tests: Add proof-of-work fuzzing harness

Author: practicalswift

src/Makefile.test.include

@@ -57,6 +57,7 @@ FUZZ_TARGETS = \
   test/fuzz/parse_univalue \
   test/fuzz/partial_merkle_tree_deserialize \
   test/fuzz/partially_signed_transaction_deserialize \
+  test/fuzz/pow \
   test/fuzz/prefilled_transaction_deserialize \
   test/fuzz/process_message \
   test/fuzz/process_message_addr \
@@ -610,6 +611,12 @@ test_fuzz_partially_signed_transaction_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMO
 test_fuzz_partially_signed_transaction_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_partially_signed_transaction_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_pow_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_pow_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_pow_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_pow_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_pow_SOURCES = $(FUZZ_SUITE) test/fuzz/pow.cpp
+
 test_fuzz_prefilled_transaction_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DPREFILLED_TRANSACTION_DESERIALIZE=1
 test_fuzz_prefilled_transaction_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_prefilled_transaction_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)

src/test/fuzz/pow.cpp

@@ -0,0 +1,81 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chain.h>
+#include <chainparams.h>
+#include <optional.h>
+#include <pow.h>
+#include <primitives/block.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void initialize()
+{
+    SelectParams(CBaseChainParams::MAIN);
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const Consensus::Params& consensus_params = Params().GetConsensus();
+    std::vector<CBlockIndex> blocks;
+    const uint32_t fixed_time = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
+    const uint32_t fixed_bits = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        const Optional<CBlockHeader> block_header = ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);
+        if (!block_header) {
+            continue;
+        }
+        CBlockIndex current_block{*block_header};
+        {
+            CBlockIndex* previous_block = !blocks.empty() ? &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, blocks.size() - 1)] : nullptr;
+            const int current_height = (previous_block != nullptr && previous_block->nHeight != std::numeric_limits<int>::max()) ? previous_block->nHeight + 1 : 0;
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.pprev = previous_block;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nHeight = current_height;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nTime = fixed_time + current_height * consensus_params.nPowTargetSpacing;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nBits = fixed_bits;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nChainWork = previous_block != nullptr ? previous_block->nChainWork + GetBlockProof(*previous_block) : arith_uint256{0};
+            } else {
+                current_block.nChainWork = ConsumeArithUInt256(fuzzed_data_provider);
+            }
+            blocks.push_back(current_block);
+        }
+        {
+            (void)GetBlockProof(current_block);
+            (void)CalculateNextWorkRequired(&current_block, fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0, std::numeric_limits<int64_t>::max()), consensus_params);
+            if (current_block.nHeight != std::numeric_limits<int>::max() && current_block.nHeight - (consensus_params.DifficultyAdjustmentInterval() - 1) >= 0) {
+                (void)GetNextWorkRequired(&current_block, &(*block_header), consensus_params);
+            }
+        }
+        {
+            const CBlockIndex* to = &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, blocks.size() - 1)];
+            const CBlockIndex* from = &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, blocks.size() - 1)];
+            const CBlockIndex* tip = &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, blocks.size() - 1)];
+            try {
+                (void)GetBlockProofEquivalentTime(*to, *from, *tip, consensus_params);
+            } catch (const uint_error&) {
+            }
+        }
+        {
+            const Optional<uint256> hash = ConsumeDeserializable<uint256>(fuzzed_data_provider);
+            if (hash) {
+                (void)CheckProofOfWork(*hash, fuzzed_data_provider.ConsumeIntegral<unsigned int>(), consensus_params);
+            }
+        }
+    }
+}

src/test/fuzz/util.h

@@ -6,6 +6,7 @@
 #define BITCOIN_TEST_FUZZ_UTIL_H
 
 #include <amount.h>
+#include <arith_uint256.h>
 #include <attributes.h>
 #include <optional.h>
 #include <script/script.h>
@@ -80,6 +81,11 @@ NODISCARD inline uint256 ConsumeUInt256(FuzzedDataProvider& fuzzed_data_provider
     return uint256{v256};
 }
 
+NODISCARD inline arith_uint256 ConsumeArithUInt256(FuzzedDataProvider& fuzzed_data_provider) noexcept
+{
+    return UintToArith256(ConsumeUInt256(fuzzed_data_provider));
+}
+
 template <typename T>
 bool MultiplicationOverflow(T i, T j)
 {