Barretenberg: src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.cpp Source File

#include "barretenberg/avm_fuzzer/fuzz_lib/fuzz.hpp"


#include "barretenberg/avm_fuzzer/common/interfaces/dbs.hpp"

#include "barretenberg/avm_fuzzer/fuzz_lib/constants.hpp"

#include "barretenberg/avm_fuzzer/fuzz_lib/control_flow.hpp"

#include "barretenberg/avm_fuzzer/fuzz_lib/fuzzer_context.hpp"

#include "barretenberg/avm_fuzzer/fuzz_lib/fuzzer_data.hpp"

#include "barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp"

#include "barretenberg/common/log.hpp"

#include "barretenberg/vm2/simulation/lib/contract_crypto.hpp"


using namespace bb::avm2::fuzzer;


SimulatorResult fuzz_against_ts_simulator(FuzzerData& fuzzer_data, FuzzerContext& context)

{

    auto control_flow = ControlFlow(fuzzer_data.instruction_blocks);

    for (const auto& cfg_instruction : fuzzer_data.cfg_instructions) {

        control_flow.process_cfg_instruction(cfg_instruction);

    }

    fuzz_info("Instructions: ", fuzzer_data.instruction_blocks);

    fuzz_info("Calldata: ", fuzzer_data.calldata);


    auto bytecode = control_flow.build_bytecode(fuzzer_data.return_options);

    fuzz_info("Bytecode: ", bytecode);


    auto cpp_simulator = CppSimulator();

    JsSimulator* js_simulator = JsSimulator::getInstance();

    SimulatorResult cpp_result;


    FuzzerWorldStateManager* ws_mgr = FuzzerWorldStateManager::getInstance();


    auto contract_address = context.register_contract_from_bytecode(bytecode);

    FuzzerContractDB contract_db = context.get_contract_db();


    // Create the transaction

    auto tx = create_default_tx(

        contract_address, MSG_SENDER, fuzzer_data.calldata, TRANSACTION_FEE, IS_STATIC_CALL, GAS_LIMIT);


    FF fee_required_da = FF(tx.effective_gas_fees.fee_per_da_gas) * FF(tx.gas_settings.gas_limits.da_gas);

    FF fee_required_l2 = FF(tx.effective_gas_fees.fee_per_l2_gas) * FF(tx.gas_settings.gas_limits.l2_gas);

    ws_mgr->write_fee_payer_balance(tx.fee_payer, fee_required_da + fee_required_l2);


    auto globals = create_default_globals();


    try {

        ws_mgr->checkpoint();

        cpp_result = cpp_simulator.simulate(*ws_mgr,

                                            contract_db,

                                            tx,

                                            globals,

                                            /*public_data_writes=*/{},

                                            /*note_hashes=*/{},

                                            /*protocol_contracts=*/{});

        ws_mgr->revert();

    } catch (const std::exception& e) {

        throw std::runtime_error(std::string("CppSimulator threw an exception: ") + e.what());

    }


    ws_mgr->checkpoint();

    auto js_result = js_simulator->simulate(*ws_mgr,

                                            contract_db,

                                            tx,

                                            globals,

                                            /*public_data_writes=*/{},

                                            /*note_hashes=*/{},

                                            /*protocol_contracts=*/{});


    context.reset();


    // If the results does not match

    if (!compare_simulator_results(cpp_result, js_result)) {

        fuzz_info("CppSimulator ", cpp_result);

        fuzz_info("JsSimulator  ", js_result);

        throw std::runtime_error("Simulator results are different");

    }

    fuzz_info("Simulator results match successfully");

    fuzz_info("CppSimulator ", cpp_result);

    fuzz_info("JsSimulator  ", js_result);

    return cpp_result;

}


constants.hpp

fuzz_info
#define fuzz_info(...)
Definition constants.hpp:51

GAS_LIMIT
const Gas GAS_LIMIT
Definition constants.hpp:40

TRANSACTION_FEE
const FF TRANSACTION_FEE
Definition constants.hpp:38

MSG_SENDER
const FF MSG_SENDER
Definition constants.hpp:33

IS_STATIC_CALL
const bool IS_STATIC_CALL
Definition constants.hpp:39

bytecode
std::shared_ptr< Napi::ThreadSafeFunction > bytecode
Definition avm_simulate_napi.cpp:131

contract_db
StrictMock< MockContractDB > contract_db
Definition bytecode_manager.test.cpp:48

ControlFlow
Definition control_flow.hpp:140

CppSimulator
uses barretenberg/vm2 to simulate the bytecode
Definition simulator.hpp:75

JsSimulator
uses the yarn-project/simulator to simulate the bytecode Singleton, because initializing the simulato...
Definition simulator.hpp:88

JsSimulator::simulate
SimulatorResult simulate(fuzzer::FuzzerWorldStateManager &ws_mgr, fuzzer::FuzzerContractDB &contract_db, const Tx &tx, const GlobalVariables &globals, const std::vector< bb::crypto::merkle_tree::PublicDataLeafValue > &public_data_writes, const std::vector< FF > &note_hashes, const ProtocolContracts &protocol_contracts) override
Definition simulator.cpp:156

JsSimulator::getInstance
static JsSimulator * getInstance()
Definition simulator.cpp:138

bb::avm2::context
Definition context.hpp:37

bb::avm2::fuzzer::FuzzerContext
Definition fuzzer_context.hpp:15

bb::avm2::fuzzer::FuzzerContractDB
Definition dbs.hpp:13

bb::avm2::fuzzer::FuzzerWorldStateManager
Definition dbs.hpp:64

bb::avm2::fuzzer::FuzzerWorldStateManager::getInstance
static FuzzerWorldStateManager * getInstance()
Definition dbs.hpp:80

bb::avm2::fuzzer::FuzzerWorldStateManager::checkpoint
void checkpoint()
Definition dbs.hpp:98

bb::avm2::fuzzer::FuzzerWorldStateManager::write_fee_payer_balance
void write_fee_payer_balance(const AztecAddress &fee_payer, const FF &balance)
Definition dbs.cpp:234

bb::avm2::fuzzer::FuzzerWorldStateManager::revert
void revert()
Definition dbs.hpp:102

bb::avm2::tx
Definition tx.hpp:36

log.hpp

contract_address
AztecAddress contract_address
Definition written_public_data_slots_tree_check.test.cpp:97

contract_crypto.hpp

control_flow.hpp

dbs.hpp

fuzz_against_ts_simulator
SimulatorResult fuzz_against_ts_simulator(FuzzerData &fuzzer_data, FuzzerContext &context)
fuzz CPP vs JS simulator with the given fuzzer data
Definition fuzz.cpp:14

fuzz.hpp

ws_mgr
FuzzerWorldStateManager * ws_mgr
Definition fuzz.test.cpp:16

fuzzer_data.hpp

fuzzer_context.hpp

bb::avm2::fuzzer
Definition dbs.cpp:19

bb::avm2::FF
AvmFlavorSettings::FF FF
Definition field.hpp:10

control_flow
Definition fuzz.test.cpp:738

compare_simulator_results
bool compare_simulator_results(SimulatorResult &result1, SimulatorResult &result2)
Definition simulator.cpp:186

create_default_tx
Tx create_default_tx(const AztecAddress &contract_address, const AztecAddress &sender_address, const std::vector< FF > &calldata, const FF &transaction_fee, bool is_static_call, const Gas &gas_limit)
Definition simulator.cpp:213

create_default_globals
GlobalVariables create_default_globals()
Definition simulator.cpp:68

simulator.hpp

FuzzerData
describes the data which will be used for fuzzing Should contain instructions, calldata,...
Definition fuzzer_data.hpp:14

FuzzerData::return_options
ReturnOptions return_options
Definition fuzzer_data.hpp:18

FuzzerData::calldata
std::vector< bb::avm2::FF > calldata
Definition fuzzer_data.hpp:17

FuzzerData::cfg_instructions
std::vector< CFGInstruction > cfg_instructions
Definition fuzzer_data.hpp:16

FuzzerData::instruction_blocks
std::vector< InstructionBlock > instruction_blocks
Definition fuzzer_data.hpp:15

SimulatorResult
Definition simulator.hpp:46

bb::field< bb::Bn254FrParams >