feat(avm): mutate global gas fees and timestamp (#19500)

Very very simple mutations for globals

Author: IlyasRidhuan

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.cpp

@@ -40,16 +40,20 @@ SimulatorResult fuzz_against_ts_simulator(FuzzerData& fuzzer_data, FuzzerContext
     FF fee_required_l2 = FF(tx.effective_gas_fees.fee_per_l2_gas) * FF(tx.gas_settings.gas_limits.l2_gas);
     ws_mgr->write_fee_payer_balance(tx.fee_payer, fee_required_da + fee_required_l2);
 
+    auto globals = create_default_globals();
+
     try {
         ws_mgr->checkpoint();
-        cpp_result = cpp_simulator.simulate(*ws_mgr, contract_db, tx, /*public_data_writes=*/{}, /*note_hashes=*/{});
+        cpp_result =
+            cpp_simulator.simulate(*ws_mgr, contract_db, tx, globals, /*public_data_writes=*/{}, /*note_hashes=*/{});
         ws_mgr->revert();
     } catch (const std::exception& e) {
         throw std::runtime_error(std::string("CppSimulator threw an exception: ") + e.what());
     }
 
     ws_mgr->checkpoint();
-    auto js_result = js_simulator->simulate(*ws_mgr, contract_db, tx, /*public_data_writes=*/{}, /*note_hashes=*/{});
+    auto js_result =
+        js_simulator->simulate(*ws_mgr, contract_db, tx, globals, /*public_data_writes=*/{}, /*note_hashes=*/{});
 
     context.reset();
 

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.test.cpp

@@ -63,8 +63,9 @@ class FuzzTest : public ::testing::Test {
         FF fee_required_l2 = FF(tx.effective_gas_fees.fee_per_l2_gas) * FF(tx.gas_settings.gas_limits.l2_gas);
         ws_mgr->write_fee_payer_balance(tx.fee_payer, fee_required_da + fee_required_l2);
         auto cpp_simulator = CppSimulator();
+        auto globals = create_default_globals();
 
-        auto result = cpp_simulator.simulate(*ws_mgr, contract_db, tx, {}, {});
+        auto result = cpp_simulator.simulate(*ws_mgr, contract_db, tx, globals, /*public_data_writes=*/{}, {});
 
         ws_mgr->revert();
 

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.cpp

@@ -81,6 +81,7 @@ SimulatorResult CppSimulator::simulate(
     fuzzer::FuzzerWorldStateManager& ws_mgr,
     fuzzer::FuzzerContractDB& contract_db,
     const Tx& tx,
+    const GlobalVariables& globals,
     [[maybe_unused]] const std::vector<bb::crypto::merkle_tree::PublicDataLeafValue>& public_data_writes,
     [[maybe_unused]] const std::vector<FF>& note_hashes)
 {
@@ -97,8 +98,6 @@ SimulatorResult CppSimulator::simulate(
 
     ProtocolContracts protocol_contracts{};
 
-    auto globals = create_default_globals();
-
     WorldState& ws = ws_mgr.get_world_state();
     WorldStateRevision ws_rev = ws_mgr.get_current_revision();
 
@@ -156,11 +155,10 @@ SimulatorResult JsSimulator::simulate(
     [[maybe_unused]] fuzzer::FuzzerWorldStateManager& ws_mgr,
     fuzzer::FuzzerContractDB& contract_db,
     const Tx& tx,
+    const GlobalVariables& globals,
     const std::vector<bb::crypto::merkle_tree::PublicDataLeafValue>& public_data_writes,
     const std::vector<FF>& note_hashes)
 {
-    auto globals = create_default_globals();
-
     std::string serialized = serialize_simulation_request(tx, globals, contract_db, public_data_writes, note_hashes);
 
     // Send the request

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp

@@ -61,6 +61,7 @@ class Simulator {
         fuzzer::FuzzerWorldStateManager& ws_mgr,
         fuzzer::FuzzerContractDB& contract_db,
         const Tx& tx,
+        const GlobalVariables& globals,
         const std::vector<bb::crypto::merkle_tree::PublicDataLeafValue>& public_data_writes,
         const std::vector<FF>& note_hashes) = 0;
 };
@@ -71,6 +72,7 @@ class CppSimulator : public Simulator {
     SimulatorResult simulate(fuzzer::FuzzerWorldStateManager& ws_mgr,
                              fuzzer::FuzzerContractDB& contract_db,
                              const Tx& tx,
+                             const GlobalVariables& globals,
                              const std::vector<bb::crypto::merkle_tree::PublicDataLeafValue>& public_data_writes,
                              const std::vector<FF>& note_hashes) override;
 };
@@ -97,6 +99,7 @@ class JsSimulator : public Simulator {
     SimulatorResult simulate(fuzzer::FuzzerWorldStateManager& ws_mgr,
                              fuzzer::FuzzerContractDB& contract_db,
                              const Tx& tx,
+                             const GlobalVariables& globals,
                              const std::vector<bb::crypto::merkle_tree::PublicDataLeafValue>& public_data_writes,
                              const std::vector<FF>& note_hashes) override;
 };
@@ -111,5 +114,3 @@ Tx create_default_tx(const AztecAddress& contract_address,
                      const Gas& gas_limit);
 
 bool compare_simulator_results(SimulatorResult& result1, SimulatorResult& result2);
-
-GlobalVariables create_default_globals();

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.cpp

@@ -12,6 +12,8 @@
 #include "barretenberg/avm_fuzzer/fuzz_lib/fuzz.hpp"
 #include "barretenberg/avm_fuzzer/fuzzer_comparison_helper.hpp"
 #include "barretenberg/avm_fuzzer/mutations/basic_types/field.hpp"
+#include "barretenberg/avm_fuzzer/mutations/basic_types/uint64_t.hpp"
+#include "barretenberg/avm_fuzzer/mutations/configuration.hpp"
 #include "barretenberg/avm_fuzzer/mutations/fuzzer_data.hpp"
 #include "barretenberg/avm_fuzzer/mutations/tx_data.hpp"
 #include "barretenberg/avm_fuzzer/mutations/tx_types/gas.hpp"
@@ -83,8 +85,8 @@ SimulatorResult fuzz_tx(FuzzerWorldStateManager& ws_mgr, FuzzerContractDB& contr
 
     try {
         ws_mgr.checkpoint();
-        cpp_result =
-            cpp_simulator.simulate(ws_mgr, contract_db, tx_data.tx, tx_data.public_data_writes, tx_data.note_hashes);
+        cpp_result = cpp_simulator.simulate(
+            ws_mgr, contract_db, tx_data.tx, tx_data.global_variables, tx_data.public_data_writes, tx_data.note_hashes);
         fuzz_info("CppSimulator completed without exception");
         fuzz_info("CppSimulator result: ", cpp_result);
         ws_mgr.revert();
@@ -100,8 +102,8 @@ SimulatorResult fuzz_tx(FuzzerWorldStateManager& ws_mgr, FuzzerContractDB& contr
     }
 
     ws_mgr.checkpoint();
-    auto js_result =
-        js_simulator->simulate(ws_mgr, contract_db, tx_data.tx, tx_data.public_data_writes, tx_data.note_hashes);
+    auto js_result = js_simulator->simulate(
+        ws_mgr, contract_db, tx_data.tx, tx_data.global_variables, tx_data.public_data_writes, tx_data.note_hashes);
 
     // If the results do not match
     if (!compare_simulator_results(cpp_result, js_result)) {
@@ -363,8 +365,16 @@ size_t mutate_tx_data(FuzzerContext& context,
     case FuzzerTxDataMutationType::ContractInstanceMutation:
         mutate_contract_instances(tx_data.contract_instances, tx_data.contract_addresses, rng);
         break;
-        // case TxDataMutationType::GlobalVariablesMutation:
-        //     break;
+    case FuzzerTxDataMutationType::GlobalVariablesMutation:
+        // This is just mutating the gas values and timestamp
+        mutate_uint64_t(tx_data.global_variables.timestamp, rng, BASIC_UINT64_T_MUTATION_CONFIGURATION);
+        mutate_gas_fees(tx_data.global_variables.gas_fees, rng);
+        // This must be less than or equal to the tx max fees per gas
+        tx_data.global_variables.gas_fees.fee_per_da_gas = std::min(
+            tx_data.global_variables.gas_fees.fee_per_da_gas, tx_data.tx.gas_settings.max_fees_per_gas.fee_per_da_gas);
+        tx_data.global_variables.gas_fees.fee_per_l2_gas = std::min(
+            tx_data.global_variables.gas_fees.fee_per_l2_gas, tx_data.tx.gas_settings.max_fees_per_gas.fee_per_l2_gas);
+        break;
         // case TxDataMutationType::ProtocolContractsMutation:
         // break;
     }

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.hpp

@@ -65,17 +65,18 @@ enum class FuzzerTxDataMutationType : uint8_t {
     BytecodeMutation,
     ContractClassMutation,
     ContractInstanceMutation,
-    // GlobalVariablesMutation,
+    GlobalVariablesMutation,
     // ProtocolContractsMutation
 };
 
-using FuzzerTxDataMutationConfig = WeightedSelectionConfig<FuzzerTxDataMutationType, 4>;
+using FuzzerTxDataMutationConfig = WeightedSelectionConfig<FuzzerTxDataMutationType, 5>;
 
 constexpr FuzzerTxDataMutationConfig FUZZER_TX_DATA_MUTATION_CONFIGURATION = FuzzerTxDataMutationConfig({
     { FuzzerTxDataMutationType::TxMutation, 10 },
     { FuzzerTxDataMutationType::BytecodeMutation, 1 },
     { FuzzerTxDataMutationType::ContractClassMutation, 1 },
     { FuzzerTxDataMutationType::ContractInstanceMutation, 1 },
+    { FuzzerTxDataMutationType::GlobalVariablesMutation, 4 },
 });
 
 // Build bytecode and contract artifacts from fuzzer data

barretenberg/cpp/src/barretenberg/avm_fuzzer/mutations/bytecode.cpp

@@ -98,6 +98,7 @@ void mutate_bytecode(std::vector<ContractClassWithCommitment>& contract_classes,
     FF delayed_public_mutable_slot = Poseidon2::hash({ FF(UPDATED_CLASS_IDS_SLOT), address });
 
     // Build preimage
+    // todo(ilyas): make this somewhat random but also take into account the mutation on global variables.timestamp
     FF metadata = 0; // The lower 32 bits are the timestamp_of_change, we set to 0 so it has "taken effect"
     FF hash = Poseidon2::hash({ metadata, original_class_id, new_class_id });