because they have no recipes to begin with,
709 : : * because they can only be constructed using recipes that involve otherwise
710 : : * non-constructible types, or because they require infinite recursion. */
711 : 4 : std::set<Type> constructible_types{};
712 : 812 : auto known_constructible = [&](Type type) { return constructible_types.contains(type); };
713 : : // Find the transitive closure by adding types until the set of types does not change.
714 : 4 : while (true) {
715 : 4 : size_t set_size = constructible_types.size();
716 : : // Iterate over all types we have recipes for.
717 [ + + ]: 132 : for (const auto& [type, recipes] : table) {
718 [ + + ]: 128 : if (!known_constructible(type)) {
719 : : // For not (yet known to be) constructible types, iterate over their recipes.
720 [ + + ]: 80 : for (const auto& [_, subt] : recipes) {
721 : : // If any recipe involves only (already known to be) constructible types,
722 : : // add the recipe's type to the set.
723 [ + + ]: 72 : if (std::all_of(subt.begin(), subt.end(), known_constructible)) {
724 [ + - ]: 60 : constructible_types.insert(type);
725 : : break;
726 : : }
727 : : }
728 : : }
729 : : }
730 [ + + ]: 4 : if (constructible_types.size() == set_size) break;
731 : : }
732 [ + + ]: 66 : for (auto type_it = table.begin(); type_it != table.end();) {
733 : : // Remove all recipes which involve non-constructible types.
734 : 64 : type_it->second.erase(std::remove_if(type_it->second.begin(), type_it->second.end(),
735 : 594 : [&](const recipe& rec) {
736 : 594 : return !std::all_of(rec.second.begin(), rec.second.end(), known_constructible);
737 : 64 : }), type_it->second.end());
738 : : // Delete types entirely which have no recipes left.
739 [ + + ]: 64 : if (type_it->second.empty()) {
740 : 4 : type_it = table.erase(type_it);
741 : : } else {
742 : 60 : ++type_it;
743 : : }
744 : : }
745 : :
746 [ + + ]: 62 : for (auto& [type, recipes] : table) {
747 : : // Sort recipes for determinism, and place those using fewer subnodes first.
748 : : // This avoids runaway expansion (when reaching the end of the fuzz input,
749 : : // all zeroes are read, resulting in the first available recipe being picked).
750 : 60 : std::sort(recipes.begin(), recipes.end(),
751 : 1271 : [](const recipe& a, const recipe& b) {
752 [ - + - + : 1271 : if (a.second.size() < b.second.size()) return true;
+ + ]
753 [ + + ]: 988 : if (a.second.size() > b.second.size()) return false;
754 : 536 : return a < b;
755 : : }
756 : : );
757 : : }
758 : 2 : }
759 : : } SMARTINFO;
760 : :
761 : : /**
762 : : * Consume a Miniscript node from the fuzzer's output.
763 : : *
764 : : * This is similar to ConsumeNodeStable, but uses a precomputed table with permitted
765 : : * fragments/subnode type for each required type. It is intended to more quickly explore
766 : : * interesting miniscripts, at the cost of higher implementation complexity (which could
767 : : * cause it miss things if incorrect), and with less regard for stability of the seeds
768 : : * (as improvements to the tables or changes to the typing rules could invalidate
769 : : * everything).
770 : : */
771 : 285733 : std::optional<NodeInfo> ConsumeNodeSmart(MsCtx script_ctx, FuzzedDataProvider& provider, Type type_needed) {
772 : : /** Table entry for the requested type. */
773 [ + + ]: 285733 : const auto& table{IsTapscript(script_ctx) ? SMARTINFO.tap_table : SMARTINFO.wsh_table};
774 : 285733 : auto recipes_it = table.find(type_needed);
775 [ - + ]: 285733 : assert(recipes_it != table.end());
776 : : /** Pick one recipe from the available ones for that type. */
777 [ + + + + : 285733 : const auto& [frag, subt] = PickValue(provider, recipes_it->second);
+ + + + +
+ - ]
778 : :
779 : : // Based on the fragment the recipe uses, fill in other data (k, keys, data).
780 [ + + + + : 285733 : switch (frag) {
+ + + + +
+ - ]
781 : 18431 : case Fragment::PK_K:
782 : 18431 : case Fragment::PK_H:
783 : 18431 : return {{frag, ConsumePubKey(provider)}};
784 : 6575 : case Fragment::MULTI: {
785 : 6575 : const auto n_keys = provider.ConsumeIntegralInRange<uint8_t>(1, 20);
786 : 6575 : const auto k = provider.ConsumeIntegralInRange<uint8_t>(1, n_keys);
787 : 6575 : std::vector<CPubKey> keys{n_keys};
788 [ + + ]: 37699 : for (auto& key: keys) key = ConsumePubKey(provider);
789 : 6575 : return {{frag, k, std::move(keys)}};
790 : 6575 : }
791 : 1987 : case Fragment::MULTI_A: {
792 : 1987 : const auto n_keys = provider.ConsumeIntegralInRange<uint16_t>(1, 999);
793 : 1987 : const auto k = provider.ConsumeIntegralInRange<uint16_t>(1, n_keys);
794 : 1987 : std::vector<CPubKey> keys{n_keys};
795 [ + + ]: 46429 : for (auto& key: keys) key = ConsumePubKey(provider);
796 : 1987 : return {{frag, k, std::move(keys)}};
797 : 1987 : }
798 : 5411 : case Fragment::OLDER:
799 : 5411 : case Fragment::AFTER:
800 : 5411 : return {{frag, provider.ConsumeIntegralInRange<uint32_t>(1, 0x7FFFFFF)}};
801 : 2707 : case Fragment::SHA256:
802 : 2707 : return {{frag, PickValue(provider, TEST_DATA.sha256)}};
803 : 2812 : case Fragment::HASH256:
804 : 2812 : return {{frag, PickValue(provider, TEST_DATA.hash256)}};
805 : 2353 : case Fragment::RIPEMD160:
806 : 2353 : return {{frag, PickValue(provider, TEST_DATA.ripemd160)}};
807 : 2386 : case Fragment::HASH160:
808 : 2386 : return {{frag, PickValue(provider, TEST_DATA.hash160)}};
809 : 232166 : case Fragment::JUST_0:
810 : 232166 : case Fragment::JUST_1:
811 : 232166 : case Fragment::WRAP_A:
812 : 232166 : case Fragment::WRAP_S:
813 : 232166 : case Fragment::WRAP_C:
814 : 232166 : case Fragment::WRAP_D:
815 : 232166 : case Fragment::WRAP_V:
816 : 232166 : case Fragment::WRAP_J:
817 : 232166 : case Fragment::WRAP_N:
818 : 232166 : case Fragment::AND_V:
819 : 232166 : case Fragment::AND_B:
820 : 232166 : case Fragment::OR_B:
821 : 232166 : case Fragment::OR_C:
822 : 232166 : case Fragment::OR_D:
823 : 232166 : case Fragment::OR_I:
824 : 232166 : case Fragment::ANDOR:
825 : 232166 : return {{subt, frag}};
826 : 10905 : case Fragment::THRESH: {
827 : 10905 : uint32_t children;
828 [ - + + + ]: 10905 : if (subt.size() < 2) {
829 : 9147 : children = subt.size();
830 : : } else {
831 : : // If we hit a thresh with 2 subnodes, artificially extend it to any number
832 : : // (2 or larger) by replicating the type of the last subnode.
833 : 1758 : children = provider.ConsumeIntegralInRange<uint32_t>(2, MAX_OPS_PER_SCRIPT / 2);
834 : : }
835 : 10905 : auto k = provider.ConsumeIntegralInRange<uint32_t>(1, children);
836 : 10905 : std::vector<Type> subs = subt;
837 [ + - - + : 51308 : while (subs.size() < children) subs.push_back(subs.back());
+ + ]
838 : 10905 : return {{std::move(subs), frag, k}};
839 : 10905 : }
840 : : }
841 : :
842 : 0 : assert(false);
843 : : }
844 : :
845 : : /**
846 : : * Generate a Miniscript node based on the fuzzer's input.
847 : : *
848 : : * - ConsumeNode is a function object taking a Type, and returning an std::optional<NodeInfo>.
849 : : * - root_type is the required type properties of the constructed Node.
850 : : * - strict_valid sets whether ConsumeNode is expected to guarantee a NodeInfo that results in
851 : : * a Node whose Type() matches the type fed to ConsumeNode.
852 : : */
853 : : template <typename F>
854 : 10628 : std::optional<Node> GenNode(MsCtx script_ctx, F ConsumeNode, Type root_type, bool strict_valid = false)
855 : : {
856 : : /** A stack of miniscript Nodes being built up. */
857 : 10628 : std::vector<Node> stack;
858 : : /** The queue of instructions. */
859 [ + - + + : 31884 : std::vector<std::pair<Type, std::optional<NodeInfo>>> todo{{root_type, {}}};
- - ]
860 : : /** Predict the number of (static) script ops. */
861 : 10628 : uint32_t ops{0};
862 : : /** Predict the total script size (every unexplored subnode is counted as one, as every leaf is
863 : : * at least one script byte). */
864 : 10628 : uint32_t scriptsize{1};
865 : :
866 [ + + ]: 1174574 : while (!todo.empty()) {
867 : : // The expected type we have to construct.
868 : 1166667 : auto type_needed = todo.back().first;
869 [ + + ]: 1166667 : if (!todo.back().second) {
870 : : // Fragment/children have not been decided yet. Decide them.
871 [ + + ]: 608963 : auto node_info = ConsumeNode(type_needed);
872 [ + + ]: 608963 : if (!node_info) return {};
873 : : // Update predicted resource limits. Since every leaf Miniscript node is at least one
874 : : // byte long, we move one byte from each child to their parent. A similar technique is
875 : : // used in the miniscript::internal::Parse function to prevent runaway string parsing.
876 [ - + - + : 606819 : scriptsize += miniscript::internal::ComputeScriptLen(node_info->fragment, ""_mst, node_info->subtypes.size(), node_info->k, node_info->subtypes.size(),
+ - ]
877 [ - + ]: 606819 : node_info->keys.size(), script_ctx) - 1;
878 [ + + ]: 606819 : if (scriptsize > MAX_STANDARD_P2WSH_SCRIPT_SIZE) return {};
879 [ + + + + : 606751 : switch (node_info->fragment) {
+ + + + +
+ + + + +
+ + + + ]
880 : : case Fragment::JUST_0:
881 : : case Fragment::JUST_1:
882 : : break;
883 : : case Fragment::PK_K:
884 : : break;
885 : 11955 : case Fragment::PK_H:
886 : 11955 : ops += 3;
887 : 11955 : break;
888 : 16382 : case Fragment::OLDER:
889 : : case Fragment::AFTER:
890 : 16382 : ops += 1;
891 : 16382 : break;
892 : 23701 : case Fragment::RIPEMD160:
893 : : case Fragment::SHA256:
894 : : case Fragment::HASH160:
895 : : case Fragment::HASH256:
896 : 23701 : ops += 4;
897 : 23701 : break;
898 : 27358 : case Fragment::ANDOR:
899 : 27358 : ops += 3;
900 : 27358 : break;
901 : : case Fragment::AND_V:
902 : : break;
903 : 24708 : case Fragment::AND_B:
904 : : case Fragment::OR_B:
905 : 24708 : ops += 1;
906 : 24708 : break;
907 : 7504 : case Fragment::OR_C:
908 : 7504 : ops += 2;
909 : 7504 : break;
910 : 16856 : case Fragment::OR_D:
911 : 16856 : ops += 3;
912 : 16856 : break;
913 : 34174 : case Fragment::OR_I:
914 : 34174 : ops += 3;
915 : 34174 : break;
916 [ - + ]: 19461 : case Fragment::THRESH:
917 [ - + ]: 19461 : ops += node_info->subtypes.size();
918 : 19461 : break;
919 : 12658 : case Fragment::MULTI:
920 : 12658 : ops += 1;
921 : 12658 : break;
922 [ - + ]: 3765 : case Fragment::MULTI_A:
923 [ - + ]: 3765 : ops += node_info->keys.size() + 1;
924 : 3765 : break;
925 : 49072 : case Fragment::WRAP_A:
926 : 49072 : ops += 2;
927 : 49072 : break;
928 : 5559 : case Fragment::WRAP_S:
929 : 5559 : ops += 1;
930 : 5559 : break;
931 : 23399 : case Fragment::WRAP_C:
932 : 23399 : ops += 1;
933 : 23399 : break;
934 : 2585 : case Fragment::WRAP_D:
935 : 2585 : ops += 3;
936 : 2585 : break;
937 : : case Fragment::WRAP_V:
938 : : // We don't account for OP_VERIFY here; that will be corrected for when the actual
939 : : // node is constructed below.
940 : : break;
941 : 4882 : case Fragment::WRAP_J:
942 : 4882 : ops += 4;
943 : 4882 : break;
944 : 19653 : case Fragment::WRAP_N:
945 : 19653 : ops += 1;
946 : 19653 : break;
947 : : }
948 [ + + ]: 606751 : if (ops > MAX_OPS_PER_SCRIPT) return {};
949 [ + - ]: 606558 : auto subtypes = node_info->subtypes;
950 [ - + ]: 606558 : todo.back().second = std::move(node_info);
951 [ - + + - ]: 606558 : todo.reserve(todo.size() + subtypes.size());
952 : : // As elements on the todo stack are processed back to front, construct
953 : : // them in reverse order (so that the first subnode is generated first).
954 [ - + + + ]: 1253833 : for (size_t i = 0; i < subtypes.size(); ++i) {
955 [ + - ]: 647275 : todo.emplace_back(*(subtypes.rbegin() + i), std::nullopt);
956 : : }
957 : 608963 : } else {
958 : : // The back of todo has fragment and number of children decided, and
959 : : // those children have been constructed at the back of stack. Pop
960 : : // that entry off todo, and use it to construct a new Node on
961 : : // stack.
962 [ - + ]: 557704 : NodeInfo& info = *todo.back().second;
963 : : // Gather children from the back of stack.
964 : 557704 : std::vector<Node> sub;
965 [ - + + - ]: 557704 : sub.reserve(info.subtypes.size());
966 [ - + + + ]: 1097684 : for (size_t i = 0; i < info.subtypes.size(); ++i) {
967 [ + - ]: 539980 : sub.push_back(std::move(*(stack.end() - info.subtypes.size() + i)));
968 : : }
969 : 557704 : stack.erase(stack.end() - info.subtypes.size(), stack.end());
970 : : // Construct new Node.
971 [ + - ]: 1115408 : Node node{[&] {
972 [ + + + + ]: 557704 : if (info.keys.empty()) {
973 [ + - + - ]: 1013304 : return Node{miniscript::internal::NoDupCheck{}, script_ctx, info.fragment, std::move(sub), std::move(info.hash), info.k};
974 : : }
975 [ - + - + ]: 51052 : assert(sub.empty());
976 [ - + - + ]: 51052 : assert(info.hash.empty());
977 [ + - + - ]: 102104 : return Node{miniscript::internal::NoDupCheck{}, script_ctx, info.fragment, std::move(info.keys), info.k};
978 : : }()};
979 : : // Verify acceptability.
980 [ + + ]: 557704 : if ((node.GetType() & "KVWB"_mst) == ""_mst) {
981 [ - + ]: 281 : assert(!strict_valid);
982 : 281 : return {};
983 : : }
984 [ + + ]: 557423 : if (!(type_needed == ""_mst)) {
985 [ - + ]: 528131 : assert(node.GetType() << type_needed);
986 : : }
987 [ + + ]: 557423 : if (!node.IsValid()) return {};
988 : : // Update resource predictions.
989 [ + + + + ]: 557418 : if (node.Fragment() == Fragment::WRAP_V && node.Subs()[0].GetType() << "x"_mst) {
990 : 34021 : ops += 1;
991 : 34021 : scriptsize += 1;
992 : : }
993 [ + + + + ]: 557418 : if (!miniscript::IsTapscript(script_ctx) && ops > MAX_OPS_PER_SCRIPT) return {};
994 [ + + + + ]: 889416 : if (scriptsize > miniscript::internal::MaxScriptSize(script_ctx)) {
995 : 4 : return {};
996 : : }
997 : : // Move it to the stack.
998 : 557388 : stack.push_back(std::move(node));
999 : 557388 : todo.pop_back();
1000 : 557704 : }
1001 : : }
1002 [ - + ]: 7907 : assert(stack.size() == 1);
1003 [ - + ]: 7907 : assert(stack[0].GetStaticOps() == ops);
1004 [ - + ]: 7907 : assert(stack[0].ScriptSize() == scriptsize);
1005 [ + - ]: 7907 : stack[0].DuplicateKeyCheck(KEY_COMP);
1006 : 7907 : return std::move(stack[0]);
1007 [ - + ]: 21256 : }
1008 : :
1009 : : //! The spk for this script under the given context. If it's a Taproot output also record the spend data.
1010 : 7303 : CScript ScriptPubKey(MsCtx ctx, const CScript& script, TaprootBuilder& builder)
1011 : : {
1012 [ + + + - : 7303 : if (!miniscript::IsTapscript(ctx)) return CScript() << OP_0 << WitnessV0ScriptHash(script);
+ - ]
1013 : :
1014 : : // For Taproot outputs we always use a tree with a single script and a dummy internal key.
1015 [ + + ]: 6814 : builder.Add(0, script, TAPROOT_LEAF_TAPSCRIPT);
1016 : 3407 : builder.Finalize(XOnlyPubKey::NUMS_H);
1017 [ + - ]: 6814 : return GetScriptForDestination(builder.GetOutput());
1018 : : }
1019 : :
1020 : : //! Fill the witness with the data additional to the script satisfaction.
1021 : 6291 : void SatisfactionToWitness(MsCtx ctx, CScriptWitness& witness, const CScript& script, TaprootBuilder& builder) {
1022 : : // For P2WSH, it's only the witness script.
1023 [ + + ]: 12582 : witness.stack.emplace_back(script.begin(), script.end());
1024 [ + + ]: 6291 : if (!miniscript::IsTapscript(ctx)) return;
1025 : : // For Tapscript we also need the control block.
1026 [ + - ]: 5762 : witness.stack.push_back(*builder.GetSpendData().scripts.begin()->second.begin());
1027 : : }
1028 : :
1029 : : /** Perform various applicable tests on a miniscript Node. */
1030 : 10628 : void TestNode(const MsCtx script_ctx, const std::optional<Node>& node, FuzzedDataProvider& provider)
1031 : : {
1032 [ + + ]: 10628 : if (!node) return;
1033 : :
1034 : : // Check that it roundtrips to text representation
1035 : 7907 : const ParserContext parser_ctx{script_ctx};
1036 : 7907 : std::optional<std::string> str{node->ToString(parser_ctx)};
1037 [ - + ]: 7907 : assert(str);
1038 [ - + ]: 7907 : auto parsed = miniscript::FromString(*str, parser_ctx);
1039 [ - + ]: 7907 : assert(parsed);
1040 [ + - - + ]: 7907 : assert(*parsed == *node);
1041 : :
1042 : : // Check consistency between script size estimation and real size.
1043 [ + - ]: 7907 : auto script = node->ToScript(parser_ctx);
1044 [ + + - + ]: 14434 : assert(node->ScriptSize() == script.size());
1045 : :
1046 : : // Check consistency of "x" property with the script (type K is excluded, because it can end
1047 : : // with a push of a key, which could match these opcodes).
1048 [ + + ]: 7907 : if (!(node->GetType() << "K"_mst)) {
1049 [ + + ]: 7758 : bool ends_in_verify = !(node->GetType() << "x"_mst);
1050 [ + + + + : 36578 : assert(ends_in_verify == (script.back() == OP_CHECKSIG || script.back() == OP_CHECKMULTISIG || script.back() == OP_EQUAL || script.back() == OP_NUMEQUAL));
+ + + + +
+ - + ]
1051 : : }
1052 : :
1053 : : // The rest of the checks only apply when testing a valid top-level script.
1054 [ + + ]: 7907 : if (!node->IsValidTopLevel()) return;
1055 : :
1056 : : // Check roundtrip to script
1057 [ + - ]: 7303 : auto decoded = miniscript::FromScript(script, parser_ctx);
1058 [ - + ]: 7303 : assert(decoded);
1059 : : // Note we can't use *decoded == *node because the miniscript representation may differ, so we check that:
1060 : : // - The script corresponding to that decoded form matches exactly
1061 : : // - The type matches exactly
1062 [ + - - + ]: 7303 : assert(decoded->ToScript(parser_ctx) == script);
1063 [ - + ]: 7303 : assert(decoded->GetType() == node->GetType());
1064 : :
1065 : : // Optionally pad the script or the witness in order to increase the sensitivity of the tests of
1066 : : // the resources limits logic.
1067 : 7303 : CScriptWitness witness_mal, witness_nonmal;
1068 [ + + ]: 7303 : if (provider.ConsumeBool()) {
1069 : : // Under P2WSH, optionally pad the script with OP_NOPs to max op the ops limit of the constructed script.
1070 : : // This makes the script obviously not actually miniscript-compatible anymore, but the
1071 : : // signatures constructed in this test don't commit to the script anyway, so the same
1072 : : // miniscript satisfier will work. This increases the sensitivity of the test to the ops
1073 : : // counting logic being too low, especially for simple scripts.
1074 : : // Do this optionally because we're not solely interested in cases where the number of ops is
1075 : : // maximal.
1076 : : // Do not pad more than what would cause MAX_STANDARD_P2WSH_SCRIPT_SIZE to be reached, however,
1077 : : // as that also invalidates scripts.
1078 : 1297 : const auto node_ops{node->GetOps()};
1079 [ + + + + ]: 1933 : if (!IsTapscript(script_ctx) && node_ops && *node_ops < MAX_OPS_PER_SCRIPT
1080 [ + + + + ]: 1839 : && node->ScriptSize() < MAX_STANDARD_P2WSH_SCRIPT_SIZE) {
1081 [ + + ]: 539 : int add = std::min<int>(
1082 [ + + ]: 539 : MAX_OPS_PER_SCRIPT - *node_ops,
1083 [ + + ]: 539 : MAX_STANDARD_P2WSH_SCRIPT_SIZE - node->ScriptSize());
1084 [ + + ]: 62526 : for (int i = 0; i < add; ++i) script.push_back(OP_NOP);
1085 : : }
1086 : :
1087 : : // Under Tapscript, optionally pad the stack up to the limit minus the calculated maximum execution stack
1088 : : // size to assert a Miniscript would never add more elements to the stack during execution than anticipated.
1089 : 1297 : const auto node_exec_ss{node->GetExecStackSize()};
1090 [ + + + + : 1297 : if (miniscript::IsTapscript(script_ctx) && node_exec_ss && *node_exec_ss < MAX_STACK_SIZE) {
+ - ]
1091 [ + - ]: 611 : unsigned add{(unsigned)MAX_STACK_SIZE - *node_exec_ss};
1092 [ + - ]: 611 : witness_mal.stack.resize(add);
1093 [ + - ]: 611 : witness_nonmal.stack.resize(add);
1094 : 611 : script.reserve(add);
1095 [ + + ]: 592426 : for (unsigned i = 0; i < add; ++i) script.push_back(OP_NIP);
1096 : : }
1097 : : }
1098 : :
1099 : 7303 : const SatisfierContext satisfier_ctx{script_ctx};
1100 : :
1101 : : // Get the ScriptPubKey for this script, filling spend data if it's Taproot.
1102 [ + - ]: 7303 : TaprootBuilder builder;
1103 [ + - ]: 7303 : const CScript script_pubkey{ScriptPubKey(script_ctx, script, builder)};
1104 : :
1105 : : // Run malleable satisfaction algorithm.
1106 : 7303 : std::vector<std::vector<unsigned char>> stack_mal;
1107 [ + - ]: 7303 : const bool mal_success = node->Satisfy(satisfier_ctx, stack_mal, false) == miniscript::Availability::YES;
1108 : :
1109 : : // Run non-malleable satisfaction algorithm.
1110 : 7303 : std::vector<std::vector<unsigned char>> stack_nonmal;
1111 [ + - ]: 7303 : const bool nonmal_success = node->Satisfy(satisfier_ctx, stack_nonmal, true) == miniscript::Availability::YES;
1112 : :
1113 [ + + ]: 7303 : if (nonmal_success) {
1114 : : // Non-malleable satisfactions are bounded by the satisfaction size plus:
1115 : : // - For P2WSH spends, the witness script
1116 : : // - For Tapscript spends, both the witness script and the control block
1117 : 1757 : const size_t max_stack_size{*node->GetStackSize() + 1 + miniscript::IsTapscript(script_ctx)};
1118 [ - + - + ]: 1757 : assert(stack_nonmal.size() <= max_stack_size);
1119 : : // If a non-malleable satisfaction exists, the malleable one must also exist, and be identical to it.
1120 [ - + ]: 1757 : assert(mal_success);
1121 [ - + ]: 1757 : assert(stack_nonmal == stack_mal);
1122 : : // Compute witness size (excluding script push, control block, and witness count encoding).
1123 [ - + - + ]: 1757 : const uint64_t wit_size{GetSerializeSize(stack_nonmal) - GetSizeOfCompactSize(stack_nonmal.size())};
1124 [ - + - + ]: 3514 : assert(wit_size <= *node->GetWitnessSize());
1125 : :
1126 : : // Test non-malleable satisfaction.
1127 [ + - ]: 1757 : witness_nonmal.stack.insert(witness_nonmal.stack.end(), std::make_move_iterator(stack_nonmal.begin()), std::make_move_iterator(stack_nonmal.end()));
1128 [ + - ]: 1757 : SatisfactionToWitness(script_ctx, witness_nonmal, script, builder);
1129 : 1757 : ScriptError serror;
1130 [ + - ]: 1757 : bool res = VerifyScript(DUMMY_SCRIPTSIG, script_pubkey, &witness_nonmal, STANDARD_SCRIPT_VERIFY_FLAGS, CHECKER_CTX, &serror);
1131 : : // Non-malleable satisfactions are guaranteed to be valid if ValidSatisfactions().
1132 [ + + - + ]: 1757 : if (node->ValidSatisfactions()) assert(res);
1133 : : // More detailed: non-malleable satisfactions must be valid, or could fail with ops count error (if CheckOpsLimit failed),
1134 : : // or with a stack size error (if CheckStackSize check failed).
1135 [ + + + - : 152 : assert(res ||
- + - - -
- ]
1136 : : (!node->CheckOpsLimit() && serror == ScriptError::SCRIPT_ERR_OP_COUNT) ||
1137 : : (!node->CheckStackSize() && serror == ScriptError::SCRIPT_ERR_STACK_SIZE));
1138 : : }
1139 : :
1140 [ + + + + : 7303 : if (mal_success && (!nonmal_success || witness_mal.stack != witness_nonmal.stack)) {
+ - ]
1141 : : // Test malleable satisfaction only if it's different from the non-malleable one.
1142 [ + - ]: 4534 : witness_mal.stack.insert(witness_mal.stack.end(), std::make_move_iterator(stack_mal.begin()), std::make_move_iterator(stack_mal.end()));
1143 [ + - ]: 4534 : SatisfactionToWitness(script_ctx, witness_mal, script, builder);
1144 : 4534 : ScriptError serror;
1145 [ + - ]: 4534 : bool res = VerifyScript(DUMMY_SCRIPTSIG, script_pubkey, &witness_mal, STANDARD_SCRIPT_VERIFY_FLAGS, CHECKER_CTX, &serror);
1146 : : // Malleable satisfactions are not guaranteed to be valid under any conditions, but they can only
1147 : : // fail due to stack or ops limits.
1148 [ + + + + : 4534 : assert(res || serror == ScriptError::SCRIPT_ERR_OP_COUNT || serror == ScriptError::SCRIPT_ERR_STACK_SIZE);
- + ]
1149 : : }
1150 : :
1151 [ + + ]: 7303 : if (node->IsSane()) {
1152 : : // For sane nodes, the two algorithms behave identically.
1153 [ - + ]: 861 : assert(mal_success == nonmal_success);
1154 : : }
1155 : :
1156 : : // Verify that if a node is policy-satisfiable, the malleable satisfaction
1157 : : // algorithm succeeds. Given that under IsSane() both satisfactions
1158 : : // are identical, this implies that for such nodes, the non-malleable
1159 : : // satisfaction will also match the expected policy.
1160 : 141732 : const auto is_key_satisfiable = [script_ctx](const CPubKey& pubkey) -> bool {
1161 : 134429 : auto sig_ptr{TEST_DATA.GetSig(script_ctx, pubkey)};
1162 [ + - + + ]: 134429 : return sig_ptr != nullptr && sig_ptr->second;
1163 : 7303 : };
1164 [ + - ]: 7303 : bool satisfiable = node->IsSatisfiable([&](const Node& node) -> bool {
1165 [ + + + + : 81402 : switch (node.Fragment()) {
+ + + - ]
1166 : 30892 : case Fragment::PK_K:
1167 : 30892 : case Fragment::PK_H:
1168 : 30892 : return is_key_satisfiable(node.Keys()[0]);
1169 : 15496 : case Fragment::MULTI:
1170 : 15496 : case Fragment::MULTI_A: {
1171 : 15496 : size_t sats = std::ranges::count_if(node.Keys(), [&](const auto& key) {
1172 : 103537 : return size_t(is_key_satisfiable(key));
1173 : 15496 : });
1174 : 15496 : return sats >= node.K();
1175 : : }
1176 : 14011 : case Fragment::OLDER:
1177 : 14011 : case Fragment::AFTER:
1178 : 14011 : return node.K() & 1;
1179 : 5025 : case Fragment::SHA256:
1180 : 5025 : return TEST_DATA.sha256_preimages.contains(node.Data());
1181 : 5725 : case Fragment::HASH256:
1182 : 5725 : return TEST_DATA.hash256_preimages.contains(node.Data());
1183 : 5219 : case Fragment::RIPEMD160:
1184 : 5219 : return TEST_DATA.ripemd160_preimages.contains(node.Data());
1185 : 5034 : case Fragment::HASH160:
1186 : 5034 : return TEST_DATA.hash160_preimages.contains(node.Data());
1187 : 0 : default:
1188 : 0 : assert(false);
1189 : : }
1190 : : return false;
1191 : : });
1192 [ - + ]: 7303 : assert(mal_success == satisfiable);
1193 : 7907 : }
1194 : :
1195 : : } // namespace
1196 : :
1197 : 3 : void FuzzInit()
1198 : : {
1199 [ + - + - : 3 : static ECC_Context ecc_context{};
+ - ]
1200 : 3 : TEST_DATA.Init();
1201 : 3 : }
1202 : :
1203 : 1 : void FuzzInitSmart()
1204 : : {
1205 : 1 : FuzzInit();
1206 : 1 : SMARTINFO.Init();
1207 : 1 : }
1208 : :
1209 : : /** Fuzz target that runs TestNode on nodes generated using ConsumeNodeStable. */
1210 [ + - ]: 4022 : FUZZ_TARGET(miniscript_stable, .init = FuzzInit)
1211 : : {
1212 : : // Run it under both P2WSH and Tapscript contexts.
1213 [ + + ]: 10698 : for (const auto script_ctx: {MsCtx::P2WSH, MsCtx::TAPSCRIPT}) {
1214 : 7132 : FuzzedDataProvider provider(buffer.data(), buffer.size());
1215 [ + - ]: 337494 : TestNode(script_ctx, GenNode(script_ctx, [&](Type needed_type) {
1216 [ + - ]: 323230 : return ConsumeNodeStable(script_ctx, provider, needed_type);
1217 : : }, ""_mst), provider);
1218 : : }
1219 : 3566 : }
1220 : :
1221 : : /** Fuzz target that runs TestNode on nodes generated using ConsumeNodeSmart. */
1222 [ + - ]: 3952 : FUZZ_TARGET(miniscript_smart, .init = FuzzInitSmart)
1223 : : {
1224 : : /** The set of types we aim to construct nodes for. Together they cover all. */
1225 : 3496 : static constexpr std::array<Type, 4> BASE_TYPES{"B"_mst, "V"_mst, "K"_mst, "W"_mst};
1226 : :
1227 : 3496 : FuzzedDataProvider provider(buffer.data(), buffer.size());
1228 : 3496 : const auto script_ctx{(MsCtx)provider.ConsumeBool()};
1229 [ + - ]: 289229 : TestNode(script_ctx, GenNode(script_ctx, [&](Type needed_type) {
1230 [ + - ]: 285733 : return ConsumeNodeSmart(script_ctx, provider, needed_type);
1231 : 3496 : }, PickValue(provider, BASE_TYPES), true), provider);
1232 : 3496 : }
1233 : :
1234 : : /* Fuzz tests that test parsing from a string, and roundtripping via string. */
1235 [ + - ]: 3239 : FUZZ_TARGET(miniscript_string, .init = FuzzInit)
1236 : : {
1237 [ + + + + ]: 5566 : constexpr auto is_too_expensive{[](std::span<const uint8_t> buf) { return HasTooManySubFrag(buf) || HasTooManyWrappers(buf); }};
1238 : :
1239 [ + - ]: 2783 : if (buffer.empty()) return;
1240 : 2783 : FuzzedDataProvider provider(buffer.data(), buffer.size());
1241 : 2783 : auto str = provider.ConsumeBytesAsString(provider.remaining_bytes() - 1);
1242 [ + - + + ]: 2783 : if (is_too_expensive(MakeUCharSpan(str))) return;
1243 : 2608 : const ParserContext parser_ctx{(MsCtx)provider.ConsumeBool()};
1244 [ - + ]: 2608 : auto parsed = miniscript::FromString(str, parser_ctx);
1245 [ + + ]: 2608 : if (!parsed) return;
1246 : :
1247 [ + - ]: 905 : const auto str2 = parsed->ToString(parser_ctx);
1248 [ - + ]: 905 : assert(str2);
1249 [ - + ]: 905 : auto parsed2 = miniscript::FromString(*str2, parser_ctx);
1250 [ - + ]: 905 : assert(parsed2);
1251 [ + - - + ]: 905 : assert(*parsed == *parsed2);
1252 : 4486 : }
1253 : :
1254 : : /* Fuzz tests that test parsing from a script, and roundtripping via script. */
1255 [ + - ]: 2755 : FUZZ_TARGET(miniscript_script)
1256 : : {
1257 : 2299 : FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
1258 : 2299 : const std::optional<CScript> script = ConsumeDeserializable<CScript>(fuzzed_data_provider);
1259 [ + + ]: 2299 : if (!script) return;
1260 : :
1261 : 2073 : const ScriptParserContext script_parser_ctx{(MsCtx)fuzzed_data_provider.ConsumeBool()};
1262 [ + - ]: 2073 : const auto ms = miniscript::FromScript(*script, script_parser_ctx);
1263 [ + + ]: 2073 : if (!ms) return;
1264 : :
1265 [ + - - + ]: 1094 : assert(ms->ToScript(script_parser_ctx) == *script);
1266 : 3825 : }
|
