Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
fuzz.cpp
Go to the documentation of this file.
1#include "barretenberg/avm_fuzzer/fuzz_lib/fuzz.hpp"
2
3#include "barretenberg/avm_fuzzer/fuzz_lib/constants.hpp"
4#include "barretenberg/avm_fuzzer/fuzz_lib/control_flow.hpp"
5#include "barretenberg/avm_fuzzer/fuzz_lib/fuzzer_data.hpp"
6#include "barretenberg/common/log.hpp"
7
8using namespace bb::avm2::fuzzer;
9
10void log_result(const SimulatorResult& result)
11{
12 info("Reverted: ", result.reverted);
13 info("Output: ", result.output);
14 info("Reason: ", result.revert_reason);
15}
16
17SimulatorResult fuzz(FuzzerData& fuzzer_data)
18{
19 bool logging_enabled = std::getenv("AVM_FUZZER_LOGGING") != nullptr;
20 auto control_flow = ControlFlow(fuzzer_data.instruction_blocks);
21 for (const auto& cfg_instruction : fuzzer_data.cfg_instructions) {
22 control_flow.process_cfg_instruction(cfg_instruction);
23 }
24 if (logging_enabled) {
25 info("Fuzzer data: ", fuzzer_data);
26 }
27 auto bytecode = control_flow.build_bytecode(fuzzer_data.return_options);
28 if (logging_enabled) {
29 info("Bytecode: ", bytecode);
30 }
31
32 auto cpp_simulator = CppSimulator();
33 JsSimulator* js_simulator = JsSimulator::getInstance();
34 SimulatorResult cpp_result;
35
36 FuzzerWorldStateManager* ws_mgr = FuzzerWorldStateManager::getInstance();
37 ws_mgr->register_contract_address(CONTRACT_ADDRESS);
38
39 try {
40 ws_mgr->checkpoint();
41 cpp_result = cpp_simulator.simulate(*ws_mgr, bytecode, fuzzer_data.calldata);
42 ws_mgr->revert();
43 } catch (const std::exception& e) {
44 info("CppSimulator failed with error: ", e.what());
45 throw std::runtime_error("Error simulating with CppSimulator");
46 }
47
48 ws_mgr->checkpoint();
49 auto js_result = js_simulator->simulate(*ws_mgr, bytecode, fuzzer_data.calldata);
50
51 // If the results does not match
52 if (!compare_simulator_results(cpp_result, js_result)) {
53 info("CppSimulator result: ");
54 log_result(cpp_result);
55 info("JsSimulator result: ");
56 log_result(js_result);
57 throw std::runtime_error("Simulator results are different");
58 }
59 if (logging_enabled) {
60 info("Simulator results match successfully");
61 log_result(cpp_result);
62 }
63 return cpp_result;
64}
constants.hpp
CONTRACT_ADDRESS
const FF CONTRACT_ADDRESS
Definition constants.hpp:33
bytecode
std::shared_ptr< Napi::ThreadSafeFunction > bytecode
Definition avm_simulate_napi.cpp:78
CppSimulator
uses barretenberg/vm2 to simulate the bytecode
Definition simulator.hpp:35
JsSimulator
uses the yarn-project/simulator to simulate the bytecode Singleton, because initializing the simulato...
Definition simulator.hpp:44
JsSimulator::getInstance
static JsSimulator * getInstance()
Definition simulator.cpp:174
JsSimulator::simulate
SimulatorResult simulate(fuzzer::FuzzerWorldStateManager &ws_mgr, const std::vector< uint8_t > &bytecode, const std::vector< FF > &calldata) override
Definition simulator.cpp:192
bb::avm2::fuzzer::FuzzerWorldStateManager::getInstance
static FuzzerWorldStateManager * getInstance()
Definition dbs.hpp:108
bb::avm2::fuzzer::FuzzerWorldStateManager::register_contract_address
void register_contract_address(const AztecAddress &contract_address)
Definition dbs.cpp:286
info
void info(Args... args)
Definition log.hpp:75
control_flow.hpp
log_result
void log_result(const SimulatorResult &result)
Definition fuzz.cpp:10
fuzz
SimulatorResult fuzz(FuzzerData &fuzzer_data)
fuzz CPP vs JS simulator with the given fuzzer data
Definition fuzz.cpp:17
fuzzer_data.hpp
control_flow
Definition fuzz.test.cpp:663
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
compare_simulator_results
bool compare_simulator_results(const SimulatorResult &result1, const SimulatorResult &result2)
Definition simulator.cpp:263
FuzzerData
describes the data which will be used for fuzzing Should contain instructions, calldata,...
Definition fuzzer_data.hpp:12
FuzzerData::return_options
ReturnOptions return_options
Definition fuzzer_data.hpp:16
FuzzerData::calldata
std::vector< bb::avm2::FF > calldata
Definition fuzzer_data.hpp:15
FuzzerData::cfg_instructions
std::vector< CFGInstruction > cfg_instructions
Definition fuzzer_data.hpp:14
FuzzerData::instruction_blocks
std::vector< std::vector< FuzzInstruction > > instruction_blocks
Definition fuzzer_data.hpp:13
SimulatorResult::revert_reason
std::string revert_reason
Definition simulator.hpp:18
SimulatorResult::output
std::vector< FF > output
Definition simulator.hpp:16