From c3f204889483446e0e90552b8f3c64c18bc5c468 Mon Sep 17 00:00:00 2001
From: Antoine Poinsot <darosior@protonmail.com>
Date: Sun, 30 Jan 2022 17:43:12 +0100
Subject: [PATCH 1/3] miniscript: don't re-introduce the usage of CScript's
 operator+

As noted by MarcoFalke on the Bitcoin Core repo, this may be potentially
dangerous.
Use a generalistic named function for constructing CScripts instead.

Co-Authored-By: Pieter Wuille <pieter.wuille@gmail.com>
---
 bitcoin/script/miniscript.h | 30 ++++++++++++++---------------
 bitcoin/script/script.h     | 38 +++++++++++++++++++++++--------------
 2 files changed, 39 insertions(+), 29 deletions(-)

diff --git a/bitcoin/script/miniscript.h b/bitcoin/script/miniscript.h
index 726178a..e522f8a 100644
--- a/bitcoin/script/miniscript.h
+++ b/bitcoin/script/miniscript.h
@@ -520,22 +520,22 @@ struct Node {
                 case NodeType::RIPEMD160: return CScript() << OP_SIZE << 32 << OP_EQUALVERIFY << OP_RIPEMD160 << node.data << (verify ? OP_EQUALVERIFY : OP_EQUAL);
                 case NodeType::HASH256: return CScript() << OP_SIZE << 32 << OP_EQUALVERIFY << OP_HASH256 << node.data << (verify ? OP_EQUALVERIFY : OP_EQUAL);
                 case NodeType::HASH160: return CScript() << OP_SIZE << 32 << OP_EQUALVERIFY << OP_HASH160 << node.data << (verify ? OP_EQUALVERIFY : OP_EQUAL);
-                case NodeType::WRAP_A: return (CScript() << OP_TOALTSTACK) + std::move(subs[0]) + (CScript() << OP_FROMALTSTACK);
-                case NodeType::WRAP_S: return (CScript() << OP_SWAP) + std::move(subs[0]);
-                case NodeType::WRAP_C: return std::move(subs[0]) + CScript() << (verify ? OP_CHECKSIGVERIFY : OP_CHECKSIG);
-                case NodeType::WRAP_D: return (CScript() << OP_DUP << OP_IF) + std::move(subs[0]) + (CScript() << OP_ENDIF);
-                case NodeType::WRAP_V: return std::move(subs[0]) + (node.subs[0]->GetType() << "x"_mst ? (CScript() << OP_VERIFY) : CScript());
-                case NodeType::WRAP_J: return (CScript() << OP_SIZE << OP_0NOTEQUAL << OP_IF) + std::move(subs[0]) + (CScript() << OP_ENDIF);
-                case NodeType::WRAP_N: return std::move(subs[0]) + CScript() << OP_0NOTEQUAL;
+                case NodeType::WRAP_A: return BuildScript(OP_TOALTSTACK, subs[0], OP_FROMALTSTACK);
+                case NodeType::WRAP_S: return BuildScript(OP_SWAP, subs[0]);
+                case NodeType::WRAP_C: return BuildScript(std::move(subs[0]), verify ? OP_CHECKSIGVERIFY : OP_CHECKSIG);
+                case NodeType::WRAP_D: return BuildScript(OP_DUP, OP_IF, subs[0], OP_ENDIF);
+                case NodeType::WRAP_V: return BuildScript(std::move(subs[0]), node.subs[0]->GetType() << "x"_mst ? CScript(OP_VERIFY) : CScript());
+                case NodeType::WRAP_J: return BuildScript(OP_SIZE, OP_0NOTEQUAL, OP_IF, subs[0], OP_ENDIF);
+                case NodeType::WRAP_N: return BuildScript(std::move(subs[0]), OP_0NOTEQUAL);
                 case NodeType::JUST_1: return CScript() << OP_1;
                 case NodeType::JUST_0: return CScript() << OP_0;
-                case NodeType::AND_V: return std::move(subs[0]) + std::move(subs[1]);
-                case NodeType::AND_B: return std::move(subs[0]) + std::move(subs[1]) + (CScript() << OP_BOOLAND);
-                case NodeType::OR_B: return std::move(subs[0]) + std::move(subs[1]) + (CScript() << OP_BOOLOR);
-                case NodeType::OR_D: return std::move(subs[0]) + (CScript() << OP_IFDUP << OP_NOTIF) + std::move(subs[1]) + (CScript() << OP_ENDIF);
-                case NodeType::OR_C: return std::move(subs[0]) + (CScript() << OP_NOTIF) + std::move(subs[1]) + (CScript() << OP_ENDIF);
-                case NodeType::OR_I: return (CScript() << OP_IF) + std::move(subs[0]) + (CScript() << OP_ELSE) + std::move(subs[1]) + (CScript() << OP_ENDIF);
-                case NodeType::ANDOR: return std::move(subs[0]) + (CScript() << OP_NOTIF) + std::move(subs[2]) + (CScript() << OP_ELSE) + std::move(subs[1]) + (CScript() << OP_ENDIF);
+                case NodeType::AND_V: return BuildScript(std::move(subs[0]), subs[1]);
+                case NodeType::AND_B: return BuildScript(std::move(subs[0]), subs[1], OP_BOOLAND);
+                case NodeType::OR_B: return BuildScript(std::move(subs[0]), subs[1], OP_BOOLOR);
+                case NodeType::OR_D: return BuildScript(std::move(subs[0]), OP_IFDUP, OP_NOTIF, subs[1], OP_ENDIF);
+                case NodeType::OR_C: return BuildScript(std::move(subs[0]), OP_NOTIF, subs[1], OP_ENDIF);
+                case NodeType::OR_I: return BuildScript(OP_IF, subs[0], OP_ELSE, subs[1], OP_ENDIF);
+                case NodeType::ANDOR: return BuildScript(std::move(subs[0]), OP_NOTIF, subs[2], OP_ELSE, subs[1], OP_ENDIF);
                 case NodeType::MULTI: {
                     CScript script = CScript() << node.k;
                     for (const auto& key : node.keys) {
@@ -546,7 +546,7 @@ struct Node {
                 case NodeType::THRESH: {
                     CScript script = std::move(subs[0]);
                     for (size_t i = 1; i < subs.size(); ++i) {
-                        script = (std::move(script) + std::move(subs[i])) << OP_ADD;
+                        script = BuildScript(std::move(script), subs[i], OP_ADD);
                     }
                     return std::move(script) << node.k << (verify ? OP_EQUALVERIFY : OP_EQUAL);
                 }
diff --git a/bitcoin/script/script.h b/bitcoin/script/script.h
index 642161c..10dab74 100644
--- a/bitcoin/script/script.h
+++ b/bitcoin/script/script.h
@@ -421,20 +421,6 @@ class CScript : public CScriptBase
         READWRITEAS(CScriptBase, *this);
     }
 
-    CScript& operator+=(const CScript& b)
-    {
-        reserve(size() + b.size());
-        insert(end(), b.begin(), b.end());
-        return *this;
-    }
-
-    friend CScript operator+(const CScript& a, const CScript& b)
-    {
-        CScript ret = a;
-        ret += b;
-        return ret;
-    }
-
     CScript(int64_t b)        { operator<<(b); }
 
     explicit CScript(opcodetype b)     { operator<<(b); }
@@ -587,4 +573,28 @@ struct CScriptWitness
 
 bool CheckMinimalPush(const std::vector<unsigned char>& data, opcodetype opcode);
 
+/** Build a script by concatenating other scripts, or any argument accepted by CScript::operator<<. */
+template<typename... Ts>
+CScript BuildScript(Ts&&... inputs)
+{
+    CScript ret;
+    size_t cnt{0}; // Try to optimize over repeatedly calling ret.empty()
+
+    ([&] (Ts&& input) {
+        if constexpr (std::is_same_v<std::remove_cv_t<std::remove_reference_t<Ts>>, CScript>) {
+            // If it is a CScript, extend ret with it. Move or copy the first element instead.
+            if (cnt++ == 0) {
+                ret = std::forward<Ts>(input);
+            } else {
+                ret.insert(ret.end(), input.begin(), input.end());
+            }
+        } else {
+            // Otherwise invoke CScript::operator<<.
+            ret << input;
+        }
+    } (std::forward<Ts>(inputs)), ...);
+
+    return ret;
+}
+
 #endif // BITCOIN_SCRIPT_SCRIPT_H

From 3992f6c18a72c7465a6586c2838b20e8d475c849 Mon Sep 17 00:00:00 2001
From: Antoine Poinsot <darosior@protonmail.com>
Date: Mon, 31 Jan 2022 16:42:20 +0100
Subject: [PATCH 2/3] Replace all usage of CScript() by BuildScript()

---
 bitcoin/script/miniscript.cpp |  6 +++---
 bitcoin/script/miniscript.h   | 36 ++++++++++++++++++++---------------
 bitcoin/script/script.h       |  9 +++++----
 3 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/bitcoin/script/miniscript.cpp b/bitcoin/script/miniscript.cpp
index 23acb75..de01f86 100644
--- a/bitcoin/script/miniscript.cpp
+++ b/bitcoin/script/miniscript.cpp
@@ -253,8 +253,8 @@ size_t ComputeScriptLen(NodeType nodetype, Type sub0typ, size_t subsize, uint32_
     switch (nodetype) {
         case NodeType::PK_K: return subsize + 34;
         case NodeType::PK_H: return subsize + 3 + 21;
-        case NodeType::OLDER: return subsize + 1 + (CScript() << k).size();
-        case NodeType::AFTER: return subsize + 1 + (CScript() << k).size();
+        case NodeType::OLDER: return subsize + 1 + BuildScript(k).size();
+        case NodeType::AFTER: return subsize + 1 + BuildScript(k).size();
         case NodeType::HASH256: return subsize + 4 + 2 + 33;
         case NodeType::HASH160: return subsize + 4 + 2 + 21;
         case NodeType::SHA256: return subsize + 4 + 2 + 33;
@@ -275,7 +275,7 @@ size_t ComputeScriptLen(NodeType nodetype, Type sub0typ, size_t subsize, uint32_
         case NodeType::OR_C: return subsize + 2;
         case NodeType::OR_I: return subsize + 3;
         case NodeType::ANDOR: return subsize + 3;
-        case NodeType::THRESH: return subsize + n_subs + CScript(k).size();
+        case NodeType::THRESH: return subsize + n_subs + BuildScript(k).size();
         case NodeType::MULTI: return subsize + 3 + (n_keys > 16) + (k > 16) + 34 * n_keys;
     }
     assert(false);
diff --git a/bitcoin/script/miniscript.h b/bitcoin/script/miniscript.h
index e522f8a..7d4aa00 100644
--- a/bitcoin/script/miniscript.h
+++ b/bitcoin/script/miniscript.h
@@ -512,23 +512,29 @@ struct Node {
         // and the CScripts of its child nodes, the CScript of the node.
         auto upfn = [&ctx](bool verify, const Node& node, Span<CScript> subs) -> CScript {
             switch (node.nodetype) {
-                case NodeType::PK_K: return CScript() << ctx.ToPKBytes(node.keys[0]);
-                case NodeType::PK_H: return CScript() << OP_DUP << OP_HASH160 << ctx.ToPKHBytes(node.keys[0]) << OP_EQUALVERIFY;
-                case NodeType::OLDER: return CScript() << node.k << OP_CHECKSEQUENCEVERIFY;
-                case NodeType::AFTER: return CScript() << node.k << OP_CHECKLOCKTIMEVERIFY;
-                case NodeType::SHA256: return CScript() << OP_SIZE << 32 << OP_EQUALVERIFY << OP_SHA256 << node.data << (verify ? OP_EQUALVERIFY : OP_EQUAL);
-                case NodeType::RIPEMD160: return CScript() << OP_SIZE << 32 << OP_EQUALVERIFY << OP_RIPEMD160 << node.data << (verify ? OP_EQUALVERIFY : OP_EQUAL);
-                case NodeType::HASH256: return CScript() << OP_SIZE << 32 << OP_EQUALVERIFY << OP_HASH256 << node.data << (verify ? OP_EQUALVERIFY : OP_EQUAL);
-                case NodeType::HASH160: return CScript() << OP_SIZE << 32 << OP_EQUALVERIFY << OP_HASH160 << node.data << (verify ? OP_EQUALVERIFY : OP_EQUAL);
+                case NodeType::PK_K: return BuildScript(ctx.ToPKBytes(node.keys[0]));
+                case NodeType::PK_H: return BuildScript(OP_DUP, OP_HASH160, ctx.ToPKHBytes(node.keys[0]), OP_EQUALVERIFY);
+                case NodeType::OLDER: return BuildScript(node.k, OP_CHECKSEQUENCEVERIFY);
+                case NodeType::AFTER: return BuildScript(node.k, OP_CHECKLOCKTIMEVERIFY);
+                case NodeType::SHA256: return BuildScript(OP_SIZE, 32, OP_EQUALVERIFY, OP_SHA256, node.data, verify ? OP_EQUALVERIFY : OP_EQUAL);
+                case NodeType::RIPEMD160: return BuildScript(OP_SIZE, 32, OP_EQUALVERIFY, OP_RIPEMD160, node.data, verify ? OP_EQUALVERIFY : OP_EQUAL);
+                case NodeType::HASH256: return BuildScript(OP_SIZE, 32, OP_EQUALVERIFY, OP_HASH256, node.data, verify ? OP_EQUALVERIFY : OP_EQUAL);
+                case NodeType::HASH160: return BuildScript(OP_SIZE, 32, OP_EQUALVERIFY, OP_HASH160, node.data, verify ? OP_EQUALVERIFY : OP_EQUAL);
                 case NodeType::WRAP_A: return BuildScript(OP_TOALTSTACK, subs[0], OP_FROMALTSTACK);
                 case NodeType::WRAP_S: return BuildScript(OP_SWAP, subs[0]);
                 case NodeType::WRAP_C: return BuildScript(std::move(subs[0]), verify ? OP_CHECKSIGVERIFY : OP_CHECKSIG);
                 case NodeType::WRAP_D: return BuildScript(OP_DUP, OP_IF, subs[0], OP_ENDIF);
-                case NodeType::WRAP_V: return BuildScript(std::move(subs[0]), node.subs[0]->GetType() << "x"_mst ? CScript(OP_VERIFY) : CScript());
+                case NodeType::WRAP_V: {
+                    if (node.subs[0]->GetType() << "x"_mst) {
+                        return BuildScript(std::move(subs[0]), OP_VERIFY);
+                    } else {
+                        return std::move(subs[0]);
+                    }
+                }
                 case NodeType::WRAP_J: return BuildScript(OP_SIZE, OP_0NOTEQUAL, OP_IF, subs[0], OP_ENDIF);
                 case NodeType::WRAP_N: return BuildScript(std::move(subs[0]), OP_0NOTEQUAL);
-                case NodeType::JUST_1: return CScript() << OP_1;
-                case NodeType::JUST_0: return CScript() << OP_0;
+                case NodeType::JUST_1: return BuildScript(OP_1);
+                case NodeType::JUST_0: return BuildScript(OP_0);
                 case NodeType::AND_V: return BuildScript(std::move(subs[0]), subs[1]);
                 case NodeType::AND_B: return BuildScript(std::move(subs[0]), subs[1], OP_BOOLAND);
                 case NodeType::OR_B: return BuildScript(std::move(subs[0]), subs[1], OP_BOOLOR);
@@ -537,18 +543,18 @@ struct Node {
                 case NodeType::OR_I: return BuildScript(OP_IF, subs[0], OP_ELSE, subs[1], OP_ENDIF);
                 case NodeType::ANDOR: return BuildScript(std::move(subs[0]), OP_NOTIF, subs[2], OP_ELSE, subs[1], OP_ENDIF);
                 case NodeType::MULTI: {
-                    CScript script = CScript() << node.k;
+                    CScript script = BuildScript(node.k);
                     for (const auto& key : node.keys) {
-                        script << ctx.ToPKBytes(key);
+                        script = BuildScript(std::move(script), ctx.ToPKBytes(key));
                     }
-                    return std::move(script) << node.keys.size() << (verify ? OP_CHECKMULTISIGVERIFY : OP_CHECKMULTISIG);
+                    return BuildScript(std::move(script), node.keys.size(), verify ? OP_CHECKMULTISIGVERIFY : OP_CHECKMULTISIG);
                 }
                 case NodeType::THRESH: {
                     CScript script = std::move(subs[0]);
                     for (size_t i = 1; i < subs.size(); ++i) {
                         script = BuildScript(std::move(script), subs[i], OP_ADD);
                     }
-                    return std::move(script) << node.k << (verify ? OP_EQUALVERIFY : OP_EQUAL);
+                    return BuildScript(std::move(script), node.k, verify ? OP_EQUALVERIFY : OP_EQUAL);
                 }
             }
             assert(false);
diff --git a/bitcoin/script/script.h b/bitcoin/script/script.h
index 10dab74..d6c4d87 100644
--- a/bitcoin/script/script.h
+++ b/bitcoin/script/script.h
@@ -578,12 +578,13 @@ template<typename... Ts>
 CScript BuildScript(Ts&&... inputs)
 {
     CScript ret;
-    size_t cnt{0}; // Try to optimize over repeatedly calling ret.empty()
+    size_t cnt{0};
 
-    ([&] (Ts&& input) {
+    ([&ret, &cnt] (Ts&& input) {
+        cnt++;
         if constexpr (std::is_same_v<std::remove_cv_t<std::remove_reference_t<Ts>>, CScript>) {
-            // If it is a CScript, extend ret with it. Move or copy the first element instead.
-            if (cnt++ == 0) {
+            // If it is a CScript, extend ret with it. If ret is empty, move or copy it instead.
+            if (cnt == 0) {
                 ret = std::forward<Ts>(input);
             } else {
                 ret.insert(ret.end(), input.begin(), input.end());

From c4f5df07f284e458ed5dd967199144acc19b2e28 Mon Sep 17 00:00:00 2001
From: Antoine Poinsot <darosior@protonmail.com>
Date: Sun, 30 Jan 2022 15:37:21 +0100
Subject: [PATCH 3/3] qa: replace the random unit tests with a
 miniscript_random fuzz target

---
 bitcoin/test/fuzz/miniscript_random.cpp | 422 ++++++++++++++++++++++++
 bitcoin/test/miniscript_tests.cpp       | 161 ---------
 2 files changed, 422 insertions(+), 161 deletions(-)
 create mode 100644 bitcoin/test/fuzz/miniscript_random.cpp

diff --git a/bitcoin/test/fuzz/miniscript_random.cpp b/bitcoin/test/fuzz/miniscript_random.cpp
new file mode 100644
index 0000000..21a7a15
--- /dev/null
+++ b/bitcoin/test/fuzz/miniscript_random.cpp
@@ -0,0 +1,422 @@
+// Copyright (c) 2021 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <core_io.h>
+#include <hash.h>
+#include <key.h>
+#include <script/miniscript.h>
+#include <script/script.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <util/strencodings.h>
+
+
+//! Some pre-computed data to simulate challenges.
+struct TestData {
+    typedef CPubKey Key;
+
+    // Precomputed public keys, and a dummy signature for each of them.
+    std::vector<Key> dummy_keys;
+    std::map<CKeyID, Key> dummy_keys_map;
+    std::map<Key, std::vector<unsigned char>> dummy_sigs;
+
+    // Precomputed hashes of each kind.
+    std::vector<std::vector<unsigned char>> sha256;
+    std::vector<std::vector<unsigned char>> ripemd160;
+    std::vector<std::vector<unsigned char>> hash256;
+    std::vector<std::vector<unsigned char>> hash160;
+    std::map<std::vector<unsigned char>, std::vector<unsigned char>> sha256_preimages;
+    std::map<std::vector<unsigned char>, std::vector<unsigned char>> ripemd160_preimages;
+    std::map<std::vector<unsigned char>, std::vector<unsigned char>> hash256_preimages;
+    std::map<std::vector<unsigned char>, std::vector<unsigned char>> hash160_preimages;
+
+    //! Set the precomputed data.
+    void Init() {
+        unsigned char keydata[32] = {1};
+        for (size_t i = 0; i < 256; i++) {
+            keydata[31] = i;
+            CKey privkey;
+            privkey.Set(keydata, keydata + 32, true);
+            const Key pubkey = privkey.GetPubKey();
+
+            dummy_keys.push_back(pubkey);
+            dummy_keys_map.insert({pubkey.GetID(), pubkey});
+            std::vector<unsigned char> sig;
+            privkey.Sign(uint256S(""), sig);
+            sig.push_back(1); // SIGHASH_ALL
+            dummy_sigs.insert({pubkey, sig});
+
+            std::vector<unsigned char> hash;
+            hash.resize(32);
+            CSHA256().Write(keydata, 32).Finalize(hash.data());
+            sha256.push_back(hash);
+            sha256_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
+            CHash256().Write(keydata).Finalize(hash);
+            hash256.push_back(hash);
+            hash256_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
+            hash.resize(20);
+            CRIPEMD160().Write(keydata, 32).Finalize(hash.data());
+            assert(hash.size() == 20);
+            ripemd160.push_back(hash);
+            ripemd160_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
+            CHash160().Write(keydata).Finalize(hash);
+            hash160.push_back(hash);
+            hash160_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
+        }
+    }
+};
+
+//! Context to parse a Miniscript node to and from Script or text representation.
+struct ParserContext {
+    typedef CPubKey Key;
+    TestData *test_data;
+
+    bool ToString(const Key& key, std::string& ret) const { ret = HexStr(key); return true; }
+
+    const std::vector<unsigned char> ToPKBytes(const Key& key) const { return {key.begin(), key.end()}; }
+
+    const std::vector<unsigned char> ToPKHBytes(const Key& key) const {
+        const auto h = Hash160(key);
+        return {h.begin(), h.end()};
+    }
+
+    template<typename I>
+    bool FromString(I first, I last, Key& key) const {
+        const auto bytes = ParseHex(std::string(first, last));
+        key.Set(bytes.begin(), bytes.end());
+        return key.IsValid();
+    }
+
+    template<typename I>
+    bool FromPKBytes(I first, I last, CPubKey& key) const {
+        key.Set(first, last);
+        return key.IsValid();
+    }
+
+    template<typename I>
+    bool FromPKHBytes(I first, I last, CPubKey& key) const {
+        assert(last - first == 20);
+        CKeyID keyid;
+        std::copy(first, last, keyid.begin());
+        const auto it = test_data->dummy_keys_map.find(keyid);
+        if (it == test_data->dummy_keys_map.end()) return false;
+        key = it->second;
+        return true;
+    }
+};
+
+//! Context to produce a satisfaction for a Miniscript node using the pre-computed data.
+struct SatisfierContext: ParserContext {
+    // Timelock challenges satisfaction. Make the value (deterministically) vary to explore different
+    // paths.
+    bool CheckAfter(uint32_t value) const { return value % 2; }
+    bool CheckOlder(uint32_t value) const { return value % 2; }
+
+    // Signature challenges fulfilled with a dummy signature, if it was one of our dummy keys.
+    miniscript::Availability Sign(const CPubKey& key, std::vector<unsigned char>& sig) const {
+        const auto it = test_data->dummy_sigs.find(key);
+        if (it == test_data->dummy_sigs.end()) return miniscript::Availability::NO;
+        sig = it->second;
+        return miniscript::Availability::YES;
+    }
+
+    //! Lookup generalization for all the hash satisfactions below
+    miniscript::Availability LookupHash(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage,
+                                        const std::map<std::vector<unsigned char>, std::vector<unsigned char>>& map) const
+    {
+        const auto it = map.find(hash);
+        if (it == map.end()) return miniscript::Availability::NO;
+        preimage = it->second;
+        return miniscript::Availability::YES;
+    }
+    miniscript::Availability SatSHA256(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
+        return LookupHash(hash, preimage, test_data->sha256_preimages);
+    }
+    miniscript::Availability SatRIPEMD160(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
+        return LookupHash(hash, preimage, test_data->ripemd160_preimages);
+    }
+    miniscript::Availability SatHASH256(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
+        return LookupHash(hash, preimage, test_data->hash256_preimages);
+    }
+    miniscript::Availability SatHASH160(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
+        return LookupHash(hash, preimage, test_data->hash160_preimages);
+    }
+};
+
+//! Context to check a satisfaction against the pre-computed data.
+struct CheckerContext: BaseSignatureChecker {
+    TestData *test_data;
+
+    // Signature checker methods. Checks the right dummy signature is used. Always assumes timelocks are
+    // correct.
+    bool CheckECDSASignature(const std::vector<unsigned char>& sig, const std::vector<unsigned char>& vchPubKey,
+                             const CScript& scriptCode, SigVersion sigversion) const override
+    {
+        const CPubKey key{vchPubKey};
+        const auto it = test_data->dummy_sigs.find(key);
+        if (it == test_data->dummy_sigs.end()) return false;
+        return it->second == sig;
+    }
+    bool CheckLockTime(const CScriptNum& nLockTime) const override { return true; }
+    bool CheckSequence(const CScriptNum& nSequence) const override { return true; }
+};
+
+// The various contexts
+TestData TEST_DATA;
+ParserContext PARSER_CTX;
+SatisfierContext SATISFIER_CTX;
+CheckerContext CHECKER_CTX;
+// A dummy scriptsig to pass to VerifyScript (we always use Segwit v0).
+const CScript DUMMY_SCRIPTSIG;
+// We generate the pseudorandom nodes recursively, this puts a bound.
+static constexpr size_t MAX_NESTED_DEPTH = 402;
+
+using NodeType = miniscript::NodeType;
+using NodeRef = miniscript::NodeRef<CPubKey>;
+using miniscript::operator"" _mst;
+
+//! Construct a miniscript node as a shared_ptr.
+template<typename... Args> NodeRef MakeNodeRef(Args&&... args) { return miniscript::MakeNodeRef<CPubKey>(std::forward<Args>(args)...); }
+
+/**
+ * Generate a Miniscript node based on the fuzzer's input.
+ * Note this does not attempt to produce a well-typed (let alone safe) Miniscript node.
+ */
+NodeRef GenNode(FuzzedDataProvider& provider, const miniscript::Type typ, const size_t recursion_depth);
+
+/**
+ * Generate a pseudorandom node. If invalid, return NULL.
+ * Used to cut-through as a node with invalid subs will never be valid.
+ */
+NodeRef GenValidNode(FuzzedDataProvider& provider, const miniscript::Type typ, const size_t recursion_depth)
+{
+    const NodeRef node = GenNode(provider, typ, recursion_depth);
+    if (!node || !node->IsValid() || !(node->GetType() << typ)) return {};
+    return node;
+}
+
+//! Generate a vector of miniscript nodes of the given types.
+std::vector<NodeRef> MultiNode(FuzzedDataProvider& provider, const std::initializer_list<miniscript::Type> types,
+                               const size_t recursion_depth)
+{
+    std::vector<NodeRef> subs;
+    for (const auto type : types) {
+        NodeRef sub = GenValidNode(provider, type, recursion_depth);
+        if (!sub) return {};
+        subs.push_back(std::move(sub));
+    }
+    return subs;
+}
+
+//! Generate a node with pseudorandom subs of the given types.
+NodeRef MultiSubs(FuzzedDataProvider& provider, const NodeType node_type, const std::initializer_list<miniscript::Type> subtypes,
+                  const size_t recursion_depth)
+{
+    auto subs = MultiNode(provider, subtypes, recursion_depth);
+    if (subs.empty()) return {};
+    return MakeNodeRef(node_type, std::move(subs));
+}
+
+NodeRef GenNode(FuzzedDataProvider& provider, const miniscript::Type typ, const size_t recursion_depth) {
+    if (recursion_depth >= MAX_NESTED_DEPTH) return {};
+
+    if (typ << "B"_mst) {
+        switch (provider.ConsumeIntegralInRange<size_t>(0, 19)) {
+            case 0: return MakeNodeRef(provider.ConsumeBool() ? NodeType::JUST_0 : NodeType::JUST_1);
+            case 1: {
+                const uint32_t k{provider.ConsumeIntegralInRange<uint32_t>(1, CTxIn::SEQUENCE_LOCKTIME_DISABLE_FLAG - 1)};
+                return MakeNodeRef(provider.ConsumeBool() ? NodeType::OLDER : NodeType::AFTER, k);
+            }
+            case 2: {
+                const size_t hashtype = provider.ConsumeIntegralInRange<size_t>(0, 3);
+                const size_t index = provider.ConsumeIntegralInRange<size_t>(0, 255);
+                switch (hashtype) {
+                    case 0: return MakeNodeRef(NodeType::SHA256, TEST_DATA.sha256[index]);
+                    case 1: return MakeNodeRef(NodeType::RIPEMD160, TEST_DATA.ripemd160[index]);
+                    case 2: return MakeNodeRef(NodeType::HASH256, TEST_DATA.hash256[index]);
+                    case 3: return MakeNodeRef(NodeType::HASH160, TEST_DATA.hash160[index]);
+                }
+            }
+            case 3: {
+                if (NodeRef sub = GenValidNode(provider, "K"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::WRAP_C, Vector(std::move(sub)));
+                }
+                return {};
+            }
+            case 4: {
+                if (NodeRef sub = GenValidNode(provider, "K"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::WRAP_C, Vector(std::move(sub)));
+                }
+                return {};
+            }
+            case 5: {
+                if (NodeRef sub = GenValidNode(provider, "V"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::WRAP_D, Vector(std::move(sub)));
+                }
+                return {};
+            }
+            case 6: {
+                if (NodeRef sub = GenValidNode(provider, "B"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::WRAP_J, Vector(std::move(sub)));
+                }
+                return {};
+            }
+            case 7: {
+                if (NodeRef sub = GenValidNode(provider, "B"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::WRAP_N, Vector(std::move(sub)));
+                }
+                return {};
+            }
+            case 8: {
+                if (NodeRef sub = GenValidNode(provider, "B"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::OR_I, Vector(std::move(sub), MakeNodeRef(NodeType::JUST_0)));
+                }
+                return {};
+            }
+            case 9: {
+                if (NodeRef sub = GenValidNode(provider, "B"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::OR_I, Vector(MakeNodeRef(NodeType::JUST_0), std::move(sub)));
+                }
+                return {};
+            }
+            case 10: {
+                if (NodeRef sub = GenValidNode(provider, "V"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::AND_V, Vector(std::move(sub), MakeNodeRef(NodeType::JUST_1)));
+                }
+                return {};
+            }
+            case 11: {
+                if (NodeRef sub = GenValidNode(provider, "V"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::AND_V, Vector(std::move(sub), MakeNodeRef(NodeType::JUST_1)));
+                }
+                return {};
+            }
+            case 12: {
+                auto subs = MultiNode(provider, {"B"_mst, "B"_mst}, recursion_depth + 1);
+                if (subs.empty()) return {};
+                subs.push_back(MakeNodeRef(NodeType::JUST_0));
+                return MakeNodeRef(NodeType::ANDOR, std::move(subs));
+            }
+            case 13: return MultiSubs(provider, NodeType::AND_B, {"B"_mst, "W"_mst}, recursion_depth + 1);
+            case 14: return MultiSubs(provider, NodeType::OR_B, {"B"_mst, "W"_mst}, recursion_depth + 1);
+            case 15: return MultiSubs(provider, NodeType::OR_D, {"B"_mst, "B"_mst}, recursion_depth + 1);
+            case 16: return MultiSubs(provider, NodeType::OR_I, {"B"_mst, "B"_mst}, recursion_depth + 1);
+            case 17: {
+                const size_t n_keys = provider.ConsumeIntegralInRange(1, 20);
+                const size_t n_sigs = provider.ConsumeIntegralInRange<size_t>(1, n_keys);
+                std::vector<CPubKey> keys;
+                for (size_t i = 0; i < n_keys; ++i) keys.push_back(TEST_DATA.dummy_keys[provider.ConsumeIntegralInRange(0, 255)]);
+                return MakeNodeRef(NodeType::MULTI, std::move(keys), n_sigs);
+            }
+            case 18: return MultiSubs(provider, NodeType::ANDOR, {"B"_mst, "B"_mst, "B"_mst}, recursion_depth + 1);
+            case 19: {
+                const size_t n_subs = 3 + provider.ConsumeIntegralInRange(0, 90);
+                const uint32_t k = 2 + provider.ConsumeIntegralInRange<uint32_t>(0, n_subs - 3);
+                const auto types = Cat(Vector("B"_mst), std::vector<miniscript::Type>(n_subs - 1, "W"_mst));
+                std::vector<NodeRef> subs;
+                for (const auto type : types) {
+                    NodeRef sub = GenValidNode(provider, type, recursion_depth);
+                    if (!sub) return {};
+                    subs.push_back(std::move(sub));
+                }
+                if (subs.empty()) return {};
+                return MakeNodeRef(NodeType::THRESH, subs, k);
+            }
+        }
+    } else if (typ << "V"_mst) {
+        switch (provider.ConsumeIntegralInRange(0, 4)) {
+            case 0: {
+                if (NodeRef sub = GenValidNode(provider, "B"_mst, recursion_depth + 1)) {
+                    return MakeNodeRef(NodeType::WRAP_V, Vector(std::move(sub)));
+                }
+                return {};
+            }
+            case 1: return MultiSubs(provider, NodeType::AND_V, {"V"_mst, "V"_mst}, recursion_depth + 1);
+            case 2: return MultiSubs(provider, NodeType::OR_C, {"B"_mst, "V"_mst}, recursion_depth + 1);
+            case 3: return MultiSubs(provider, NodeType::OR_I, {"V"_mst, "V"_mst}, recursion_depth + 1);
+            case 4: return MultiSubs(provider, NodeType::ANDOR, {"B"_mst, "V"_mst, "V"_mst}, recursion_depth + 1);
+        }
+    } else if (typ << "W"_mst) {
+        // Generate a "W" node by wrapping a "B" node.
+        auto sub = GenValidNode(provider, "B"_mst, recursion_depth + 1);
+        if (!sub) return {};
+        if (sub->GetType() << "o"_mst && provider.ConsumeBool()) {
+            return MakeNodeRef(NodeType::WRAP_S, Vector(std::move(sub)));
+        }
+        return MakeNodeRef(NodeType::WRAP_A, Vector(std::move(sub)));
+    } else if (typ << "K"_mst) {
+        // Generate a "K" node.
+        switch (provider.ConsumeIntegralInRange(0, 4)) {
+            case 0: return MakeNodeRef(NodeType::PK_K, Vector(TEST_DATA.dummy_keys[provider.ConsumeIntegralInRange(0, 255)]));
+            case 1: return MakeNodeRef(NodeType::PK_H, Vector(TEST_DATA.dummy_keys[provider.ConsumeIntegralInRange(0, 255)]));
+            case 2: return MultiSubs(provider, NodeType::AND_V, {"V"_mst, "K"_mst}, recursion_depth + 1);
+            case 3: return MultiSubs(provider, NodeType::OR_I, {"K"_mst, "K"_mst}, recursion_depth + 1);
+            case 4: return MultiSubs(provider, NodeType::ANDOR, {"B"_mst, "K"_mst, "K"_mst}, recursion_depth + 1);
+        }
+    }
+    assert(false);
+    return {};
+}
+
+//! Pre-compute the test data and point the various contexts to it.
+void initialize_miniscript_random() {
+    ECC_Start();
+    TEST_DATA.Init();
+    PARSER_CTX.test_data = &TEST_DATA;
+    SATISFIER_CTX.test_data = &TEST_DATA;
+    CHECKER_CTX.test_data = &TEST_DATA;
+}
+
+FUZZ_TARGET_INIT(miniscript_random, initialize_miniscript_random)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    // Generate a top-level node
+    const auto node = GenNode(fuzzed_data_provider, "B"_mst, 0);
+    if (!node || !node->IsValidTopLevel()) return;
+
+    // Check roundtrip to Script, and consistency between script size estimation and real size
+    const auto script = node->ToScript(PARSER_CTX);
+    assert(node->ScriptSize() == script.size());
+    auto decoded = miniscript::FromScript(script, PARSER_CTX);
+    assert(decoded);
+    // Note we can't use *decoded == *node because the miniscript representation may differ, so we check that:
+    // - The script corresponding to that decoded form matchs exactly
+    // - The type matches exactly
+    assert(decoded->ToScript(PARSER_CTX) == script);
+    assert(decoded->GetType() == node->GetType());
+
+    // Check consistency of "x" property with the script (relying on the fact that no
+    // top-level scripts end with a hash or key push, whose last byte could match these opcodes).
+    bool ends_in_verify = !(node->GetType() << "x"_mst);
+    assert(ends_in_verify == (script.back() == OP_CHECKSIG || script.back() == OP_CHECKMULTISIG || script.back() == OP_EQUAL));
+
+    // Check that it roundtrips to text representation
+    std::string str;
+    assert(node->ToString(PARSER_CTX, str));
+    auto parsed = miniscript::FromString(str, PARSER_CTX);
+    assert(parsed);
+    assert(*parsed == *node);
+
+    // Check both malleable and non-malleable satisfaction. Note that we only assert the produced witness
+    // is valid if the Miniscript was sane, as otherwise it could overflow the limits.
+    CScriptWitness witness;
+    const CScript script_pubkey = CScript() << OP_0 << WitnessV0ScriptHash(script);
+    const bool mal_success = node->Satisfy(SATISFIER_CTX, witness.stack, false) == miniscript::Availability::YES;
+    if (mal_success && node->IsSaneTopLevel()) {
+        witness.stack.push_back(std::vector<unsigned char>(script.begin(), script.end()));
+        assert(VerifyScript(DUMMY_SCRIPTSIG, script_pubkey, &witness, STANDARD_SCRIPT_VERIFY_FLAGS, CHECKER_CTX));
+    }
+    witness.stack.clear();
+    const bool nonmal_success = node->Satisfy(SATISFIER_CTX, witness.stack, true) == miniscript::Availability::YES;
+    if (nonmal_success && node->IsSaneTopLevel()) {
+        witness.stack.push_back(std::vector<unsigned char>(script.begin(), script.end()));
+        assert(VerifyScript(DUMMY_SCRIPTSIG, script_pubkey, &witness, STANDARD_SCRIPT_VERIFY_FLAGS, CHECKER_CTX));
+    }
+    // If a nonmalleable solution exists, a solution whatsoever must also exist.
+    assert(mal_success >= nonmal_success);
+    // If a miniscript is nonmalleable and needs a signature, and a solution exists, a non-malleable solution must also exist.
+    if (node->IsNonMalleable() && node->NeedsSignature()) assert(nonmal_success == mal_success);
+}
diff --git a/bitcoin/test/miniscript_tests.cpp b/bitcoin/test/miniscript_tests.cpp
index e3bdc2c..b123bb6 100644
--- a/bitcoin/test/miniscript_tests.cpp
+++ b/bitcoin/test/miniscript_tests.cpp
@@ -266,135 +266,6 @@ bool Satisfiable(const NodeRef& ref) {
     return false;
 }
 
-NodeRef GenNode(miniscript::Type typ, int complexity);
-
-//! Generate a random valid miniscript node of the given type and complexity.
-NodeRef RandomNode(miniscript::Type typ, int complexity) {
-    assert(complexity > 0);
-    NodeRef ret;
-    do {
-        ret = GenNode(typ, complexity);
-    } while (!ret || !ret->IsValid() || !(ret->GetType() << typ));
-    return ret;
-}
-
-//! Generate a vector of valid miniscript nodes of the given types, and a specified complexity of their sum.
-std::vector<NodeRef> MultiNode(int complexity, const std::vector<miniscript::Type>& types)
-{
-    int nodes = types.size();
-    assert(complexity >= nodes);
-    std::vector<int> subcomplex(nodes, 1);
-    if (nodes == 1) {
-        subcomplex[0] = complexity;
-    } else {
-        // This is a silly inefficient way to construct a multinomial distribution.
-        for (int i = 0; i < complexity - nodes; ++i) {
-            subcomplex[InsecureRandRange(nodes)]++;
-        }
-    }
-    std::vector<NodeRef> subs;
-    for (int i = 0; i < nodes; ++i) {
-        subs.push_back(RandomNode(types[i], subcomplex[i]));
-    }
-    return subs;
-}
-
-//! Generate a random (but occasionally invalid) miniscript node of the given type and complexity.
-NodeRef GenNode(miniscript::Type typ, int complexity) {
-    if (typ << "B"_mst) {
-        // Generate a "B" node.
-        if (complexity == 1) {
-            switch (InsecureRandBits(2)) {
-                case 0: return MakeNodeRef(InsecureRandBool() ? NodeType::JUST_0 : NodeType::JUST_1);
-                case 1: return MakeNodeRef(InsecureRandBool() ? NodeType::OLDER : NodeType::AFTER, 1 + InsecureRandRange((1ULL << (1 + InsecureRandRange(31))) - 1));
-                case 2: {
-                    int hashtype = InsecureRandBits(2);
-                    int index = InsecureRandRange(255);
-                    switch (hashtype) {
-                        case 0: return MakeNodeRef(NodeType::SHA256, g_testdata->sha256[index]);
-                        case 1: return MakeNodeRef(NodeType::RIPEMD160, g_testdata->ripemd160[index]);
-                        case 2: return MakeNodeRef(NodeType::HASH256, g_testdata->hash256[index]);
-                        case 3: return MakeNodeRef(NodeType::HASH160, g_testdata->hash160[index]);
-                    }
-                    break;
-                }
-                case 3: return MakeNodeRef(NodeType::WRAP_C, MultiNode(complexity, Vector("K"_mst)));
-            }
-            assert(false);
-        }
-        switch (InsecureRandRange(7 + (complexity >= 3) * 7 + (complexity >= 4) * 2)) {
-            // Complexity >= 2
-            case 0: return MakeNodeRef(NodeType::WRAP_C, MultiNode(complexity, Vector("K"_mst)));
-            case 1: return MakeNodeRef(NodeType::WRAP_D, MultiNode(complexity - 1, Vector("V"_mst)));
-            case 2: return MakeNodeRef(NodeType::WRAP_J, MultiNode(complexity - 1, Vector("B"_mst)));
-            case 3: return MakeNodeRef(NodeType::WRAP_N, MultiNode(complexity - 1, Vector("B"_mst)));
-            case 4: return MakeNodeRef(NodeType::OR_I, Cat(MultiNode(complexity - 1, Vector("B"_mst)), Vector(MakeNodeRef(NodeType::JUST_0))));
-            case 5: return MakeNodeRef(NodeType::OR_I, Cat(Vector(MakeNodeRef(NodeType::JUST_0)), MultiNode(complexity - 1, Vector("B"_mst))));
-            case 6: return MakeNodeRef(NodeType::AND_V, Cat(MultiNode(complexity - 1, Vector("V"_mst)), Vector(MakeNodeRef(NodeType::JUST_1))));
-            // Complexity >= 3
-            case 7: return MakeNodeRef(NodeType::AND_V, MultiNode(complexity - 1, Vector("V"_mst, "B"_mst)));
-            case 8: return MakeNodeRef(NodeType::ANDOR, Cat(MultiNode(complexity - 1, Vector("B"_mst, "B"_mst)), Vector(MakeNodeRef(NodeType::JUST_0))));
-            case 9: return MakeNodeRef(NodeType::AND_B, MultiNode(complexity - 1, Vector("B"_mst, "W"_mst)));
-            case 10: return MakeNodeRef(NodeType::OR_B, MultiNode(complexity - 1, Vector("B"_mst, "W"_mst)));
-            case 11: return MakeNodeRef(NodeType::OR_D, MultiNode(complexity - 1, Vector("B"_mst, "B"_mst)));
-            case 12: return MakeNodeRef(NodeType::OR_I, MultiNode(complexity - 1, Vector("B"_mst, "B"_mst)));
-            case 13: {
-                if (complexity != 3) return {};
-                int nkeys = 1 + (InsecureRandRange(15) * InsecureRandRange(25)) / 17;
-                int sigs = 1 + InsecureRandRange(nkeys);
-                std::vector<CPubKey> keys;
-                for (int i = 0; i < nkeys; ++i) keys.push_back(g_testdata->pubkeys[InsecureRandRange(255)]);
-                return MakeNodeRef(NodeType::MULTI, std::move(keys), sigs);
-            }
-            // Complexity >= 4
-            case 14: return MakeNodeRef(NodeType::ANDOR, MultiNode(complexity - 1, Vector("B"_mst, "B"_mst, "B"_mst)));
-            case 15: {
-                int args = 3 + InsecureRandRange(std::min(3, complexity - 3));
-                int sats = 2 + InsecureRandRange(args - 2);
-                return MakeNodeRef(NodeType::THRESH, MultiNode(complexity - 1, Cat(Vector("B"_mst), std::vector<miniscript::Type>(args - 1, "W"_mst))), sats);
-            }
-        }
-    } else if (typ << "V"_mst) {
-        // Generate a "V" node.
-        switch (InsecureRandRange(1 + (complexity >= 3) * 3 + (complexity >= 4))) {
-            // Complexity >= 1
-            case 0: return MakeNodeRef(NodeType::WRAP_V, MultiNode(complexity, Vector("B"_mst)));
-            // Complexity >= 3
-            case 1: return MakeNodeRef(NodeType::AND_V, MultiNode(complexity - 1, Vector("V"_mst, "V"_mst)));
-            case 2: return MakeNodeRef(NodeType::OR_C, MultiNode(complexity - 1, Vector("B"_mst, "V"_mst)));
-            case 3: return MakeNodeRef(NodeType::OR_I, MultiNode(complexity - 1, Vector("V"_mst, "V"_mst)));
-            // Complexity >= 4
-            case 4: return MakeNodeRef(NodeType::ANDOR, MultiNode(complexity - 1, Vector("B"_mst, "V"_mst, "V"_mst)));
-        }
-    } else if (typ << "W"_mst) {
-        // Generate a "W" node by wrapping a "B" node.
-        auto sub = RandomNode("B"_mst, complexity);
-        if (sub->GetType() << "o"_mst) {
-            if (InsecureRandBool()) return MakeNodeRef(NodeType::WRAP_S, Vector(std::move(sub)));
-        }
-        return MakeNodeRef(NodeType::WRAP_A, Vector(std::move(sub)));
-    } else if (typ << "K"_mst) {
-        // Generate a "K" node.
-        if (complexity == 1 || complexity == 2) {
-            if (InsecureRandBool()) {
-                return MakeNodeRef(NodeType::PK_K, Vector(g_testdata->pubkeys[InsecureRandRange(255)]));
-            } else {
-                return MakeNodeRef(NodeType::PK_H, Vector(g_testdata->pubkeys[InsecureRandRange(255)]));
-            }
-        }
-        switch (InsecureRandRange(2 + (complexity >= 4))) {
-            // Complexity >= 3
-            case 0: return MakeNodeRef(NodeType::AND_V, MultiNode(complexity - 1, Vector("V"_mst, "K"_mst)));
-            case 1: return MakeNodeRef(NodeType::OR_I, MultiNode(complexity - 1, Vector("K"_mst, "K"_mst)));
-            // Complexity >= 4
-            case 2: return MakeNodeRef(NodeType::ANDOR, MultiNode(complexity - 1, Vector("B"_mst, "K"_mst, "K"_mst)));
-        }
-    }
-    assert(false);
-    return {};
-}
-
-
 /** Compute all challenges (pubkeys, hashes, timelocks) that occur in a given Miniscript. */
 std::set<Challenge> FindChallenges(const NodeRef& ref) {
     std::set<Challenge> chal;
@@ -640,36 +511,4 @@ BOOST_AUTO_TEST_CASE(fixed_tests)
     g_testdata.reset();
 }
 
-BOOST_AUTO_TEST_CASE(random_tests)
-{
-    // Initialize precomputed data.
-    g_testdata.reset(new TestData());
-
-    for (int i = 0; i < 1000; ++i) {
-        bool safe = InsecureRandRange(20) == 0; // In 5% of the cases, generate safe top-level expressions.
-        // Generate a random B (or Bms) node of variable complexity, which should be valid as a top-level expression.
-        auto node = RandomNode(safe ? "Bms"_mst : "B"_mst, 1 + InsecureRandRange(90));
-        BOOST_CHECK(node && node->IsValid() && node->IsValidTopLevel());
-        auto script = node->ToScript(CONVERTER);
-        BOOST_CHECK(node->ScriptSize() == script.size()); // Check consistency between script size estimation and real size
-        // Check consistency of "x" property with the script (relying on the fact that no top-level scripts end with a hash or key push, whose last byte could match these opcodes).
-        bool ends_in_verify = !(node->GetType() << "x"_mst);
-        BOOST_CHECK(ends_in_verify == (script.back() == OP_CHECKSIG || script.back() == OP_CHECKMULTISIG || script.back() == OP_EQUAL));
-        std::string str;
-        BOOST_CHECK(node->ToString(CONVERTER, str)); // Check that we can convert to text
-        auto parsed = miniscript::FromString(str, CONVERTER);
-        BOOST_CHECK(parsed); // Check that we can convert back
-        BOOST_CHECK(*parsed == *node); // Check that it matches the original
-        auto decoded = miniscript::FromScript(script, CONVERTER);
-        BOOST_CHECK(decoded); // Check that we can decode the miniscript back from the script.
-        // Check that it matches the original (we can't use *decoded == *node because the miniscript representation may differ)
-        BOOST_CHECK(decoded->ToScript(CONVERTER) == script); // The script corresponding to that decoded form must match exactly.
-        BOOST_CHECK(decoded->GetType() == node->GetType()); // The type also has to match exactly.
-        // Random satisfaction tests.
-        TestSatisfy(str, node);
-    }
-
-    g_testdata.reset();
-}
-
 BOOST_AUTO_TEST_SUITE_END()