Barretenberg: src/barretenberg/avm_fuzzer/tx.fuzzer.cpp Source File

#include "barretenberg/avm_fuzzer/fuzzer_lib.hpp"


#include <cstdint>

#include <string>


#include "barretenberg/avm_fuzzer/common/interfaces/dbs.hpp"

#include "barretenberg/avm_fuzzer/fuzz_lib/constants.hpp"

#include "barretenberg/avm_fuzzer/fuzz_lib/fuzz.hpp"


using namespace bb::avm2::fuzzer;

using namespace bb::avm2::simulation;


extern "C" int LLVMFuzzerInitialize(int*, char***)

{

    const char* simulator_path = std::getenv("AVM_SIMULATOR_BIN");

    if (simulator_path == nullptr) {

        throw std::runtime_error("AVM_SIMULATOR_BIN is not set");

    }

    std::string simulator_path_str(simulator_path);

    JsSimulator::initialize(simulator_path_str);

    FuzzerWorldStateManager::initialize();

    return 0;

}


extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* serialized_fuzzer_data,

                                          size_t serialized_fuzzer_data_size,

                                          size_t max_size,

                                          unsigned int seed)

{

    // Haven't thought much about the lifecycle of this in the tx fuzzer. Maybe we want it in the serialized data?

    // Or we can regenerate from the serialized data.

    FuzzerContext context;

    return mutate_tx_data(context, serialized_fuzzer_data, serialized_fuzzer_data_size, max_size, seed);

}


extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)

{

    FuzzerWorldStateManager* ws_mgr = FuzzerWorldStateManager::getInstance();

    FuzzerContractDB contract_db;

    ws_mgr->fork();


    FuzzerContext context;


    FuzzerTxData tx_data;

    try {

        msgpack::unpack((reinterpret_cast<const char*>(data)), size).get().convert(tx_data);

    } catch (const std::exception& e) {

        fuzz_info("Failed to deserialize input in TestOneInput, using default. Exception: ", e.what());

        tx_data = create_default_tx_data(context);

    }


    // Setup contracts and fund fee payer

    setup_fuzzer_state(*ws_mgr, contract_db, tx_data);

    fund_fee_payer(*ws_mgr, tx_data.tx);


    fuzz_tx(*ws_mgr, contract_db, tx_data);

    ws_mgr->reset_world_state();


    return 0;

}


constants.hpp

fuzz_info
#define fuzz_info(...)
Definition constants.hpp:51

contract_db
StrictMock< MockContractDB > contract_db
Definition bytecode_manager.test.cpp:48

JsSimulator::initialize
static void initialize(std::string &simulator_path)
Definition simulator.cpp:138

bb::avm2::context
Definition context.hpp:37

bb::avm2::fuzzer::FuzzerContext
Definition fuzzer_context.hpp:15

bb::avm2::fuzzer::FuzzerContractDB
Definition dbs.hpp:13

bb::avm2::fuzzer::FuzzerWorldStateManager
Definition dbs.hpp:64

bb::avm2::fuzzer::FuzzerWorldStateManager::reset_world_state
void reset_world_state()
Definition dbs.cpp:210

bb::avm2::fuzzer::FuzzerWorldStateManager::initialize
static void initialize()
Definition dbs.hpp:72

bb::avm2::fuzzer::FuzzerWorldStateManager::getInstance
static FuzzerWorldStateManager * getInstance()
Definition dbs.hpp:80

bb::avm2::fuzzer::FuzzerWorldStateManager::fork
world_state::WorldStateRevision fork()
Definition dbs.cpp:204

data
const std::vector< MemoryValue > data
Definition data_copy.test.cpp:70

dbs.hpp

fuzz.hpp

ws_mgr
FuzzerWorldStateManager * ws_mgr
Definition fuzz.test.cpp:16

fuzz_tx
SimulatorResult fuzz_tx(FuzzerWorldStateManager &ws_mgr, FuzzerContractDB &contract_db, FuzzerTxData &tx_data)
Fuzz CPP vs JS simulator with a full transaction containing multiple enqueued calls.
Definition fuzzer_lib.cpp:62

create_default_tx_data
FuzzerTxData create_default_tx_data(std::mt19937_64 &rng, const FuzzerContext &context)
Definition fuzzer_lib.cpp:188

setup_fuzzer_state
void setup_fuzzer_state(FuzzerWorldStateManager &ws_mgr, FuzzerContractDB &contract_db, const FuzzerTxData &tx_data)
Definition fuzzer_lib.cpp:27

mutate_tx_data
size_t mutate_tx_data(FuzzerContext &context, uint8_t *serialized_fuzzer_data, size_t serialized_fuzzer_data_size, size_t max_size, unsigned int seed)
Definition fuzzer_lib.cpp:246

fund_fee_payer
void fund_fee_payer(FuzzerWorldStateManager &ws_mgr, const Tx &tx)
Definition fuzzer_lib.cpp:48

fuzzer_lib.hpp

bb::avm2::fuzzer
Definition dbs.cpp:19

bb::avm2::simulation
Definition address_derivation_event.hpp:6

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

FuzzerTxData
Definition fuzzer_lib.hpp:18

FuzzerTxData::tx
Tx tx
Definition fuzzer_lib.hpp:27

LLVMFuzzerInitialize
int LLVMFuzzerInitialize(int *, char ***)
Definition tx.fuzzer.cpp:13

LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Definition tx.fuzzer.cpp:36

LLVMFuzzerCustomMutator
size_t LLVMFuzzerCustomMutator(uint8_t *serialized_fuzzer_data, size_t serialized_fuzzer_data_size, size_t max_size, unsigned int seed)
Definition tx.fuzzer.cpp:25