feat(avm): emit unencrypted log gadget fuzzer (#18817)

### Emit Unencrypted Log Fuzzer

Closes:
[AVM-106](https://linear.app/aztec-labs/issue/AVM-106/fuzz-emit-unencryptedlog)

Currently tests a single event (i.e. one log per run) with all
interactions. Coverage is nearly 100% with caveats:

- Trace: it seems like there are no gaps - the coverage tool is a bit
confused about branches
- Gadget: only the checkpointing functions (e.g.
EmitUnencryptedLog::on_checkpoint_created()) aren't hit

Uses similar logic to the memory and calldata fuzzers to fill a field
vector to emit as a log while being able to fuzz its length. Covers log
values, size, memory address, contract address, and some specific edge
cases (static calls, tag mismatch) to hit all errors.

Discovered a possible underflow, addressed here: #19076 

Unfortunately this needed a lot of surrounding gadget setup so I just
threw it into a new file (`context_helper`) for readability - we don't
have to use this class, happy to remove it! In future I can integrate it
with the existing simulation helpers for fuzzing.

Author: MirandaWood

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp

@@ -82,6 +82,15 @@ class JsSimulator : public Simulator {
                              const Tx& tx) override;
 };
 
+GlobalVariables create_default_globals();
+
+Tx create_default_tx(const AztecAddress& contract_address,
+                     const AztecAddress& sender_address,
+                     const std::vector<FF>& calldata,
+                     [[maybe_unused]] const FF& transaction_fee,
+                     bool is_static_call,
+                     const Gas& gas_limit);
+
 bool compare_simulator_results(const SimulatorResult& result1, const SimulatorResult& result2);
 
 GlobalVariables create_default_globals();

barretenberg/cpp/src/barretenberg/avm_fuzzer/harness/context_helper.cpp

@@ -0,0 +1,147 @@
+#include "context_helper.hpp"
+
+#include "barretenberg/avm_fuzzer/fuzz_lib/constants.hpp"
+#include "barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp"
+#include "barretenberg/vm2/common/aztec_types.hpp"
+#include "barretenberg/vm2/simulation/events/update_check.hpp"
+#include "barretenberg/vm2/simulation/gadgets/bytecode_manager.hpp"
+#include "barretenberg/vm2/simulation/gadgets/context_provider.hpp"
+#include "barretenberg/vm2/simulation/gadgets/poseidon2.hpp"
+#include "barretenberg/vm2/simulation/interfaces/context.hpp"
+#include "barretenberg/vm2/simulation/lib/raw_data_dbs.hpp"
+#include "barretenberg/vm2/simulation/lib/side_effect_tracking_db.hpp"
+#include "barretenberg/vm2/simulation/standalone/concrete_dbs.hpp"
+
+namespace bb::avm2::fuzzing {
+
+using namespace bb::avm2::simulation;
+
+GadgetFuzzerContextHelper::GadgetFuzzerContextHelper(AztecAddress contract_address, bool is_static, uint32_t start_clk)
+    : execution_id_manager(start_clk)
+    , range_check(range_check_emitter)
+    , field_gt(range_check, field_gt_emitter)
+    , greater_than(field_gt, range_check, greater_than_emitter)
+    , memory_provider(range_check, execution_id_manager, memory_emitter)
+    , merkle_check(poseidon2, merkle_check_emitter)
+    , poseidon2(execution_id_manager, greater_than, hash_event_emitter, perm_event_emitter, perm_mem_event_emitter)
+    , written_public_data_slots_tree_check(poseidon2,
+                                           merkle_check,
+                                           field_gt,
+                                           build_public_data_slots_tree(),
+                                           written_public_data_slots_tree_check_emitter)
+    , retrieved_bytecodes_tree_check(
+          poseidon2, merkle_check, field_gt, build_retrieved_bytecodes_tree(), retrieved_bytecodes_tree_check_emitter)
+
+{
+    global_variables = create_default_globals();
+    hints.global_variables = global_variables;
+    hints.tx = create_default_tx(contract_address, contract_address, {}, FF(0), is_static, GAS_LIMIT);
+
+    HintedRawContractDB contract_db(hints);
+    auto merkle_db = make_empty_merkle_db();
+
+    BytecodeHasher bytecode_hasher(poseidon2, bytecode_hashing_emitter);
+    CalldataHashingProvider calldata_hashing_provider(poseidon2, calldata_event_emitter);
+
+    UpdateCheck update_check(
+        poseidon2, range_check, greater_than, merkle_db, update_check_emitter, hints.global_variables);
+    RetrievedBytecodesTreeCheck retrieved_bytecodes_tree_check(
+        poseidon2, merkle_check, field_gt, build_retrieved_bytecodes_tree(), retrieved_bytecodes_tree_check_emitter);
+    ContractInstanceManager contract_instance_manager(
+        contract_db, merkle_db, update_check, field_gt, hints.protocol_contracts, contract_instance_retrieval_emitter);
+    InternalCallStackManagerProvider internal_call_stack_manager_provider(internal_call_stack_emitter);
+    tx_bytecode_manager = std::make_unique<TxBytecodeManager>(contract_db,
+                                                              merkle_db,
+                                                              bytecode_hasher,
+                                                              range_check,
+                                                              contract_instance_manager,
+                                                              retrieved_bytecodes_tree_check,
+                                                              bytecode_retrieval_emitter,
+                                                              bytecode_decomposition_emitter,
+                                                              instruction_fetching_emitter);
+
+    MemoryProvider mem_provider(range_check, execution_id_manager, memory_emitter);
+    context_provider = std::make_unique<ContextProvider>(*tx_bytecode_manager,
+                                                         mem_provider,
+                                                         calldata_hashing_provider,
+                                                         internal_call_stack_manager_provider,
+                                                         merkle_db,
+                                                         written_public_data_slots_tree_check,
+                                                         retrieved_bytecodes_tree_check,
+                                                         side_effect_tracker,
+                                                         hints.global_variables);
+}
+
+// A lighter version of ContextProvider::make_enqueued_context
+std::unique_ptr<ContextInterface> GadgetFuzzerContextHelper::make_enqueued_fuzzing_context(AztecAddress address,
+                                                                                           AztecAddress msg_sender,
+                                                                                           bool is_static,
+                                                                                           FF transaction_fee,
+                                                                                           std::span<const FF> calldata,
+                                                                                           Gas gas_limit,
+                                                                                           Gas gas_used,
+                                                                                           TransactionPhase phase)
+{
+    auto merkle_db = make_empty_merkle_db();
+    // Note: not incremented between contexts
+    uint32_t context_id = context_provider->get_next_context_id();
+    return std::make_unique<EnqueuedCallContext>(
+        context_id,
+        address,
+        msg_sender,
+        transaction_fee,
+        is_static,
+        gas_limit,
+        gas_used,
+        global_variables,
+        std::make_unique<BytecodeManager>(address, *tx_bytecode_manager),
+        memory_provider.make_memory(static_cast<uint16_t>(context_id)),
+        InternalCallStackManagerProvider(internal_call_stack_emitter).make_internal_call_stack_manager(context_id),
+        merkle_db,
+        written_public_data_slots_tree_check,
+        retrieved_bytecodes_tree_check,
+        side_effect_tracker,
+        phase,
+        calldata);
+}
+
+// A lighter version of ContextProvider::make_nested_context
+std::unique_ptr<ContextInterface> GadgetFuzzerContextHelper::make_nested_fuzzing_context(
+    AztecAddress address, AztecAddress msg_sender, ContextInterface& parent_context, Gas gas_limit)
+{
+
+    auto merkle_db = make_empty_merkle_db();
+    // Note: not incremented between contexts
+    uint32_t context_id = context_provider->get_next_context_id();
+    return std::make_unique<NestedContext>(
+        context_id,
+        parent_context.get_address(),
+        msg_sender,
+        parent_context.get_transaction_fee(),
+        parent_context.get_is_static(),
+        gas_limit,
+        parent_context.get_globals(),
+        std::make_unique<BytecodeManager>(address, *tx_bytecode_manager),
+        memory_provider.make_memory(static_cast<uint16_t>(context_id)),
+        InternalCallStackManagerProvider(internal_call_stack_emitter).make_internal_call_stack_manager(context_id),
+        merkle_db,
+        written_public_data_slots_tree_check,
+        retrieved_bytecodes_tree_check,
+        side_effect_tracker,
+        parent_context.get_phase(),
+        parent_context,
+        0,
+        0);
+}
+
+SideEffectTrackingDB GadgetFuzzerContextHelper::make_empty_merkle_db()
+{
+    // DBs: Just for now - TODO(MW) use fuzzing dbs?
+    HintedRawMerkleDB raw_merkle_db(hints);
+    PureMerkleDB base_merkle_db(
+        hints.tx.non_revertible_accumulated_data.nullifiers[0], raw_merkle_db, written_public_data_slots_tree_check);
+    SideEffectTrackingDB merkle_db(
+        hints.tx.non_revertible_accumulated_data.nullifiers[0], base_merkle_db, side_effect_tracker);
+    return merkle_db;
+}
+} // namespace bb::avm2::fuzzing

barretenberg/cpp/src/barretenberg/avm_fuzzer/harness/context_helper.hpp

@@ -0,0 +1,110 @@
+#pragma once
+
+#include "barretenberg/avm_fuzzer/fuzz_lib/constants.hpp"
+#include "barretenberg/vm2/common/avm_io.hpp"
+#include "barretenberg/vm2/common/aztec_types.hpp"
+#include "barretenberg/vm2/simulation/gadgets/bytecode_hashing.hpp"
+#include "barretenberg/vm2/simulation/gadgets/bytecode_manager.hpp"
+#include "barretenberg/vm2/simulation/gadgets/calldata_hashing.hpp"
+#include "barretenberg/vm2/simulation/gadgets/context_provider.hpp"
+#include "barretenberg/vm2/simulation/gadgets/contract_instance_manager.hpp"
+#include "barretenberg/vm2/simulation/gadgets/field_gt.hpp"
+#include "barretenberg/vm2/simulation/gadgets/gt.hpp"
+#include "barretenberg/vm2/simulation/gadgets/internal_call_stack_manager.hpp"
+#include "barretenberg/vm2/simulation/gadgets/merkle_check.hpp"
+#include "barretenberg/vm2/simulation/gadgets/poseidon2.hpp"
+#include "barretenberg/vm2/simulation/gadgets/range_check.hpp"
+#include "barretenberg/vm2/simulation/gadgets/update_check.hpp"
+#include "barretenberg/vm2/simulation/gadgets/written_public_data_slots_tree_check.hpp"
+#include "barretenberg/vm2/simulation/interfaces/context.hpp"
+#include "barretenberg/vm2/simulation/lib/execution_id_manager.hpp"
+#include "barretenberg/vm2/simulation/lib/side_effect_tracker.hpp"
+#include "barretenberg/vm2/simulation/lib/side_effect_tracking_db.hpp"
+
+namespace bb::avm2::fuzzing {
+
+using namespace bb::avm2::simulation;
+
+/**
+ * @brief Sets up gadgets and instance managers to provide a
+ * context for fuzzing. NOTE: rudimentary set up for testing, should likely be merged
+ * with TestSimulator in fuzz_lib in future
+ *
+ * TODO(MW): I just set the ones I needed to be accessed as public, with others in private and
+ * gadgets in the constructor - will clean this up
+ *
+ * @param contract_address The address to be configured in the context
+ * @param is_static Whether this call is static (defaults to false)
+ * @param phase The phase (defaults to APP_LOGIC)
+ * @param start_clk The starting clk (defaults to 0)
+ * @return A context interface to be passed to fuzzed gadgets
+ */
+class GadgetFuzzerContextHelper {
+  public:
+    GadgetFuzzerContextHelper(AztecAddress contract_address = AztecAddress(0),
+                              bool is_static = false,
+                              uint32_t start_clk = 0);
+    // Commonly used emitters:
+    DeduplicatingEventEmitter<RangeCheckEvent> range_check_emitter;
+    DeduplicatingEventEmitter<GreaterThanEvent> greater_than_emitter;
+    DeduplicatingEventEmitter<FieldGreaterThanEvent> field_gt_emitter;
+
+    // Commonly used gadgets:
+    ExecutionIdManager execution_id_manager;
+    RangeCheck range_check;
+    FieldGreaterThan field_gt;
+    GreaterThan greater_than;
+    // Side effect tracker:
+    SideEffectTracker side_effect_tracker;
+    // Memory provider:
+    MemoryProvider memory_provider;
+    // Context provider:
+    std::unique_ptr<simulation::ContextProvider> context_provider;
+    // Context:
+    std::unique_ptr<simulation::ContextInterface> make_enqueued_fuzzing_context(
+        AztecAddress address,
+        AztecAddress msg_sender,
+        bool is_static = false,
+        FF transaction_fee = FF(0),
+        std::span<const FF> calldata = {},
+        Gas gas_limit = GAS_LIMIT,
+        Gas gas_used = GAS_USED_BY_PRIVATE,
+        TransactionPhase phase = TransactionPhase::APP_LOGIC);
+
+    std::unique_ptr<simulation::ContextInterface> make_nested_fuzzing_context(AztecAddress address,
+                                                                              AztecAddress msg_sender,
+                                                                              ContextInterface& parent_context,
+                                                                              Gas gas_limit = GAS_LIMIT);
+
+  private:
+    // Emitters:
+    EventEmitter<MemoryEvent> memory_emitter;
+    EventEmitter<Poseidon2HashEvent> hash_event_emitter;
+    EventEmitter<Poseidon2PermutationEvent> perm_event_emitter;
+    EventEmitter<Poseidon2PermutationMemoryEvent> perm_mem_event_emitter;
+    EventEmitter<UpdateCheckEvent> update_check_emitter;
+    EventEmitter<MerkleCheckEvent> merkle_check_emitter;
+    EventEmitter<ContractInstanceRetrievalEvent> contract_instance_retrieval_emitter;
+    EventEmitter<WrittenPublicDataSlotsTreeCheckEvent> written_public_data_slots_tree_check_emitter;
+    EventEmitter<BytecodeRetrievalEvent> bytecode_retrieval_emitter;
+    EventEmitter<BytecodeHashingEvent> bytecode_hashing_emitter;
+    EventEmitter<BytecodeDecompositionEvent> bytecode_decomposition_emitter;
+    EventEmitter<RetrievedBytecodesTreeCheckEvent> retrieved_bytecodes_tree_check_emitter;
+    EventEmitter<CalldataEvent> calldata_event_emitter;
+    EventEmitter<InternalCallStackEvent> internal_call_stack_emitter;
+    DeduplicatingEventEmitter<InstructionFetchingEvent> instruction_fetching_emitter;
+
+    // Gadgets:
+    MerkleCheck merkle_check;
+    Poseidon2 poseidon2;
+    WrittenPublicDataSlotsTreeCheck written_public_data_slots_tree_check;
+    RetrievedBytecodesTreeCheck retrieved_bytecodes_tree_check;
+    std::unique_ptr<TxBytecodeManager> tx_bytecode_manager;
+
+    // Misc:
+    GlobalVariables global_variables;
+    ExecutionHints hints;
+    SideEffectTrackingDB make_empty_merkle_db();
+};
+
+} // namespace bb::avm2::fuzzing