Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Functions
acir_dsl.fuzzer.cpp File Reference

VM-based fuzzer for ACIR DSL that uses FieldVM to generate witnesses and coefficients. More...

#include "acir_format.hpp"
#include "acir_to_constraint_buf.hpp"
#include "barretenberg/circuit_checker/circuit_checker.hpp"
#include "barretenberg/ecc/curves/bn254/fr.hpp"
#include "barretenberg/ecc/fields/field.fuzzer.hpp"
#include "barretenberg/numeric/uint256/uint256.hpp"
#include "barretenberg/serialize/msgpack.hpp"
#include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
#include "serde/acir.hpp"
#include <algorithm>
#include <cstdint>
#include <cstring>
#include <map>
#include <set>
#include <vector>

Go to the source code of this file.

Functions

size_t LLVMFuzzerMutate (uint8_t *Data, size_t Size, size_t MaxSize)
 
int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
 LibFuzzer entry point.
 
size_t LLVMFuzzerCustomMutator (uint8_t *data, size_t size, size_t max_size, unsigned int seed)
 Custom mutator for structure-aware mutations with size scaling.
 

Detailed Description

VM-based fuzzer for ACIR DSL that uses FieldVM to generate witnesses and coefficients.

This fuzzer leverages the existing FieldVM infrastructure from field.fuzzer.hpp:

  1. Execute field arithmetic operations via FieldVM<fr>
  2. Use VM internal state as witnesses and coefficients
  3. Generate ACIR Program with AssertZero opcodes
  4. Serialize to bincode format
  5. Go through acir_to_constraint_buf pipeline
  6. Solve for valid witnesses and verify circuits

VM Approach Benefits:

  • Reuses battle-tested FieldVM implementation
  • Structured generation of related field values
  • Better coverage of edge cases (zero, one, negatives, etc.)
  • More complex relationships between witnesses

Definition in file acir_dsl.fuzzer.cpp.

Function Documentation

◆ LLVMFuzzerCustomMutator()

size_t LLVMFuzzerCustomMutator ( uint8_t *  data,
size_t  size,
size_t  max_size,
unsigned int  seed 
)

Custom mutator for structure-aware mutations with size scaling.

Definition at line 934 of file acir_dsl.fuzzer.cpp.

◆ LLVMFuzzerMutate()

size_t LLVMFuzzerMutate ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

◆ LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput ( const uint8_t *  data,
size_t  size 
)

LibFuzzer entry point.

Definition at line 920 of file acir_dsl.fuzzer.cpp.