Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
fuzzer_lib.cpp
Go to the documentation of this file.
1#include "barretenberg/avm_fuzzer/fuzzer_lib.hpp"
2
3#include <cstdint>
4#include <string>
5#include <unordered_set>
6#include <vector>
7
8#include "barretenberg/api/file_io.hpp"
9#include "barretenberg/avm_fuzzer/common/interfaces/dbs.hpp"
10#include "barretenberg/avm_fuzzer/fuzz_lib/constants.hpp"
11#include "barretenberg/avm_fuzzer/fuzz_lib/control_flow.hpp"
12#include "barretenberg/avm_fuzzer/fuzz_lib/fuzz.hpp"
13#include "barretenberg/avm_fuzzer/fuzzer_comparison_helper.hpp"
14#include "barretenberg/avm_fuzzer/mutations/basic_types/field.hpp"
15#include "barretenberg/avm_fuzzer/mutations/basic_types/uint64_t.hpp"
16#include "barretenberg/avm_fuzzer/mutations/configuration.hpp"
17#include "barretenberg/avm_fuzzer/mutations/fuzzer_data.hpp"
18#include "barretenberg/avm_fuzzer/mutations/protocol_contracts.hpp"
19#include "barretenberg/avm_fuzzer/mutations/tx_data.hpp"
20#include "barretenberg/avm_fuzzer/mutations/tx_types/gas.hpp"
21#include "barretenberg/common/log.hpp"
22#include "barretenberg/vm2/avm_api.hpp"
23#include "barretenberg/vm2/common/avm_io.hpp"
24#include "barretenberg/vm2/common/aztec_types.hpp"
25#include "barretenberg/vm2/simulation/lib/contract_crypto.hpp"
26#include "barretenberg/vm2/simulation_helper.hpp"
27#include "barretenberg/vm2/tooling/stats.hpp"
28#include "barretenberg/vm2/tracegen_helper.hpp"
29
30using namespace bb::avm2::fuzzer;
31using namespace bb::avm2::simulation;
32using namespace bb::world_state;
33
34extern size_t LLVMFuzzerMutate(uint8_t* Data, size_t Size, size_t MaxSize);
35
36void setup_fuzzer_state(FuzzerWorldStateManager& ws_mgr, FuzzerContractDB& contract_db, const FuzzerTxData& tx_data)
37{
38 // Add all contract classes and instances to the contract DB
39 // There may be more classes than instances because of the possibility of mutated bytecodes that are used in
40 // upgrades - these are not directly instantiated
41 for (size_t i = 0; i < tx_data.contract_classes.size(); ++i) {
42 const auto& contract_class = tx_data.contract_classes[i];
43 contract_db.add_contract_class(contract_class.id, contract_class);
44 }
45
46 // Add contract instances to the contract DB
47 for (size_t i = 0; i < tx_data.contract_instances.size(); ++i) {
48 const auto& contract_instance = tx_data.contract_instances[i];
49 auto contract_address = tx_data.contract_addresses[i];
50 contract_db.add_contract_instance(contract_address, contract_instance);
51 }
52
53 // For protocol contracts, also add instances keyed by canonical address (1-11).
54 // This is needed because protocol contracts are looked up by canonical address,
55 // but the derived address in protocol_contracts.derived_addresses maps to the actual instance.
56 for (size_t i = 0; i < tx_data.protocol_contracts.derived_addresses.size(); ++i) {
57 const auto& derived_address = tx_data.protocol_contracts.derived_addresses[i];
58 if (!derived_address.is_zero()) {
59 // Canonical address is index + 1 (addresses 1-11 map to indices 0-10)
60 AztecAddress canonical_address(static_cast<uint256_t>(i + 1));
61 // Find the instance for this derived address and also add it by canonical address
62 auto maybe_instance = contract_db.get_contract_instance(derived_address);
63 if (maybe_instance.has_value()) {
64 contract_db.add_contract_instance(canonical_address, maybe_instance.value());
65 }
66 }
67 }
68
69 // Register contract addresses in the world state
70 for (const auto& addr : tx_data.contract_addresses) {
71 ws_mgr.register_contract_address(addr);
72 }
73
74 // Apply public data tree writes (e.g., for contract instance upgrades)
75 for (const auto& write : tx_data.public_data_writes) {
76 ws_mgr.public_data_write(write);
77 }
78
79 ws_mgr.append_note_hashes(tx_data.note_hashes);
80}
81
82void fund_fee_payer(FuzzerWorldStateManager& ws_mgr, const Tx& tx)
83{
84 // Compute fee from gas limits and max fees per gas (upper bound on fee)
85 FF fee_required_da = FF(tx.gas_settings.gas_limits.da_gas) * FF(tx.gas_settings.max_fees_per_gas.fee_per_da_gas);
86 FF fee_required_l2 = FF(tx.gas_settings.gas_limits.l2_gas) * FF(tx.gas_settings.max_fees_per_gas.fee_per_l2_gas);
87
88 // Fund fee payer with required fee
89 ws_mgr.write_fee_payer_balance(tx.fee_payer, fee_required_da + fee_required_l2);
90}
91
96SimulatorResult fuzz_tx(FuzzerWorldStateManager& ws_mgr, FuzzerContractDB& contract_db, FuzzerTxData& tx_data)
97{
98 // Run simulators
99 auto cpp_simulator = CppSimulator();
100 JsSimulator* js_simulator = JsSimulator::getInstance();
101 SimulatorResult cpp_result;
102
103 try {
104 ws_mgr.checkpoint();
105 cpp_result = cpp_simulator.simulate(ws_mgr,
106 contract_db,
107 tx_data.tx,
108 tx_data.global_variables,
109 tx_data.public_data_writes,
110 tx_data.note_hashes,
111 tx_data.protocol_contracts);
112 fuzz_info("CppSimulator completed without exception");
113 fuzz_info("CppSimulator result: ", cpp_result);
114 ws_mgr.revert();
115 } catch (const std::exception& e) {
116 fuzz_info("CppSimulator threw an exception: ", e.what());
117 cpp_result = SimulatorResult{
118 .reverted = true,
119 .output = {},
120 .end_tree_snapshots = TreeSnapshots(),
121 .revert_reason = e.what(),
122 };
123 ws_mgr.revert();
124 }
125
126 ws_mgr.checkpoint();
127 auto js_result = js_simulator->simulate(ws_mgr,
128 contract_db,
129 tx_data.tx,
130 tx_data.global_variables,
131 tx_data.public_data_writes,
132 tx_data.note_hashes,
133 tx_data.protocol_contracts);
134
135 // If the results do not match
136 if (!compare_simulator_results(cpp_result, js_result)) {
137 fuzz_info("CppSimulator ", cpp_result);
138 fuzz_info("JsSimulator ", js_result);
139 throw std::runtime_error("Simulator results are different");
140 }
141 fuzz_info("Simulator results match successfully");
142 fuzz_info("CppSimulator ", cpp_result);
143 fuzz_info("JsSimulator ", js_result);
144
145 return cpp_result;
146}
147
154TxSimulationResult fuzz_prover(FuzzerWorldStateManager& ws_mgr, FuzzerContractDB& contract_db, FuzzerTxData& tx_data)
155{
156 ProtocolContracts& protocol_contracts = tx_data.protocol_contracts;
157 WorldState& ws = ws_mgr.get_world_state();
158 WorldStateRevision ws_rev = ws_mgr.get_current_revision();
159 AvmSimulationHelper helper;
160
161 // Reset stats for this iteration
162 bb::avm2::Stats::get().reset();
163
164 const PublicSimulatorConfig sim_fast_config{
165 .skip_fee_enforcement = false,
166 .collect_call_metadata = true,
167 .collect_public_inputs = true,
168 };
169
170 const PublicSimulatorConfig sim_hint_config{
171 .skip_fee_enforcement = false,
172 .collect_call_metadata = true,
173 .collect_hints = true,
174 .collect_public_inputs = true,
175 };
176
177 // 1. Run simulate_fast_with_existing_ws
178 // It is the only one that may throw, so we wrap it in try-catch. If it fails, we do not proceed
179 TxSimulationResult fast_result;
180 try {
181 ws_mgr.checkpoint();
182 fast_result = AVM_TRACK_TIME_V(
183 "fuzzer/simulate_fast",
184 helper.simulate_fast_with_existing_ws(
185 contract_db, ws_rev, ws, sim_fast_config, tx_data.tx, tx_data.global_variables, protocol_contracts));
186 ws_mgr.revert();
187 } catch (const std::exception& e) {
188 ws_mgr.revert();
189 fuzz_info("simulate_fast_with_existing_ws threw an exception: ", e.what());
190 return {};
191 }
192
193 // 2. Run simulate_for_hint_collection
194 ws_mgr.checkpoint();
195 TxSimulationResult hint_result = AVM_TRACK_TIME_V(
196 "fuzzer/simulate_hints",
197 helper.simulate_for_hint_collection(
198 contract_db, ws_rev, ws, sim_hint_config, tx_data.tx, tx_data.global_variables, protocol_contracts));
199 ws_mgr.revert();
200
201 // 2a. Construct proving inputs from hint result
202 bb::avm2::AvmProvingInputs proving_inputs{
203 .public_inputs = hint_result.public_inputs.value(),
204 .hints = hint_result.hints.value(),
205 };
206
207 // 3. (optional) Simulate Fast with hinted db
208 TxSimulationResult sim_fast_hinted_result =
209 helper.simulate_fast_with_hinted_dbs(proving_inputs.hints, sim_fast_config);
210
211 // 4. Compare results from all 3 simulations
212 bool result = compare_cpp_simulator_results({ fast_result, hint_result, sim_fast_hinted_result });
213 BB_ASSERT(result,
214 "Simulation results do not match between simulate_fast, simulate_for_hint_collection, "
215 "and simulate_fast_with_hinted_dbs");
216
217 // 5. Run check_circuit (skip in coverage builds since it's slow and not needed for coverage measurement)
218
219#ifndef COVERAGE_AVM
220 avm2::AvmAPI avm_api;
221 bool check_circuit_result = avm_api.check_circuit(proving_inputs);
222 BB_ASSERT(check_circuit_result,
223 "check_circuit returned false in fuzzer with no exception, this indicates a failure");
224#else
225 // In coverage builds, run simulate_for_witgen and tracegen instead of check_circuit
226 // This gives us coverage the the event and tracegen code paths without the overhead of check_circuit
227 vinfo("Running simulate_for_witgen in coverage build (skipping check_circuit)");
228 avm2::AvmSimulationHelper simulation_helper;
229 auto events = simulation_helper.simulate_for_witgen(proving_inputs.hints);
230 AvmTraceGenHelper tracegen_helper;
231 tracegen::TraceContainer trace;
232 tracegen_helper.fill_trace_columns(trace, std::move(events), hint_result.public_inputs.value());
233#endif
234
235 return fast_result;
236}
237
238// Initialize FuzzerTxData with sensible defaults
239FuzzerTxData create_default_tx_data(std::mt19937_64& rng, FuzzerContext& context)
240{
241 FuzzerTxData tx_data = {
242 .tx = create_default_tx(MSG_SENDER, MSG_SENDER, {}, TRANSACTION_FEE, IS_STATIC_CALL, GAS_LIMIT),
243 .global_variables = { .chain_id = CHAIN_ID,
244 .version = VERSION,
245 .block_number = BLOCK_NUMBER,
246 .slot_number = SLOT_NUMBER,
247 .timestamp = TIMESTAMP,
248 .coinbase = COINBASE,
249 .fee_recipient = FEE_RECIPIENT,
250 .gas_fees =
251 GasFees{ .fee_per_da_gas = FEE_PER_DA_GAS, .fee_per_l2_gas = FEE_PER_L2_GAS } },
252 .protocol_contracts = {},
253 // We can write proper mutations for this. However it might not be of much value since we have variability from
254 // nonrevertible note hashes.
255 .note_hashes = { generate_random_field(rng), generate_random_field(rng), generate_random_field(rng) }
256 };
257
258 // TODO(alvaro): This is messy, we mutate when creating default tx data. Maybe we should just remove the mutation
259 // from generate_fuzzer_data altogether.
260 populate_context_from_tx_data(context, tx_data);
261 FuzzerData fuzzer_data = generate_fuzzer_data(rng, context);
262 tx_data.input_programs.push_back(fuzzer_data);
263
264 return tx_data;
265}
266
272
273ContractArtifacts build_bytecode_and_artifacts(FuzzerData& fuzzer_data)
274{
275 fuzz_info("Building bytecode from fuzzer data: ", fuzzer_data.instruction_blocks);
276 auto control_flow = ControlFlow(fuzzer_data.instruction_blocks);
277 for (const auto& cfg_instruction : fuzzer_data.cfg_instructions) {
278 control_flow.process_cfg_instruction(cfg_instruction);
279 }
280 auto bytecode = control_flow.build_bytecode(fuzzer_data.return_options);
281
282 auto bytecode_commitment = compute_public_bytecode_commitment(bytecode);
283 auto class_id = compute_contract_class_id(/*artifact_hash=*/0, /*private_fn_root=*/0, bytecode_commitment);
284 ContractClassWithCommitment contract_class{
285 .id = class_id,
286 .artifact_hash = 0,
287 .private_functions_root = 0,
288 .packed_bytecode = bytecode,
289 .public_bytecode_commitment = bytecode_commitment,
290 };
291 ContractInstance contract_instance{
292 .salt = 0,
293 .deployer = MSG_SENDER,
294 .current_contract_class_id = class_id, // Initial and current are the same
295 .original_contract_class_id = class_id,
296 .public_keys = {
297 .nullifier_key = { 0, 0 },
298 .incoming_viewing_key = grumpkin::g1::element::one(),
299 .outgoing_viewing_key = { 0, 0 },
300 .tagging_key = { 0, 0 },
301 },
302 };
303 return { bytecode, contract_class, contract_instance };
304}
305
306size_t mutate_tx_data(FuzzerContext& context,
307 uint8_t* serialized_fuzzer_data,
308 size_t serialized_fuzzer_data_size,
309 size_t max_size,
310 unsigned int seed)
311{
312 auto rng = std::mt19937_64(seed);
313 FuzzerTxData tx_data;
314 try {
315 msgpack::unpack((reinterpret_cast<const char*>(serialized_fuzzer_data)), serialized_fuzzer_data_size)
316 .get()
317 .convert(tx_data);
318 } catch (const std::exception&) {
319 fuzz_info("Failed to deserialize input in CustomMutator, creating default FuzzerTxData");
320 tx_data = create_default_tx_data(rng, context);
321 }
322
323 populate_context_from_tx_data(context, tx_data);
324
325 // Build up bytecodes, contract classes and instances from the fuzzer data
326 tx_data.contract_classes.clear();
327 tx_data.contract_instances.clear();
328 tx_data.contract_addresses.clear();
329 tx_data.public_data_writes.clear();
330 std::vector<AztecAddress> contract_addresses;
331
332 std::unordered_set<AztecAddress> seen_addresses;
333 for (auto& fuzzer_data : tx_data.input_programs) {
334 const auto [bytecode, contract_class, contract_instance] = build_bytecode_and_artifacts(fuzzer_data);
335
336 auto contract_address = simulation::compute_contract_address(contract_instance);
337
338 // Skip duplicate addresses - multiple input_programs can generate the same address
339 if (seen_addresses.contains(contract_address)) {
340 fuzz_info("Skipping duplicate contract address: ", contract_address);
341 continue;
342 }
343 seen_addresses.insert(contract_address);
344
345 contract_addresses.push_back(contract_address);
346 tx_data.contract_classes.push_back(contract_class);
347 tx_data.contract_instances.push_back(contract_instance);
348 }
349
350 tx_data.contract_addresses = contract_addresses;
351
352 // Ensure all enqueued calls have valid contract addresses (not placeholders)
353 // We may add more advanced mutation to change contract addresses later, right now we just ensure they are valid
354 if (!contract_addresses.empty()) {
355 auto idx_dist = std::uniform_int_distribution<size_t>(0, contract_addresses.size() - 1);
356 for (auto& call : tx_data.tx.setup_enqueued_calls) {
357 call.request.contract_address = contract_addresses[idx_dist(rng)];
358 }
359 for (auto& call : tx_data.tx.app_logic_enqueued_calls) {
360 call.request.contract_address = contract_addresses[idx_dist(rng)];
361 }
362 }
363
364 // Select mutation type (weighted against bytecode mutations) -- todo
365 FuzzerTxDataMutationType mutation_choice = FUZZER_TX_DATA_MUTATION_CONFIGURATION.select(rng);
366
367 switch (mutation_choice) {
368 case FuzzerTxDataMutationType::TxFuzzerDataMutation:
369 mutate_fuzzer_data_vec(context, tx_data.input_programs, rng, 64);
370 break;
371 case FuzzerTxDataMutationType::TxMutation:
372 mutate_tx(tx_data.tx, contract_addresses, rng);
373 break;
374 case FuzzerTxDataMutationType::BytecodeMutation:
375 mutate_bytecode(tx_data.contract_classes,
376 tx_data.contract_instances,
377 tx_data.contract_addresses,
378 tx_data.public_data_writes,
379 rng);
380 break;
381
382 case FuzzerTxDataMutationType::ContractClassMutation:
383 mutate_contract_classes(tx_data.contract_classes, tx_data.contract_instances, tx_data.contract_addresses, rng);
384 break;
385 case FuzzerTxDataMutationType::ContractInstanceMutation:
386 mutate_contract_instances(tx_data.contract_instances, tx_data.contract_addresses, rng);
387 break;
388 case FuzzerTxDataMutationType::GlobalVariablesMutation:
389 // This is just mutating the gas values and timestamp
390 mutate_uint64_t(tx_data.global_variables.timestamp, rng, BASIC_UINT64_T_MUTATION_CONFIGURATION);
391 mutate_gas_fees(tx_data.global_variables.gas_fees, rng);
392 break;
393 case FuzzerTxDataMutationType::ProtocolContractsMutation:
394 mutate_protocol_contracts(tx_data.protocol_contracts, tx_data.tx, tx_data.contract_addresses, rng);
395 break;
396 }
397
398 // Clear any protocol contract derived addresses that reference addresses no longer in the contract set.
399 // This can happen when mutations (e.g., ContractClassMutation, ContractInstanceMutation) change contract addresses.
400 // Must run AFTER all mutations since some mutations modify contract_addresses.
401 std::unordered_set<AztecAddress> valid_addresses(tx_data.contract_addresses.begin(),
402 tx_data.contract_addresses.end());
403 for (auto& derived_address : tx_data.protocol_contracts.derived_addresses) {
404 if (!derived_address.is_zero() && !valid_addresses.contains(derived_address)) {
405 derived_address = AztecAddress(0);
406 }
407 }
408
409 // Ensure at least 1 app_logic enqueued call exists (mutations may have deleted all), the public base kernel circuit
410 // guarantees that there is at least 1 enqueued call in an public tx (so this is a valid assumption)
411 if (tx_data.tx.app_logic_enqueued_calls.empty() && !contract_addresses.empty()) {
412 auto idx = std::uniform_int_distribution<size_t>(0, contract_addresses.size() - 1)(rng);
413 std::vector<FF> calldata = {};
414 auto calldata_hash = compute_calldata_hash(calldata);
415 tx_data.tx.app_logic_enqueued_calls.push_back(
416 PublicCallRequestWithCalldata{ .request = PublicCallRequest{ .msg_sender = MSG_SENDER,
417 .contract_address = contract_addresses[idx],
418 .is_static_call = false,
419 .calldata_hash = calldata_hash },
420 .calldata = calldata });
421 }
422
423 // Ensure global gas_fees <= max_fees_per_gas (required for compute_effective_gas_fees)
424 // This must run after ANY mutation since TxMutation can reduce max_fees_per_gas
425 tx_data.global_variables.gas_fees.fee_per_da_gas = std::min(
426 tx_data.global_variables.gas_fees.fee_per_da_gas, tx_data.tx.gas_settings.max_fees_per_gas.fee_per_da_gas);
427 tx_data.global_variables.gas_fees.fee_per_l2_gas = std::min(
428 tx_data.global_variables.gas_fees.fee_per_l2_gas, tx_data.tx.gas_settings.max_fees_per_gas.fee_per_l2_gas);
429
430 // Compute effective gas fees matching TS computeEffectiveGasFees
431 // This must be done after any mutation that could affect gas settings or global variables
432 tx_data.tx.effective_gas_fees =
433 compute_effective_gas_fees(tx_data.global_variables.gas_fees, tx_data.tx.gas_settings);
434
435 auto [mutated_serialized_fuzzer_data, mutated_serialized_fuzzer_data_size] = msgpack_encode_buffer(tx_data);
436 if (mutated_serialized_fuzzer_data_size > max_size) {
437 delete[] mutated_serialized_fuzzer_data;
438 return 0; // Can't fit mutated data in buffer, skip this mutation
439 }
440 memcpy(serialized_fuzzer_data, mutated_serialized_fuzzer_data, mutated_serialized_fuzzer_data_size);
441 delete[] mutated_serialized_fuzzer_data;
442
443 return mutated_serialized_fuzzer_data_size;
444}
445
446void populate_context_from_tx_data(FuzzerContext& context, const FuzzerTxData& tx_data)
447{
448 std::vector<std::pair<FF, uint64_t>> note_hash_leaf_index_pairs;
449 note_hash_leaf_index_pairs.reserve(tx_data.note_hashes.size() +
450 tx_data.tx.non_revertible_accumulated_data.note_hashes.size());
451
452 // For note hashes we assume we start from an empty tree. We could read size everytime but it'd slow things down.
453 // If you're having trouble with that check initialization on FuzzerWorldStateManager::initialize()
454 uint64_t leaf_offset = 0;
455
456 for (uint64_t i = 0; i < tx_data.note_hashes.size(); ++i) {
457 note_hash_leaf_index_pairs.push_back({ tx_data.note_hashes[i], leaf_offset + i });
458 }
459
460 uint64_t padding_leaves = MAX_NOTE_HASHES_PER_TX - (tx_data.note_hashes.size() % MAX_NOTE_HASHES_PER_TX);
461 leaf_offset += tx_data.note_hashes.size() + padding_leaves;
462
463 for (uint64_t i = 0; i < tx_data.tx.non_revertible_accumulated_data.note_hashes.size(); ++i) {
464 note_hash_leaf_index_pairs.push_back(
465 { tx_data.tx.non_revertible_accumulated_data.note_hashes[i], leaf_offset + i });
466 }
467
468 context.set_existing_note_hashes(note_hash_leaf_index_pairs);
469
470 context.set_existing_contract_addresses(tx_data.contract_addresses);
471}
BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:70
avm_api.hpp
constants.hpp
BLOCK_NUMBER
const uint32_t BLOCK_NUMBER
Definition constants.hpp:16
fuzz_info
#define fuzz_info(...)
Definition constants.hpp:51
FEE_RECIPIENT
const AztecAddress FEE_RECIPIENT
Definition constants.hpp:20
GAS_LIMIT
const Gas GAS_LIMIT
Definition constants.hpp:40
TRANSACTION_FEE
const FF TRANSACTION_FEE
Definition constants.hpp:38
COINBASE
const EthAddress COINBASE
Definition constants.hpp:19
MSG_SENDER
const FF MSG_SENDER
Definition constants.hpp:33
SLOT_NUMBER
const FF SLOT_NUMBER
Definition constants.hpp:17
CHAIN_ID
const FF CHAIN_ID
Definition constants.hpp:14
FEE_PER_DA_GAS
constexpr uint128_t FEE_PER_DA_GAS
Definition constants.hpp:21
IS_STATIC_CALL
const bool IS_STATIC_CALL
Definition constants.hpp:39
FEE_PER_L2_GAS
constexpr uint128_t FEE_PER_L2_GAS
Definition constants.hpp:22
generate_random_field
FF generate_random_field(std::mt19937_64 &rng)
Definition field.cpp:25
field.hpp
gas.hpp
avm_io.hpp
bytecode
std::shared_ptr< Napi::ThreadSafeFunction > bytecode
Definition avm_simulate_napi.cpp:131
MAX_NOTE_HASHES_PER_TX
#define MAX_NOTE_HASHES_PER_TX
Definition aztec_constants.hpp:12
aztec_types.hpp
contract_db
StrictMock< MockContractDB > contract_db
Definition bytecode_manager.test.cpp:48
CppSimulator
uses barretenberg/vm2 to simulate the bytecode
Definition simulator.hpp:75
JsSimulator
uses the yarn-project/simulator to simulate the bytecode Singleton, because initializing the simulato...
Definition simulator.hpp:88
JsSimulator::simulate
SimulatorResult simulate(fuzzer::FuzzerWorldStateManager &ws_mgr, fuzzer::FuzzerContractDB &contract_db, const Tx &tx, const GlobalVariables &globals, const std::vector< bb::crypto::merkle_tree::PublicDataLeafValue > &public_data_writes, const std::vector< FF > &note_hashes, const ProtocolContracts &protocol_contracts) override
Definition simulator.cpp:156
JsSimulator::getInstance
static JsSimulator * getInstance()
Definition simulator.cpp:138
WeightedSelectionConfig::select
T select(std::mt19937_64 &rng) const
Definition weighted_selection.hpp:33
bb::avm2::AvmAPI::check_circuit
bool check_circuit(const ProvingInputs &inputs)
Definition avm_api.cpp:36
bb::avm2::AvmSimulationHelper::simulate_for_hint_collection
TxSimulationResult simulate_for_hint_collection(simulation::ContractDBInterface &raw_contract_db, const world_state::WorldStateRevision &world_state_revision, world_state::WorldState &ws, const PublicSimulatorConfig &config, const Tx &tx, const GlobalVariables &global_variables, const ProtocolContracts &protocol_contracts, simulation::CancellationTokenPtr cancellation_token=nullptr)
Definition simulation_helper.cpp:581
bb::avm2::AvmSimulationHelper::simulate_fast_with_hinted_dbs
TxSimulationResult simulate_fast_with_hinted_dbs(const ExecutionHints &hints, const PublicSimulatorConfig &config)
Definition simulation_helper.cpp:636
bb::avm2::AvmSimulationHelper::simulate_fast_with_existing_ws
TxSimulationResult simulate_fast_with_existing_ws(simulation::ContractDBInterface &raw_contract_db, const world_state::WorldStateRevision &world_state_revision, world_state::WorldState &ws, const PublicSimulatorConfig &config, const Tx &tx, const GlobalVariables &global_variables, const ProtocolContracts &protocol_contracts, simulation::CancellationTokenPtr cancellation_token=nullptr)
Definition simulation_helper.cpp:561
bb::avm2::AvmSimulationHelper::simulate_for_witgen
simulation::EventsContainer simulate_for_witgen(const ExecutionHints &hints)
Definition simulation_helper.cpp:619
bb::avm2::AvmTraceGenHelper::fill_trace_columns
void fill_trace_columns(tracegen::TraceContainer &trace, simulation::EventsContainer &&events, const PublicInputs &public_inputs)
Definition tracegen_helper.cpp:186
bb::avm2::Stats::get
static Stats & get()
Definition stats.cpp:10
bb::avm2::Stats::reset
void reset()
Definition stats.cpp:16
bb::avm2::fuzzer::FuzzerWorldStateManager::get_world_state
world_state::WorldState & get_world_state()
Definition dbs.hpp:96
bb::avm2::fuzzer::FuzzerWorldStateManager::register_contract_address
void register_contract_address(const AztecAddress &contract_address)
Definition dbs.cpp:225
bb::avm2::fuzzer::FuzzerWorldStateManager::append_note_hashes
void append_note_hashes(const std::vector< FF > &note_hashes)
Definition dbs.cpp:253
bb::avm2::fuzzer::FuzzerWorldStateManager::write_fee_payer_balance
void write_fee_payer_balance(const AztecAddress &fee_payer, const FF &balance)
Definition dbs.cpp:234
bb::avm2::fuzzer::FuzzerWorldStateManager::get_current_revision
world_state::WorldStateRevision get_current_revision() const
Definition dbs.cpp:206
bb::avm2::fuzzer::FuzzerWorldStateManager::public_data_write
void public_data_write(const bb::crypto::merkle_tree::PublicDataLeafValue &public_data)
Definition dbs.cpp:247
bb::group::one
static constexpr element one
Definition group.hpp:46
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::world_state::WorldState
Holds the Merkle trees responsible for storing the state of the Aztec protocol.
Definition world_state.hpp:59
vinfo
#define vinfo(...)
Definition log.hpp:94
BASIC_UINT64_T_MUTATION_CONFIGURATION
constexpr Uint64MutationConfig BASIC_UINT64_T_MUTATION_CONFIGURATION
Definition configuration.hpp:62
trace
TestTraceContainer trace
Definition data_copy.test.cpp:63
class_id
FF class_id
Definition retrieved_bytecodes_tree_check.test.cpp:90
contract_address
AztecAddress contract_address
Definition written_public_data_slots_tree_check.test.cpp:97
contract_crypto.hpp
control_flow.hpp
file_io.hpp
ws_mgr
FuzzerWorldStateManager * ws_mgr
Definition fuzz.test.cpp:16
compare_cpp_simulator_results
bool compare_cpp_simulator_results(const std::vector< TxSimulationResult > &results)
Definition fuzzer_comparison_helper.cpp:46
fuzzer_comparison_helper.hpp
fuzz_tx
SimulatorResult fuzz_tx(FuzzerWorldStateManager &ws_mgr, FuzzerContractDB &contract_db, FuzzerTxData &tx_data)
Fuzz CPP vs JS simulator with a full transaction containing multiple enqueued calls.
Definition fuzzer_lib.cpp:96
populate_context_from_tx_data
void populate_context_from_tx_data(FuzzerContext &context, const FuzzerTxData &tx_data)
Definition fuzzer_lib.cpp:446
LLVMFuzzerMutate
size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize)
fuzz_prover
TxSimulationResult fuzz_prover(FuzzerWorldStateManager &ws_mgr, FuzzerContractDB &contract_db, FuzzerTxData &tx_data)
Run the prover fuzzer: fast simulation, hint collection, comparison, and check_circuit.
Definition fuzzer_lib.cpp:154
build_bytecode_and_artifacts
ContractArtifacts build_bytecode_and_artifacts(FuzzerData &fuzzer_data)
Definition fuzzer_lib.cpp:273
setup_fuzzer_state
void setup_fuzzer_state(FuzzerWorldStateManager &ws_mgr, FuzzerContractDB &contract_db, const FuzzerTxData &tx_data)
Definition fuzzer_lib.cpp:36
mutate_tx_data
size_t mutate_tx_data(FuzzerContext &context, uint8_t *serialized_fuzzer_data, size_t serialized_fuzzer_data_size, size_t max_size, unsigned int seed)
Definition fuzzer_lib.cpp:306
create_default_tx_data
FuzzerTxData create_default_tx_data(std::mt19937_64 &rng, FuzzerContext &context)
Definition fuzzer_lib.cpp:239
fund_fee_payer
void fund_fee_payer(FuzzerWorldStateManager &ws_mgr, const Tx &tx)
Definition fuzzer_lib.cpp:82
fuzzer_lib.hpp
FuzzerTxDataMutationType
FuzzerTxDataMutationType
Definition fuzzer_lib.hpp:63
FuzzerTxDataMutationType::ContractInstanceMutation
@ ContractInstanceMutation
FuzzerTxDataMutationType::TxFuzzerDataMutation
@ TxFuzzerDataMutation
FuzzerTxDataMutationType::ProtocolContractsMutation
@ ProtocolContractsMutation
FuzzerTxDataMutationType::ContractClassMutation
@ ContractClassMutation
FuzzerTxDataMutationType::GlobalVariablesMutation
@ GlobalVariablesMutation
FuzzerTxDataMutationType::TxMutation
@ TxMutation
FuzzerTxDataMutationType::BytecodeMutation
@ BytecodeMutation
ContractArtifacts
std::tuple< Bytecode, ContractClassWithCommitment, ContractInstance > ContractArtifacts
Definition fuzzer_lib.hpp:59
FUZZER_TX_DATA_MUTATION_CONFIGURATION
constexpr FuzzerTxDataMutationConfig FUZZER_TX_DATA_MUTATION_CONFIGURATION
Definition fuzzer_lib.hpp:75
msgpack_encode_buffer
std::pair< uint8_t *, size_t > msgpack_encode_buffer(auto &&obj, uint8_t *scratch_buf=nullptr, size_t scratch_size=0)
Definition msgpack_impl.hpp:28
fuzzer_data.hpp
bb::avm2::fuzzer::mutate_tx
void mutate_tx(Tx &tx, std::vector< AztecAddress > &contract_addresses, std::mt19937_64 &rng)
Definition tx_data.cpp:62
bb::avm2::fuzzer::mutate_contract_instances
void mutate_contract_instances(std::vector< ContractInstance > &contract_instances, std::vector< AztecAddress > &contract_addresses, std::mt19937_64 &rng)
Definition bytecode.cpp:175
bb::avm2::fuzzer::mutate_protocol_contracts
void mutate_protocol_contracts(ProtocolContracts &protocol_contracts, Tx &tx, const std::vector< AztecAddress > &contract_addresses, std::mt19937_64 &rng)
Definition protocol_contracts.cpp:34
bb::avm2::fuzzer::mutate_contract_classes
void mutate_contract_classes(std::vector< ContractClassWithCommitment > &contract_classes, std::vector< ContractInstance > &contract_instances, std::vector< AztecAddress > &contract_addresses, std::mt19937_64 &rng)
Definition bytecode.cpp:115
bb::avm2::fuzzer::generate_fuzzer_data
FuzzerData generate_fuzzer_data(std::mt19937_64 &rng, const FuzzerContext &context)
Definition fuzzer_data.cpp:78
bb::avm2::fuzzer::mutate_fuzzer_data_vec
void mutate_fuzzer_data_vec(const FuzzerContext &context, std::vector< FuzzerData > &enqueued_calls, std::mt19937_64 &rng, size_t max_size)
Definition tx_data.cpp:125
bb::avm2::fuzzer::mutate_bytecode
void mutate_bytecode(std::vector< ContractClassWithCommitment > &contract_classes, std::vector< ContractInstance > &contract_instances, const std::vector< AztecAddress > &contract_addresses, std::vector< bb::crypto::merkle_tree::PublicDataLeafValue > &public_data_writes, std::mt19937_64 &rng)
Definition bytecode.cpp:43
bb::avm2::fuzzer::mutate_gas_fees
void mutate_gas_fees(GasFees &fees, std::mt19937_64 &rng)
Definition gas.cpp:66
bb::avm2::fuzzer::compute_effective_gas_fees
GasFees compute_effective_gas_fees(const GasFees &gas_fees, const GasSettings &gas_settings)
Definition gas.cpp:121
bb::avm2::simulation::compute_public_bytecode_commitment
FF compute_public_bytecode_commitment(std::span< const uint8_t > bytecode)
Definition contract_crypto.cpp:40
bb::avm2::simulation::compute_contract_class_id
FF compute_contract_class_id(const FF &artifact_hash, const FF &private_fn_root, const FF &public_bytecode_commitment)
Definition contract_crypto.cpp:48
bb::avm2::simulation::compute_calldata_hash
FF compute_calldata_hash(std::span< const FF > calldata)
Definition contract_crypto.cpp:85
bb::avm2::simulation::compute_contract_address
FF compute_contract_address(const ContractInstance &contract_instance)
Definition contract_crypto.cpp:67
bb::avm2::FF
AvmFlavorSettings::FF FF
Definition field.hpp:10
bb::world_state
Definition fork.hpp:12
bb::write
void write(B &buf, field2< base_field, Params > const &value)
Definition field2_declarations.hpp:155
control_flow
Definition fuzz.test.cpp:738
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
protocol_contracts.hpp
simulation_helper.hpp
compare_simulator_results
bool compare_simulator_results(SimulatorResult &result1, SimulatorResult &result2)
Definition simulator.cpp:186
create_default_tx
Tx create_default_tx(const AztecAddress &contract_address, const AztecAddress &sender_address, const std::vector< FF > &calldata, const FF &transaction_fee, bool is_static_call, const Gas &gas_limit)
Definition simulator.cpp:213
AVM_TRACK_TIME_V
#define AVM_TRACK_TIME_V(key, body)
Definition stats.hpp:18
FuzzerData
describes the data which will be used for fuzzing Should contain instructions, calldata,...
Definition fuzzer_data.hpp:14
FuzzerData::return_options
ReturnOptions return_options
Definition fuzzer_data.hpp:18
FuzzerData::cfg_instructions
std::vector< CFGInstruction > cfg_instructions
Definition fuzzer_data.hpp:16
FuzzerData::instruction_blocks
std::vector< InstructionBlock > instruction_blocks
Definition fuzzer_data.hpp:15
FuzzerTxData::contract_addresses
std::vector< AztecAddress > contract_addresses
Definition fuzzer_lib.hpp:28
FuzzerTxData::protocol_contracts
ProtocolContracts protocol_contracts
Definition fuzzer_lib.hpp:32
FuzzerTxData::note_hashes
std::vector< FF > note_hashes
Definition fuzzer_lib.hpp:36
FuzzerTxData::input_programs
std::vector< FuzzerData > input_programs
Definition fuzzer_lib.hpp:23
FuzzerTxData::contract_instances
std::vector< ContractInstance > contract_instances
Definition fuzzer_lib.hpp:27
FuzzerTxData::contract_classes
std::vector< ContractClassWithCommitment > contract_classes
Definition fuzzer_lib.hpp:26
FuzzerTxData::global_variables
GlobalVariables global_variables
Definition fuzzer_lib.hpp:31
FuzzerTxData::public_data_writes
std::vector< bb::crypto::merkle_tree::PublicDataLeafValue > public_data_writes
Definition fuzzer_lib.hpp:35
bb::avm2::AccumulatedData::note_hashes
std::vector< FF > note_hashes
Definition avm_io.hpp:318
bb::avm2::AvmProvingInputs::public_inputs
PublicInputs public_inputs
Definition avm_io.hpp:418
bb::avm2::GasFees::fee_per_l2_gas
uint128_t fee_per_l2_gas
Definition aztec_types.hpp:310
bb::avm2::GasFees::fee_per_da_gas
uint128_t fee_per_da_gas
Definition aztec_types.hpp:309
bb::avm2::ProtocolContracts::derived_addresses
std::array< AztecAddress, MAX_PROTOCOL_CONTRACTS > derived_addresses
Definition aztec_types.hpp:589
bb::avm2::Tx::effective_gas_fees
GasFees effective_gas_fees
Definition avm_io.hpp:332
bb::avm2::Tx::setup_enqueued_calls
std::vector< PublicCallRequestWithCalldata > setup_enqueued_calls
Definition avm_io.hpp:337
bb::avm2::Tx::app_logic_enqueued_calls
std::vector< PublicCallRequestWithCalldata > app_logic_enqueued_calls
Definition avm_io.hpp:338
bb::avm2::Tx::non_revertible_accumulated_data
AccumulatedData non_revertible_accumulated_data
Definition avm_io.hpp:335
bb::avm2::Tx::gas_settings
GasSettings gas_settings
Definition avm_io.hpp:331
bb::avm2::TxSimulationResult::hints
std::optional< ExecutionHints > hints
Definition avm_io.hpp:558
bb::avm2::TxSimulationResult::public_inputs
std::optional< PublicInputs > public_inputs
Definition avm_io.hpp:557
bb::world_state::WorldStateRevision
Definition types.hpp:34
tracegen_helper.hpp
tx_data.hpp
mutate_uint64_t
void mutate_uint64_t(uint64_t &value, std::mt19937_64 &rng, const Uint64MutationConfig &config)
Definition uint64_t.cpp:4
uint64_t.hpp