Fuzz the new FeatureFlags storage

No new datastructure would be complete without a dedicated fuzzer,
so we add one here.

Author: TheBlueMatt

Diff for: fuzz/src/bin/feature_flags_target.rs

@@ -0,0 +1,120 @@
+// This file is Copyright its original authors, visible in version control
+// history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
+// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// You may not use this file except in accordance with one or both of these
+// licenses.
+
+// This file is auto-generated by gen_target.sh based on target_template.txt
+// To modify it, modify target_template.txt and run gen_target.sh instead.
+
+#![cfg_attr(feature = "libfuzzer_fuzz", no_main)]
+#![cfg_attr(rustfmt, rustfmt_skip)]
+
+#[cfg(not(fuzzing))]
+compile_error!("Fuzz targets need cfg=fuzzing");
+
+#[cfg(not(hashes_fuzz))]
+compile_error!("Fuzz targets need cfg=hashes_fuzz");
+
+#[cfg(not(secp256k1_fuzz))]
+compile_error!("Fuzz targets need cfg=secp256k1_fuzz");
+
+extern crate lightning_fuzz;
+use lightning_fuzz::feature_flags::*;
+
+#[cfg(feature = "afl")]
+#[macro_use] extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+	fuzz!(|data| {
+		feature_flags_run(data.as_ptr(), data.len());
+	});
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use] extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+	loop {
+		fuzz!(|data| {
+			feature_flags_run(data.as_ptr(), data.len());
+		});
+	}
+}
+
+#[cfg(feature = "libfuzzer_fuzz")]
+#[macro_use] extern crate libfuzzer_sys;
+#[cfg(feature = "libfuzzer_fuzz")]
+fuzz_target!(|data: &[u8]| {
+	feature_flags_run(data.as_ptr(), data.len());
+});
+
+#[cfg(feature = "stdin_fuzz")]
+fn main() {
+	use std::io::Read;
+
+	let mut data = Vec::with_capacity(8192);
+	std::io::stdin().read_to_end(&mut data).unwrap();
+	feature_flags_run(data.as_ptr(), data.len());
+}
+
+#[test]
+fn run_test_cases() {
+	use std::fs;
+	use std::io::Read;
+	use lightning_fuzz::utils::test_logger::StringBuffer;
+
+	use std::sync::{atomic, Arc};
+	{
+		let data: Vec<u8> = vec![0];
+		feature_flags_run(data.as_ptr(), data.len());
+	}
+	let mut threads = Vec::new();
+	let threads_running = Arc::new(atomic::AtomicUsize::new(0));
+	if let Ok(tests) = fs::read_dir("test_cases/feature_flags") {
+		for test in tests {
+			let mut data: Vec<u8> = Vec::new();
+			let path = test.unwrap().path();
+			fs::File::open(&path).unwrap().read_to_end(&mut data).unwrap();
+			threads_running.fetch_add(1, atomic::Ordering::AcqRel);
+
+			let thread_count_ref = Arc::clone(&threads_running);
+			let main_thread_ref = std::thread::current();
+			threads.push((path.file_name().unwrap().to_str().unwrap().to_string(),
+				std::thread::spawn(move || {
+					let string_logger = StringBuffer::new();
+
+					let panic_logger = string_logger.clone();
+					let res = if ::std::panic::catch_unwind(move || {
+						feature_flags_test(&data, panic_logger);
+					}).is_err() {
+						Some(string_logger.into_string())
+					} else { None };
+					thread_count_ref.fetch_sub(1, atomic::Ordering::AcqRel);
+					main_thread_ref.unpark();
+					res
+				})
+			));
+			while threads_running.load(atomic::Ordering::Acquire) > 32 {
+				std::thread::park();
+			}
+		}
+	}
+	let mut failed_outputs = Vec::new();
+	for (test, thread) in threads.drain(..) {
+		if let Some(output) = thread.join().unwrap() {
+			println!("\nOutput of {}:\n{}\n", test, output);
+			failed_outputs.push(test);
+		}
+	}
+	if !failed_outputs.is_empty() {
+		println!("Test cases which failed: ");
+		for case in failed_outputs {
+			println!("{}", case);
+		}
+		panic!();
+	}
+}

Diff for: fuzz/src/bin/gen_target.sh

@@ -25,6 +25,7 @@ GEN_TEST indexedmap
 GEN_TEST onion_hop_data
 GEN_TEST base32
 GEN_TEST fromstr_to_netaddress
+GEN_TEST feature_flags
 
 GEN_TEST msg_accept_channel msg_targets::
 GEN_TEST msg_announcement_signatures msg_targets::

Diff for: fuzz/src/feature_flags.rs

@@ -0,0 +1,89 @@
+// This file is Copyright its original authors, visible in version control
+// history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
+// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// You may not use this file except in accordance with one or both of these
+// licenses.
+
+use lightning::types::features::FeatureFlags;
+
+use crate::utils::test_logger;
+
+use std::ops::{Deref, DerefMut};
+
+fn check_eq(v: &Vec<u8>, feat: &FeatureFlags, old_v: &mut Vec<u8>, old_feat: &mut FeatureFlags) {
+	assert_eq!(v.len(), feat.len());
+	assert_eq!(v.deref(), feat.deref());
+	assert_eq!(old_v.deref_mut(), old_feat.deref_mut());
+
+	let mut feat_clone = feat.clone();
+	assert!(feat_clone == *feat);
+
+	let mut feat_iter = feat.iter();
+	let mut vec_iter = v.iter();
+	assert_eq!(feat_iter.len(), vec_iter.len());
+	while let Some(feat) = feat_iter.next() {
+		let v = vec_iter.next().unwrap();
+		assert_eq!(*feat, *v);
+	}
+	assert!(vec_iter.next().is_none());
+
+	let mut feat_iter = feat_clone.iter_mut();
+	let mut vec_iter = v.iter();
+	assert_eq!(feat_iter.len(), vec_iter.len());
+	while let Some(feat) = feat_iter.next() {
+		let v = vec_iter.next().unwrap();
+		assert_eq!(*feat, *v);
+	}
+	assert!(vec_iter.next().is_none());
+
+	assert_eq!(v < old_v, feat < old_feat);
+	assert_eq!(v.partial_cmp(old_v), feat.partial_cmp(old_feat));
+}
+
+#[inline]
+pub fn do_test(data: &[u8]) {
+	if data.len() % 3 != 0 {
+		return;
+	}
+	let mut vec = Vec::new();
+	let mut features = FeatureFlags::empty();
+
+	for step in data.windows(3) {
+		let mut old_vec = vec.clone();
+		let mut old_features = features.clone();
+		match step[0] {
+			0 => {
+				vec.resize(step[1] as usize, step[2]);
+				features.resize(step[1] as usize, step[2]);
+			},
+			1 => {
+				if vec.len() > step[1] as usize {
+					vec[step[1] as usize] = step[2];
+					features[step[1] as usize] = step[2];
+				}
+			},
+			2 => {
+				if vec.len() > step[1] as usize {
+					*vec.iter_mut().skip(step[1] as usize).next().unwrap() = step[2];
+					*features.iter_mut().skip(step[1] as usize).next().unwrap() = step[2];
+				}
+			},
+			_ => {},
+		}
+		check_eq(&vec, &features, &mut old_vec, &mut old_features);
+	}
+
+	check_eq(&vec, &features, &mut vec.clone(), &mut features.clone());
+}
+
+pub fn feature_flags_test<Out: test_logger::Output>(data: &[u8], _out: Out) {
+	do_test(data);
+}
+
+#[no_mangle]
+pub extern "C" fn feature_flags_run(data: *const u8, datalen: usize) {
+	do_test(unsafe { std::slice::from_raw_parts(data, datalen) });
+}

Diff for: fuzz/src/lib.rs

@@ -18,6 +18,7 @@ pub mod bech32_parse;
 pub mod bolt11_deser;
 pub mod chanmon_consistency;
 pub mod chanmon_deser;
+pub mod feature_flags;
 pub mod fromstr_to_netaddress;
 pub mod full_stack;
 pub mod indexedmap;

Diff for: fuzz/targets.h

@@ -18,6 +18,7 @@ void indexedmap_run(const unsigned char* data, size_t data_len);
 void onion_hop_data_run(const unsigned char* data, size_t data_len);
 void base32_run(const unsigned char* data, size_t data_len);
 void fromstr_to_netaddress_run(const unsigned char* data, size_t data_len);
+void feature_flags_run(const unsigned char* data, size_t data_len);
 void msg_accept_channel_run(const unsigned char* data, size_t data_len);
 void msg_announcement_signatures_run(const unsigned char* data, size_t data_len);
 void msg_channel_reestablish_run(const unsigned char* data, size_t data_len);

Diff for: lightning-types/src/features.rs

@@ -728,11 +728,13 @@ pub enum FeatureFlags {
 }
 
 impl FeatureFlags {
-	fn empty() -> Self {
+	/// Constructs an empty [`FeatureFlags`]
+	pub fn empty() -> Self {
 		Self::Held { bytes: [0; DIRECT_ALLOC_BYTES], len: 0 }
 	}
 
-	fn from(vec: Vec<u8>) -> Self {
+	/// Constructs a [`FeatureFlags`] from the given bytes
+	pub fn from(vec: Vec<u8>) -> Self {
 		if vec.len() <= DIRECT_ALLOC_BYTES {
 			let mut bytes = [0; DIRECT_ALLOC_BYTES];
 			bytes[..vec.len()].copy_from_slice(&vec);
@@ -742,7 +744,10 @@ impl FeatureFlags {
 		}
 	}
 
-	fn resize(&mut self, new_len: usize, default: u8) {
+	/// Resizes a [`FeatureFlags`] to the given length, padding with `default` if required.
+	///
+	/// See [`Vec::resize`] for more info.
+	pub fn resize(&mut self, new_len: usize, default: u8) {
 		match self {
 			Self::Held { bytes, len } => {
 				let start_len = *len as usize;
@@ -767,16 +772,19 @@ impl FeatureFlags {
 		}
 	}
 
-	fn len(&self) -> usize {
+	/// Fetches the length of the [`FeatureFlags`], in bytes.
+	pub fn len(&self) -> usize {
 		self.deref().len()
 	}
 
-	fn iter(&self) -> (impl ExactSizeIterator<Item = &u8> + DoubleEndedIterator<Item = &u8>) {
+	/// Fetches an iterator over the bytes of this [`FeatureFlags`]
+	pub fn iter(&self) -> (impl ExactSizeIterator<Item = &u8> + DoubleEndedIterator<Item = &u8>) {
 		let slice = self.deref();
 		slice.iter()
 	}
 
-	fn iter_mut(
+	/// Fetches a mutable iterator over the bytes of this [`FeatureFlags`]
+	pub fn iter_mut(
 		&mut self,
 	) -> (impl ExactSizeIterator<Item = &mut u8> + DoubleEndedIterator<Item = &mut u8>) {
 		let slice = self.deref_mut();