Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ecc.fuzzer.cpp
Go to the documentation of this file.
1#include "barretenberg/vm2/generated/relations/ecc.hpp"
2#include <cassert>
3#include <cstdint>
4#include <fuzzer/FuzzedDataProvider.h>
5#include <random>
6
7#include "barretenberg/avm_fuzzer/mutations/basic_types/field.hpp"
8#include "barretenberg/common/serialize.hpp"
9#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
10#include "barretenberg/ecc/groups/affine_element.hpp"
11#include "barretenberg/numeric/uint256/uint256.hpp"
12#include "barretenberg/vm2/common/aztec_types.hpp"
13#include "barretenberg/vm2/common/field.hpp"
14#include "barretenberg/vm2/common/memory_types.hpp"
15#include "barretenberg/vm2/common/standard_affine_point.hpp"
16#include "barretenberg/vm2/constraining/testing/check_relation.hpp"
17#include "barretenberg/vm2/generated/columns.hpp"
18#include "barretenberg/vm2/generated/relations/scalar_mul.hpp"
19#include "barretenberg/vm2/simulation/events/ecc_events.hpp"
20#include "barretenberg/vm2/simulation/events/event_emitter.hpp"
21#include "barretenberg/vm2/simulation/events/field_gt_event.hpp"
22#include "barretenberg/vm2/simulation/events/gt_event.hpp"
23#include "barretenberg/vm2/simulation/events/range_check_event.hpp"
24#include "barretenberg/vm2/simulation/gadgets/ecc.hpp"
25#include "barretenberg/vm2/simulation/gadgets/field_gt.hpp"
26#include "barretenberg/vm2/simulation/gadgets/gt.hpp"
27#include "barretenberg/vm2/simulation/gadgets/range_check.hpp"
28#include "barretenberg/vm2/simulation/gadgets/to_radix.hpp"
29#include "barretenberg/vm2/tooling/debugger.hpp"
30#include "barretenberg/vm2/tracegen/ecc_trace.hpp"
31#include "barretenberg/vm2/tracegen/execution_trace.hpp"
32#include "barretenberg/vm2/tracegen/field_gt_trace.hpp"
33#include "barretenberg/vm2/tracegen/gt_trace.hpp"
34#include "barretenberg/vm2/tracegen/precomputed_trace.hpp"
35#include "barretenberg/vm2/tracegen/range_check_trace.hpp"
36#include "barretenberg/vm2/tracegen/test_trace_container.hpp"
37#include "barretenberg/vm2/tracegen/to_radix_trace.hpp"
38
39using namespace bb::avm2::simulation;
40using namespace bb::avm2::tracegen;
41using namespace bb::avm2::constraining;
42
43using avm2::AffinePoint;
44using StandardAffinePoint = avm2::StandardAffinePoint<AffinePoint>;
45using bb::avm2::EmbeddedCurvePoint;
46using bb::avm2::FF;
47using bb::avm2::MemoryAddress;
48using bb::avm2::MemoryTag;
49using bb::avm2::MemoryValue;
50
51using ecc_rel = bb::avm2::ecc<FF>;
52using scalar_mul_rel = bb::avm2::scalar_mul<FF>;
53
54namespace {
55
56avm2::Fq random_fq_scalar(std::mt19937_64& rng)
57{
58 std::uniform_int_distribution<uint64_t> dist(0, std::numeric_limits<uint64_t>::max());
59
60 std::array<uint64_t, 4> limbs;
61 for (size_t i = 0; i < 4; ++i) {
62 limbs[i] = dist(rng);
63 }
64
65 return avm2::Fq(limbs[0], limbs[1], limbs[2], limbs[3]);
66}
67
68// Right now just mutate the address within the u32 range
69MemoryAddress mutate_memory_address(MemoryAddress addr, std::mt19937_64& rng)
70{
71 int choose_mutation = std::uniform_int_distribution<int>(0, 2)(rng);
72 switch (choose_mutation) {
73 case 0: {
74 // Mutate by fixed amount
75 std::uniform_int_distribution<int32_t> offset_dist(-1024, 1024);
76 uint32_t offset = static_cast<uint32_t>(offset_dist(rng));
77 return addr + offset;
78 } break;
79 case 1: {
80 // Random new address
81 std::uniform_int_distribution<uint32_t> dist(0, std::numeric_limits<uint32_t>::max());
82 return dist(rng);
83 }
84 default:
85 // No mutation
86 return addr;
87 }
88}
89
90} // namespace
91
92struct EccFuzzerInput {
93 AffinePoint p = AffinePoint::one();
94 AffinePoint q = AffinePoint::one();
95 avm2::Fq scalar = avm2::Fq::zero();
96 // Addresses are organised as:
97 // p_x, p_y, p_inf, q_x, q_y, q_inf, output_addr
98 std::array<MemoryAddress, 7> addresses{};
99 EccFuzzerInput() = default;
100
101 // Serialize to buffer
102 void to_buffer(uint8_t* buffer) const
103 {
104 size_t offset = 0;
105 AffinePoint::serialize_to_buffer(p, buffer + offset);
106 offset += sizeof(AffinePoint);
107 AffinePoint::serialize_to_buffer(q, buffer + offset);
108 offset += sizeof(AffinePoint);
109 avm2::Fq::serialize_to_buffer(scalar, buffer + offset);
110 offset += sizeof(avm2::Fq);
111 // Serialize memory addresses
112 std::memcpy(buffer + offset, &addresses[0], sizeof(MemoryAddress) * 7);
113 }
114
115 static EccFuzzerInput from_buffer(const uint8_t* buffer)
116 {
117 EccFuzzerInput input;
118 size_t offset = 0;
119 input.p = AffinePoint::serialize_from_buffer(buffer + offset);
120 offset += sizeof(AffinePoint);
121 input.q = AffinePoint::serialize_from_buffer(buffer + offset);
122 offset += sizeof(AffinePoint);
123 input.scalar = avm2::Fq::serialize_from_buffer(buffer + offset);
124 offset += sizeof(avm2::Fq);
125 // Deserialize memory addresses
126 std::memcpy(&input.addresses[0], buffer + offset, sizeof(MemoryAddress) * 7);
127
128 return input;
129 }
130};
131
132extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, size_t max_size, unsigned int seed)
133{
134 if (size < sizeof(EccFuzzerInput)) {
135 // Initialize with default input
136 EccFuzzerInput input;
137 input.to_buffer(data);
138 return sizeof(EccFuzzerInput);
139 }
140
141 std::mt19937_64 rng(seed);
142
143 // Deserialize current input
144 EccFuzzerInput input = EccFuzzerInput::from_buffer(data);
145
146 // We want to define sensible mutation of points as random bits are unlikely to yield valid points.
147 // Lib Fuzzer will stack 5-6 mutations on top of each other by default
148 std::uniform_int_distribution<int> dist(0, 7);
149 int choice = dist(rng);
150
151 switch (choice) {
152 case 0: {
153 // Set P to random valid point
154 avm2::Fq rand_scalar = random_fq_scalar(rng);
155 input.p = AffinePoint::one() * rand_scalar;
156 break;
157 }
158 case 1: {
159 // Set P to random invalid point
160 avm2::FF rand_x = FF(random_fq_scalar(rng));
161 avm2::FF rand_y = FF(random_fq_scalar(rng));
162 input.p = AffinePoint(FF(rand_x), FF(rand_y));
163 while (input.p.on_curve()) {
164 // Ensure it's invalid
165 input.p = AffinePoint(FF(rand_x + FF(1)), FF(rand_y));
166 }
167
168 break;
169 }
170 case 2: {
171 // Set P to point at infinity
172 input.p.set_infinity();
173 break;
174 }
175 case 3: {
176 // Swap P and Q
177 std::swap(input.p, input.q);
178 break;
179 }
180 case 4: {
181 // Set P = -Q
182 input.p = input.q * avm2::Fq(-1);
183 break;
184 }
185 case 5: {
186 // Set scalar to random point
187 input.scalar = random_fq_scalar(rng);
188 break;
189 }
190 case 6: {
191 // Set scalar to one
192 input.scalar = avm2::Fq::one();
193 break;
194 }
195 case 7: {
196 // Mutate memory addresses
197 // Select a random address to mutate
198 std::uniform_int_distribution<size_t> addr_dist(0, 6);
199 size_t addr_index = addr_dist(rng);
200 input.addresses[addr_index] = mutate_memory_address(input.addresses[addr_index], rng);
201 break;
202 }
203 default:
204 break;
205 }
206
207 // Serialize mutated input back to buffer
208 input.to_buffer(data);
209
210 if (max_size > sizeof(EccFuzzerInput)) {
211 return sizeof(EccFuzzerInput);
212 }
213
214 return sizeof(EccFuzzerInput);
215}
216
217extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
218{
219 using bb::avm2::MemoryValue;
220
221 if (size < sizeof(EccFuzzerInput)) {
222 info("Input size too small");
223 return 0;
224 }
225
226 // Parse input
227 const EccFuzzerInput input = EccFuzzerInput::from_buffer(data);
228 bool error = false;
229
230 EmbeddedCurvePoint point_p =
231 input.p.is_point_at_infinity() ? EmbeddedCurvePoint::infinity() : EmbeddedCurvePoint(input.p);
232 EmbeddedCurvePoint point_q =
233 input.q.is_point_at_infinity() ? EmbeddedCurvePoint::infinity() : EmbeddedCurvePoint(input.q);
234
235 // Set up gadgets and event emitters
236 DeduplicatingEventEmitter<RangeCheckEvent> range_check_emitter;
237 DeduplicatingEventEmitter<GreaterThanEvent> greater_than_emitter;
238 DeduplicatingEventEmitter<FieldGreaterThanEvent> field_gt_emitter;
239 EventEmitter<EccAddEvent> ecadd_emitter;
240 EventEmitter<ScalarMulEvent> scalar_mul_emitter;
241 EventEmitter<EccAddMemoryEvent> add_memory_emitter;
242 EventEmitter<ToRadixEvent> to_radix_emitter;
243 EventEmitter<ToRadixMemoryEvent> to_radix_memory_emitter;
244 EventEmitter<MemoryEvent> memory_emitter;
245
246 RangeCheck range_check(range_check_emitter);
247 FieldGreaterThan field_gt(range_check, field_gt_emitter);
248 GreaterThan greater_than(field_gt, range_check, greater_than_emitter);
249 ExecutionIdManager execution_id_manager(0);
250 ToRadix to_radix(execution_id_manager, greater_than, to_radix_emitter, to_radix_memory_emitter);
251 Ecc ecc(execution_id_manager, greater_than, to_radix, ecadd_emitter, scalar_mul_emitter, add_memory_emitter);
252
253 MemoryProvider mem_provider(range_check, execution_id_manager, memory_emitter);
254 auto mem = mem_provider.make_memory(0);
255
256 mem->set(/*p_x_addr*/ input.addresses[0], MemoryValue::from_tag(MemoryTag::FF, point_p.x()));
257 mem->set(/*p_y_addr*/ input.addresses[1], MemoryValue::from_tag(MemoryTag::FF, point_p.y()));
258 mem->set(/*p_inf*/ input.addresses[2], MemoryValue::from_tag(MemoryTag::U1, point_p.is_infinity() ? FF(1) : FF(0)));
259 mem->set(/*q_x_addr*/ input.addresses[3], MemoryValue::from_tag(MemoryTag::FF, point_q.x()));
260 mem->set(/*q_y_addr*/ input.addresses[4], MemoryValue::from_tag(MemoryTag::FF, point_q.y()));
261 mem->set(/*q_inf*/ input.addresses[5], MemoryValue::from_tag(MemoryTag::U1, point_q.is_infinity() ? FF(1) : FF(0)));
262
263 EmbeddedCurvePoint scalar_mul_result;
264
265 try {
266 ecc.add(*mem, input.p, input.q, /* output_addr */ input.addresses[6]);
267 scalar_mul_result = ecc.scalar_mul(input.p, FF(uint256_t(input.scalar)));
268 } catch (std::exception& e) {
269 // info("Caught exception during ECC add: {}", e.what());
270 error = true;
271 }
272 if (!error) {
273 // StandardAffinePoint, unlike AffinePoint, normalises infinity to (0, 0) to match EmbeddedCurvePoint
274 StandardAffinePoint expected_result = StandardAffinePoint(input.p) + StandardAffinePoint(input.q);
275
276 // Verify output in memory
277 MemoryValue res_x = mem->get(input.addresses[6]);
278 MemoryValue res_y = mem->get(input.addresses[6] + 1);
279 MemoryValue res_inf = mem->get(input.addresses[6] + 2);
280
281 EmbeddedCurvePoint result_point = EmbeddedCurvePoint(res_x.as_ff(), res_y.as_ff(), res_inf.as_ff() == FF(1));
282
283 BB_ASSERT(result_point.x() == expected_result.x(), "Result x-coordinate mismatch");
284 BB_ASSERT(result_point.y() == expected_result.y(), "Result y-coordinate mismatch");
285 BB_ASSERT(result_point.is_infinity() == expected_result.is_infinity(), "Result infinity flag mismatch");
286
287 // Non mem-aware ecmul result:
288 expected_result = StandardAffinePoint(input.p) * input.scalar;
289
290 BB_ASSERT(scalar_mul_result.x() == expected_result.x(), "Mul result x-coordinate mismatch");
291 BB_ASSERT(scalar_mul_result.y() == expected_result.y(), "Mul result y-coordinate mismatch");
292 BB_ASSERT(scalar_mul_result.is_infinity() == expected_result.is_infinity(),
293 "Mul result infinity flag mismatch");
294 }
295
296 // Initialize trace container and execution trace columns
297 auto trace = TestTraceContainer({ {
298 { avm2::Column::execution_context_id, 0 },
299 // Point P
300 { avm2::Column::execution_register_0_, point_p.x() }, // = px
301 { avm2::Column::execution_register_1_, point_p.y() }, // = py
302 { avm2::Column::execution_register_2_, point_p.is_infinity() ? FF(1) : FF(0) }, // = p_inf
303 // Point Q
304 { avm2::Column::execution_register_3_, point_q.x() }, // = qx
305 { avm2::Column::execution_register_4_, point_q.y() }, // = qy
306 { avm2::Column::execution_register_5_, point_q.is_infinity() ? FF(1) : FF(0) }, // = q_inf
307 // Dst address
308 { avm2::Column::execution_rop_6_, input.addresses[6] }, // = dst_addr
309 { avm2::Column::execution_sel_exec_dispatch_ecc_add, 1 }, // = sel
310 { avm2::Column::execution_sel_opcode_error, error ? 1 : 0 }, // = sel_err
311 } });
312
313 PrecomputedTraceBuilder precomputed_builder;
314 RangeCheckTraceBuilder range_check_builder;
315 FieldGreaterThanTraceBuilder field_gt_builder;
316 GreaterThanTraceBuilder gt_builder;
317 ToRadixTraceBuilder to_radix_builder;
318 EccTraceBuilder builder;
319
320 precomputed_builder.process_misc(trace, 2);
321 range_check_builder.process(range_check_emitter.dump_events(), trace);
322 field_gt_builder.process(field_gt_emitter.dump_events(), trace);
323 gt_builder.process(greater_than_emitter.dump_events(), trace);
324 to_radix_builder.process(to_radix_emitter.dump_events(), trace);
325 builder.process_add_with_memory(add_memory_emitter.dump_events(), trace);
326 builder.process_add(ecadd_emitter.dump_events(), trace);
327 builder.process_scalar_mul(scalar_mul_emitter.dump_events(), trace);
328
329 if (getenv("AVM_DEBUG") != nullptr) {
330 info("Debugging trace:");
331 bb::avm2::InteractiveDebugger debugger(trace);
332 debugger.run();
333 }
334
335 check_relation<ecc_rel>(trace);
336 check_relation<scalar_mul_rel>(trace);
337 check_all_interactions<EccTraceBuilder>(trace);
338 check_interaction<ExecutionTraceBuilder, bb::avm2::perm_execution_dispatch_to_ecc_add_settings>(trace);
339
340 return 0;
341}
affine_element.hpp
field_gt_emitter
DeduplicatingEventEmitter< FieldGreaterThanEvent > field_gt_emitter
Definition alu_integration.test.cpp:58
greater_than
GreaterThan greater_than
Definition alu_integration.test.cpp:65
field_gt
FieldGreaterThan field_gt
Definition alu_integration.test.cpp:64
range_check_emitter
DeduplicatingEventEmitter< RangeCheckEvent > range_check_emitter
Definition alu_integration.test.cpp:57
BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:80
field.hpp
aztec_types.hpp
check_relation.hpp
bb::avm2::InteractiveDebugger::run
void run(uint32_t starting_row=0)
Definition debugger.cpp:76
bb::avm2::StandardAffinePoint::is_infinity
constexpr bool is_infinity() const noexcept
Definition standard_affine_point.hpp:68
bb::avm2::StandardAffinePoint::x
constexpr const BaseField & x() const noexcept
Definition standard_affine_point.hpp:74
bb::avm2::StandardAffinePoint::y
constexpr const BaseField & y() const noexcept
Definition standard_affine_point.hpp:76
bb::avm2::TaggedValue::from_tag
static TaggedValue from_tag(ValueTag tag, FF value)
Definition tagged_value.cpp:227
bb::avm2::range_check
Definition range_check.hpp:34
bb::avm2::scalar_mul
Definition scalar_mul.hpp:35
bb::avm2::simulation::DeduplicatingEventEmitter::dump_events
EventEmitter< Event >::Container dump_events()
Definition event_emitter.hpp:49
bb::avm2::simulation::MemoryProvider::make_memory
std::unique_ptr< MemoryInterface > make_memory(uint16_t space_id) override
Definition memory.hpp:57
bb::avm2::to_radix
Definition to_radix.hpp:35
bb::avm2::tracegen::FieldGreaterThanTraceBuilder::process
void process(const simulation::EventEmitterInterface< simulation::FieldGreaterThanEvent >::Container &events, TraceContainer &trace)
Definition field_gt_trace.cpp:15
bb::avm2::tracegen::GreaterThanTraceBuilder::process
void process(const simulation::EventEmitterInterface< simulation::GreaterThanEvent >::Container &events, TraceContainer &trace)
Definition gt_trace.cpp:11
bb::avm2::tracegen::PrecomputedTraceBuilder::process_misc
void process_misc(TraceContainer &trace, const uint32_t num_rows=MAX_AVM_TRACE_SIZE)
Definition precomputed_trace.cpp:25
bb::avm2::tracegen::RangeCheckTraceBuilder::process
void process(const simulation::EventEmitterInterface< simulation::RangeCheckEvent >::Container &events, TraceContainer &trace)
Definition range_check_trace.cpp:16
bb::avm2::tracegen::ToRadixTraceBuilder::process
void process(const simulation::EventEmitterInterface< simulation::ToRadixEvent >::Container &events, TraceContainer &trace)
Definition to_radix_trace.cpp:18
bb::crypto::merkle_tree::MemoryStore::get
bool get(std::vector< uint8_t > const &key, std::vector< uint8_t > &value)
Definition memory_store.hpp:45
bb::group_elements::affine_element
Definition affine_element.hpp:22
bb::group_elements::affine_element::is_point_at_infinity
constexpr bool is_point_at_infinity() const noexcept
Definition affine_element_impl.hpp:125
bb::group_elements::affine_element::serialize_from_buffer
static affine_element serialize_from_buffer(const uint8_t *buffer, bool write_x_first=false)
Restore point from a buffer.
Definition affine_element.hpp:152
bb::group_elements::affine_element::on_curve
constexpr bool on_curve() const noexcept
Definition affine_element_impl.hpp:137
bb::group_elements::affine_element::one
static constexpr affine_element one() noexcept
Definition affine_element.hpp:50
bb::group_elements::affine_element::serialize_to_buffer
static void serialize_to_buffer(const affine_element &value, uint8_t *buffer, bool write_x_first=false)
Serialize the point to the given buffer.
Definition affine_element.hpp:125
bb::group_elements::affine_element::set_infinity
constexpr affine_element set_infinity() const noexcept
Definition affine_element_impl.hpp:103
bb::numeric::uint256_t
Definition uint256.hpp:32
info
void info(Args... args)
Definition log.hpp:89
range_check_builder
RangeCheckTraceBuilder range_check_builder
Definition alu.test.cpp:121
precomputed_builder
PrecomputedTraceBuilder precomputed_builder
Definition alu.test.cpp:120
field_gt_builder
FieldGreaterThanTraceBuilder field_gt_builder
Definition alu.test.cpp:122
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
gt_builder
GreaterThanTraceBuilder gt_builder
Definition alu.test.cpp:123
execution_id_manager
ExecutionIdManager execution_id_manager
Definition data_copy.test.cpp:51
mem
MemoryStore mem
Definition data_copy.test.cpp:61
data
const std::vector< MemoryValue > data
Definition data_copy.test.cpp:70
trace
TestTraceContainer trace
Definition data_copy.test.cpp:63
expected_result
bool expected_result
Definition field_gt.test.cpp:54
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Definition ecc.fuzzer.cpp:217
LLVMFuzzerCustomMutator
size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t max_size, unsigned int seed)
Definition ecc.fuzzer.cpp:132
ecc_events.hpp
ecc_trace.hpp
offset
ssize_t offset
Definition engine.cpp:36
buffer
uint8_t buffer[RANDOM_BUFFER_SIZE]
Definition engine.cpp:34
event_emitter.hpp
execution_trace.hpp
field_gt_event.hpp
field_gt_trace.hpp
field_gt.hpp
gt_event.hpp
gt_trace.hpp
memory_types.hpp
bb::avm2::EmbeddedCurvePoint
StandardAffinePoint< AvmFlavorSettings::EmbeddedCurve::AffineElement > EmbeddedCurvePoint
Definition field.hpp:12
bb::avm2::Fq
AvmFlavorSettings::G1::Fq Fq
Definition field.hpp:11
bb::avm2::MemoryAddress
uint32_t MemoryAddress
Definition memory_types.hpp:11
bb::avm2::AffinePoint
grumpkin::g1::affine_element AffinePoint
Definition aztec_types.hpp:20
bb::avm2::FF
AvmFlavorSettings::FF FF
Definition field.hpp:10
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
precomputed_trace.hpp
range_check_event.hpp
range_check_trace.hpp
scalar_mul.hpp
range_check.hpp
to_radix.hpp
standard_affine_point.hpp
EccFuzzerInput::p
AffinePoint p
Definition ecc.fuzzer.cpp:93
EccFuzzerInput::to_buffer
void to_buffer(uint8_t *buffer) const
Definition ecc.fuzzer.cpp:102
EccFuzzerInput::scalar
avm2::Fq scalar
Definition ecc.fuzzer.cpp:95
EccFuzzerInput::EccFuzzerInput
EccFuzzerInput()=default
EccFuzzerInput::from_buffer
static EccFuzzerInput from_buffer(const uint8_t *buffer)
Definition ecc.fuzzer.cpp:115
EccFuzzerInput::q
AffinePoint q
Definition ecc.fuzzer.cpp:94
EccFuzzerInput::addresses
std::array< MemoryAddress, 7 > addresses
Definition ecc.fuzzer.cpp:98
test_trace_container.hpp
to_radix_trace.hpp