Merge bitcoin#22769: fuzz: Use LIMITED_WHILE instead of limit_max_ops

faa5fa9 fuzz: Use LIMITED_WHILE instead of limit_max_ops (MarcoFalke)

Pull request description:

  This avoids the local stack variable `limit_max_ops` and makes it easier to grep for limited loops. Also, it is less code.

ACKs for top commit:
  theStack:
    Code-review ACK faa5fa9 🍷
  Zero-1729:
    crACK faa5fa9 🥤

Tree-SHA512: b10d89f4ce57bac0d6e9de9db7d4db85bae81bc02536d46a910be8c0e77333f2d9a547c7fe03df57f5ff9fd90b6994b09996d8e148573fb7ecd840d08b5c0c7d

Author: MarcoFalke

src/test/fuzz/banman.cpp

@@ -40,10 +40,6 @@ static bool operator==(const CBanEntry& lhs, const CBanEntry& rhs)
 
 FUZZ_TARGET_INIT(banman, initialize_banman)
 {
-    // The complexity is O(N^2), where N is the input size, because each call
-    // might call DumpBanlist (or other methods that are at least linear
-    // complexity of the input size).
-    int limit_max_ops{300};
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
     SetMockTime(ConsumeTime(fuzzed_data_provider));
     fs::path banlist_file = GetDataDir() / "fuzzed_banlist";
@@ -62,7 +58,11 @@ FUZZ_TARGET_INIT(banman, initialize_banman)
 
     {
         BanMan ban_man{banlist_file, /* client_interface */ nullptr, /* default_ban_time */ ConsumeBanTimeOffset(fuzzed_data_provider)};
-        while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
+        // The complexity is O(N^2), where N is the input size, because each call
+        // might call DumpBanlist (or other methods that are at least linear
+        // complexity of the input size).
+        LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
+        {
             CallOneOf(
                 fuzzed_data_provider,
                 [&] {

src/test/fuzz/crypto.cpp

@@ -19,10 +19,6 @@
 
 FUZZ_TARGET(crypto)
 {
-    // Hashing is expensive with sanitizers enabled, so limit the number of
-    // calls
-    int limit_max_ops{30};
-
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
     std::vector<uint8_t> data = ConsumeRandomLengthByteVector(fuzzed_data_provider);
     if (data.empty()) {
@@ -40,7 +36,8 @@ FUZZ_TARGET(crypto)
     SHA3_256 sha3;
     CSipHasher sip_hasher{fuzzed_data_provider.ConsumeIntegral<uint64_t>(), fuzzed_data_provider.ConsumeIntegral<uint64_t>()};
 
-    while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
+    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 30)
+    {
         CallOneOf(
             fuzzed_data_provider,
             [&] {

src/test/fuzz/fuzz.h

@@ -11,6 +11,10 @@
 #include <functional>
 #include <string_view>
 
+/**
+ * Can be used to limit a theoretically unbounded loop. This caps the runtime
+ * to avoid timeouts or OOMs.
+ */
 #define LIMITED_WHILE(condition, limit) \
     for (unsigned _count{limit}; (condition) && _count; --_count)
 

src/test/fuzz/prevector.cpp

@@ -206,14 +206,11 @@ class prevector_tester
 
 FUZZ_TARGET(prevector)
 {
-    // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
-    // inputs.
-    int limit_max_ops{3000};
-
     FuzzedDataProvider prov(buffer.data(), buffer.size());
     prevector_tester<8, int> test;
 
-    while (--limit_max_ops >= 0 && prov.remaining_bytes()) {
+    LIMITED_WHILE(prov.remaining_bytes(), 3000)
+    {
         switch (prov.ConsumeIntegralInRange<int>(0, 13 + 3 * (test.size() > 0))) {
         case 0:
             test.insert(prov.ConsumeIntegralInRange<size_t>(0, test.size()), prov.ConsumeIntegral<int>());

src/test/fuzz/rolling_bloom_filter.cpp

@@ -15,16 +15,13 @@
 
 FUZZ_TARGET(rolling_bloom_filter)
 {
-    // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
-    // inputs.
-    int limit_max_ops{3000};
-
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
 
     CRollingBloomFilter rolling_bloom_filter{
         fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, 1000),
         0.999 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max())};
-    while (--limit_max_ops >= 0 && fuzzed_data_provider.remaining_bytes() > 0) {
+    LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 3000)
+    {
         CallOneOf(
             fuzzed_data_provider,
             [&] {

src/test/fuzz/tx_pool.cpp

@@ -78,10 +78,6 @@ void SetMempoolConstraints(ArgsManager& args, FuzzedDataProvider& fuzzed_data_pr
 
 FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
 {
-    // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
-    // inputs.
-    int limit_max_ops{300};
-
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     const auto& node = g_setup->m_node;
     auto& chainstate = node.chainman->ActiveChainstate();
@@ -112,7 +108,8 @@ FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
         return c.out.nValue;
     };
 
-    while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
+    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
+    {
         {
             // Total supply is all outpoints
             CAmount supply_now{0};
@@ -263,10 +260,6 @@ FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
 
 FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
 {
-    // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
-    // inputs.
-    int limit_max_ops{300};
-
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     const auto& node = g_setup->m_node;
 
@@ -282,7 +275,8 @@ FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
 
     CTxMemPool tx_pool{/* estimator */ nullptr, /* check_ratio */ 1};
 
-    while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
+    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
+    {
         const auto mut_tx = ConsumeTransaction(fuzzed_data_provider, txids);
 
         const auto tx = MakeTransactionRef(mut_tx);