Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
fuzz.cpp
Go to the documentation of this file.
1#include "barretenberg/avm_fuzzer/fuzz_lib/fuzz.hpp"
2
3#include "barretenberg/avm_fuzzer/common/interfaces/dbs.hpp"
4#include "barretenberg/avm_fuzzer/fuzz_lib/constants.hpp"
5#include "barretenberg/avm_fuzzer/fuzz_lib/control_flow.hpp"
6#include "barretenberg/avm_fuzzer/fuzz_lib/fuzzer_context.hpp"
7#include "barretenberg/avm_fuzzer/fuzz_lib/fuzzer_data.hpp"
8#include "barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp"
9#include "barretenberg/common/log.hpp"
10#include "barretenberg/vm2/simulation/lib/contract_crypto.hpp"
11
12using namespace bb::avm2::fuzzer;
13
14SimulatorResult fuzz_against_ts_simulator(FuzzerData& fuzzer_data, FuzzerContext& context)
15{
16 auto control_flow = ControlFlow(fuzzer_data.instruction_blocks);
17 for (const auto& cfg_instruction : fuzzer_data.cfg_instructions) {
18 control_flow.process_cfg_instruction(cfg_instruction);
19 }
20 fuzz_info("Instructions: ", fuzzer_data.instruction_blocks);
21 fuzz_info("Calldata: ", fuzzer_data.calldata);
22
23 auto bytecode = control_flow.build_bytecode(fuzzer_data.return_options);
24 fuzz_info("Bytecode: ", bytecode);
25
26 auto cpp_simulator = CppSimulator();
27 JsSimulator* js_simulator = JsSimulator::getInstance();
28 SimulatorResult cpp_result;
29
30 FuzzerWorldStateManager* ws_mgr = FuzzerWorldStateManager::getInstance();
31
32 auto contract_address = context.register_contract_from_bytecode(bytecode);
33 FuzzerContractDB contract_db = context.get_contract_db();
34
35 // Create the transaction
36 auto tx = create_default_tx(
37 contract_address, MSG_SENDER, fuzzer_data.calldata, TRANSACTION_FEE, IS_STATIC_CALL, GAS_LIMIT);
38
39 FF fee_required_da = FF(tx.effective_gas_fees.fee_per_da_gas) * FF(tx.gas_settings.gas_limits.da_gas);
40 FF fee_required_l2 = FF(tx.effective_gas_fees.fee_per_l2_gas) * FF(tx.gas_settings.gas_limits.l2_gas);
41 ws_mgr->write_fee_payer_balance(tx.fee_payer, fee_required_da + fee_required_l2);
42
43 try {
44 ws_mgr->checkpoint();
45 cpp_result = cpp_simulator.simulate(*ws_mgr, contract_db, tx);
46 ws_mgr->revert();
47 } catch (const std::exception& e) {
48 throw std::runtime_error(std::string("CppSimulator threw an exception: ") + e.what());
49 }
50
51 ws_mgr->checkpoint();
52 auto js_result = js_simulator->simulate(*ws_mgr, contract_db, tx);
53
54 context.reset();
55
56 // If the results does not match
57 if (!compare_simulator_results(cpp_result, js_result)) {
58 fuzz_info("CppSimulator ", cpp_result);
59 fuzz_info("JsSimulator ", js_result);
60 throw std::runtime_error("Simulator results are different");
61 }
62 fuzz_info("Simulator results match successfully");
63 fuzz_info("CppSimulator ", cpp_result);
64 fuzz_info("JsSimulator ", js_result);
65 return cpp_result;
66}
constants.hpp
fuzz_info
#define fuzz_info(...)
Definition constants.hpp:51
GAS_LIMIT
const Gas GAS_LIMIT
Definition constants.hpp:40
TRANSACTION_FEE
const FF TRANSACTION_FEE
Definition constants.hpp:38
MSG_SENDER
const FF MSG_SENDER
Definition constants.hpp:33
IS_STATIC_CALL
const bool IS_STATIC_CALL
Definition constants.hpp:39
bytecode
std::shared_ptr< Napi::ThreadSafeFunction > bytecode
Definition avm_simulate_napi.cpp:120
contract_db
StrictMock< MockContractDB > contract_db
Definition bytecode_manager.test.cpp:48
CppSimulator
uses barretenberg/vm2 to simulate the bytecode
Definition simulator.hpp:54
JsSimulator
uses the yarn-project/simulator to simulate the bytecode Singleton, because initializing the simulato...
Definition simulator.hpp:63
JsSimulator::getInstance
static JsSimulator * getInstance()
Definition simulator.cpp:128
JsSimulator::simulate
SimulatorResult simulate(fuzzer::FuzzerWorldStateManager &ws_mgr, fuzzer::FuzzerContractDB &contract_db, const Tx &tx) override
Definition simulator.cpp:146
bb::avm2::fuzzer::FuzzerWorldStateManager::getInstance
static FuzzerWorldStateManager * getInstance()
Definition dbs.hpp:80
bb::avm2::fuzzer::FuzzerWorldStateManager::write_fee_payer_balance
void write_fee_payer_balance(const AztecAddress &fee_payer, const FF &balance)
Definition dbs.cpp:227
contract_address
AztecAddress contract_address
Definition written_public_data_slots_tree_check.test.cpp:97
contract_crypto.hpp
control_flow.hpp
fuzz_against_ts_simulator
SimulatorResult fuzz_against_ts_simulator(FuzzerData &fuzzer_data, FuzzerContext &context)
fuzz CPP vs JS simulator with the given fuzzer data
Definition fuzz.cpp:14
ws_mgr
FuzzerWorldStateManager * ws_mgr
Definition fuzz.test.cpp:16
fuzzer_data.hpp
fuzzer_context.hpp
bb::avm2::FF
AvmFlavorSettings::FF FF
Definition field.hpp:10
control_flow
Definition fuzz.test.cpp:722
compare_simulator_results
bool compare_simulator_results(SimulatorResult &result1, SimulatorResult &result2)
Definition simulator.cpp:172
create_default_tx
Tx create_default_tx(const AztecAddress &contract_address, const AztecAddress &sender_address, const std::vector< FF > &calldata, const FF &transaction_fee, bool is_static_call, const Gas &gas_limit)
Definition simulator.cpp:188
FuzzerData
describes the data which will be used for fuzzing Should contain instructions, calldata,...
Definition fuzzer_data.hpp:12
FuzzerData::return_options
ReturnOptions return_options
Definition fuzzer_data.hpp:16
FuzzerData::calldata
std::vector< bb::avm2::FF > calldata
Definition fuzzer_data.hpp:15
FuzzerData::cfg_instructions
std::vector< CFGInstruction > cfg_instructions
Definition fuzzer_data.hpp:14
FuzzerData::instruction_blocks
std::vector< std::vector< FuzzInstruction > > instruction_blocks
Definition fuzzer_data.hpp:13