AztecProtocol
diff --git a/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/control_flow.cpp‎
Lines changed: 5 additions & 15 deletions b/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/control_flow.cpp‎
Lines changed: 5 additions & 15 deletions
diff --git a/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/control_flow.hpp‎
Lines changed: 5 additions & 2 deletions b/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/control_flow.hpp‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.test.cpp‎
Lines changed: 148 additions & 137 deletions b/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.test.cpp‎
Lines changed: 148 additions & 137 deletions
diff --git a/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzzer_data.hpp‎
Lines changed: 4 additions & 8 deletions b/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzzer_data.hpp‎
Lines changed: 4 additions & 8 deletions
diff --git a/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/instruction.hpp‎
Lines changed: 15 additions & 12 deletions b/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/instruction.hpp‎
Lines changed: 15 additions & 12 deletions
diff --git a/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/memory_manager.cpp‎
Lines changed: 75 additions & 43 deletions b/‎barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/memory_manager.cpp‎
Lines changed: 75 additions & 43 deletions
@@ -38,9 +38,7 @@ void ControlFlow::process_insert_simple_instruction_block(InsertSimpleInstructio
         return;
     }
     auto instruction_block = instruction_blocks->at(instruction.instruction_block_idx % instruction_blocks->size());
-    for (const auto& instr : instruction_block) {
-        current_block->process_instruction(instr);
-    }
+    current_block->process_instruction_block(instruction_block);
 }
 
 void ControlFlow::process_jump_to_new_block(JumpToNewBlock instruction)
@@ -55,9 +53,7 @@ void ControlFlow::process_jump_to_new_block(JumpToNewBlock instruction)
         instruction_blocks->at(instruction.target_program_block_instruction_block_idx % instruction_blocks->size());
     ProgramBlock* target_block = new ProgramBlock();
     current_block->finalize_with_jump(target_block);
-    for (const auto& instr : target_instruction_block) {
-        target_block->process_instruction(instr);
-    }
+    target_block->process_instruction_block(target_instruction_block);
     current_block = target_block;
 }
 
@@ -76,12 +72,8 @@ void ControlFlow::process_jump_if_to_new_block(JumpIfToNewBlock instruction)
     ProgramBlock* target_then_block = new ProgramBlock();
     ProgramBlock* target_else_block = new ProgramBlock();
     current_block->finalize_with_jump_if(target_then_block, target_else_block, instruction.condition_offset_index);
-    for (const auto& instr : target_then_instruction_block) {
-        target_then_block->process_instruction(instr);
-    }
-    for (const auto& instr : target_else_instruction_block) {
-        target_else_block->process_instruction(instr);
-    }
+    target_then_block->process_instruction_block(target_then_instruction_block);
+    target_else_block->process_instruction_block(target_else_instruction_block);
     current_block = target_then_block;
 }
 
@@ -178,9 +170,7 @@ void ControlFlow::process_insert_internal_call(InsertInternalCall instruction)
         instruction_blocks->at(instruction.target_program_block_instruction_block_idx % instruction_blocks->size());
     ProgramBlock* target_block = new ProgramBlock();
     current_block->insert_internal_call(target_block);
-    for (const auto& instr : target_instruction_block) {
-        target_block->process_instruction(instr);
-    }
+    target_block->process_instruction_block(target_instruction_block);
     target_block->caller = current_block;
     current_block = target_block;
 }
 
@@ -2,10 +2,13 @@
 
 #include "barretenberg/avm_fuzzer/fuzz_lib/instruction.hpp"
 #include "barretenberg/avm_fuzzer/fuzz_lib/program_block.hpp"
+#include "barretenberg/avm_fuzzer/mutations/instructions/instruction_block.hpp"
 #include "barretenberg/serialize/msgpack.hpp"
 #include "barretenberg/vm2/testing/instruction_builder.hpp"
 #include <vector>
 
+using InstructionBlock = bb::avm2::fuzzer::InstructionBlock;
+
 struct ReturnOptions {
     uint8_t return_size;
     MemoryTagWrapper return_value_tag;
@@ -139,7 +142,7 @@ class ControlFlow {
     ProgramBlock* current_block;
     /// @brief the entry block of the program
     ProgramBlock* start_block;
-    std::vector<std::vector<FuzzInstruction>>* instruction_blocks;
+    std::vector<InstructionBlock>* instruction_blocks;
 
     /// @brief add instructions to the current block from the instruction block at the given index
     /// taken modulo length of the instruction blocks vector
@@ -200,7 +203,7 @@ class ControlFlow {
     std::vector<ProgramBlock*> get_reachable_blocks(ProgramBlock* block);
 
   public:
-    ControlFlow(std::vector<std::vector<FuzzInstruction>>& instruction_blocks)
+    ControlFlow(std::vector<InstructionBlock>& instruction_blocks)
         : current_block(new ProgramBlock())
         , start_block(current_block)
         , instruction_blocks(&instruction_blocks)
 
@@ -1,34 +1,30 @@
 #pragma once
 
 #include <cstdint>
+#include <iostream>
 #include <vector>
 
 #include "barretenberg/avm_fuzzer/fuzz_lib/control_flow.hpp"
 #include "barretenberg/avm_fuzzer/fuzz_lib/instruction.hpp"
+#include "barretenberg/avm_fuzzer/mutations/instructions/instruction_block.hpp"
 #include "barretenberg/serialize/msgpack.hpp"
 
 /// @brief describes the data which will be used for fuzzing
 /// Should contain instructions, calldata, CFG instructions, options to disable/enable instructions, etc
 struct FuzzerData {
-    std::vector<std::vector<FuzzInstruction>> instruction_blocks;
+    std::vector<InstructionBlock> instruction_blocks;
     std::vector<CFGInstruction> cfg_instructions;
     std::vector<bb::avm2::FF> calldata;
     ReturnOptions return_options;
     MSGPACK_FIELDS(instruction_blocks, cfg_instructions, calldata, return_options);
 };
 
-#include <iostream>
-
 inline std::ostream& operator<<(std::ostream& os, const FuzzerData& data)
 {
     os << "FuzzerData {\n";
     os << "  instructions: [\n";
     for (const auto& block : data.instruction_blocks) {
-        os << "    [\n";
-        for (const auto& instr : block) {
-            os << "      " << instr << ",\n";
-        }
-        os << "    ],\n";
+        os << "    " << block << ",\n";
     }
     os << "  ],\n";
     os << "  cfg_instructions: [\n";
 
@@ -105,13 +105,9 @@ struct VariableRef {
     /// Used for Indirect/IndirectRelative modes only
     uint16_t pointer_address_seed = 0;
 
-    /// @brief A seed for the generation of the base offset
-    /// Used for Relative/IndirectRelative modes only
-    /// Sets M[0] = base_offset
-    uint32_t base_offset_seed = 0;
     AddressingModeWrapper mode = AddressingMode::Direct;
 
-    MSGPACK_FIELDS(tag, index, pointer_address_seed, base_offset_seed, mode);
+    MSGPACK_FIELDS(tag, index, pointer_address_seed, mode);
 };
 
 struct AddressRef {
@@ -121,12 +117,8 @@ struct AddressRef {
     /// Used for Indirect/IndirectRelative modes only
     uint16_t pointer_address_seed = 0;
 
-    /// @brief A seed for the generation of the base offset
-    /// Used for Relative/IndirectRelative modes only
-    /// Sets M[0] = base_offset
-    uint32_t base_offset_seed = 0;
     AddressingModeWrapper mode = AddressingMode::Direct;
-    MSGPACK_FIELDS(address, pointer_address_seed, base_offset_seed, mode);
+    MSGPACK_FIELDS(address, pointer_address_seed, mode);
 };
 
 using ParamRef = std::variant<VariableRef, AddressRef>;
@@ -138,10 +130,21 @@ using ParamRef = std::variant<VariableRef, AddressRef>;
 struct ResolvedAddress {
     uint32_t absolute_address = 0;
     uint32_t operand_address = 0;
-    std::optional<uint32_t> base_pointer = std::nullopt;
     std::optional<uint32_t> pointer_address = std::nullopt;
+    bool via_relative = false;
 };
 
+inline std::ostream& operator<<(std::ostream& os, const ResolvedAddress& address)
+{
+    os << "ResolvedAddress {\n";
+    os << "  absolute_address: " << address.absolute_address << ",\n";
+    os << "  operand_address: " << address.operand_address << ",\n";
+    os << "  pointer_address: " << address.pointer_address.value() << ",\n";
+    os << "  via_relative: " << address.via_relative << ",\n";
+    os << "}";
+    return os;
+}
+
 /// @brief mem[result_offset] = mem[a_address] + mem[b_address]
 struct ADD_8_Instruction {
     ParamRef a_address;
@@ -715,7 +718,7 @@ inline std::ostream& operator<<(std::ostream& os, const MemoryTagWrapper& tag)
 
 inline std::ostream& operator<<(std::ostream& os, const VariableRef& variable)
 {
-    os << "VariableRef " << variable.tag << " " << variable.index << " " << variable.base_offset_seed << " "
+    os << "VariableRef " << variable.tag << " " << variable.index << " "
        << static_cast<int>(static_cast<AddressingMode>(variable.mode));
     return os;
 }
 
@@ -30,31 +30,41 @@ std::optional<std::ranges::range_value_t<Range>> get_nth_filtered(Range&& range,
     return *std::ranges::next(filtered.begin(), static_cast<long>(index % static_cast<size_t>(count)));
 }
 
-uint32_t get_max_variable_address(AddressingMode mode, uint32_t literal_max_value)
+uint32_t get_max_variable_address(AddressingMode mode, uint32_t base_offset, uint32_t max_operand_address)
 {
-    if (mode == AddressingMode::Direct) {
-        return literal_max_value;
+    switch (mode) {
+    case AddressingMode::Direct:
+        return max_operand_address;
+    case AddressingMode::Relative:
+        return base_offset + max_operand_address;
+    case AddressingMode::Indirect:
+    case AddressingMode::IndirectRelative:
+        return AVM_HIGHEST_MEM_ADDRESS;
     }
-    // In relative addressing, and indirect addressing, we can reach any variable address.
-    return AVM_HIGHEST_MEM_ADDRESS;
 }
 
-uint32_t trimmed_pointer_address(uint32_t pointer_address_seed, uint32_t max_operand_address)
+uint32_t get_min_variable_address(AddressingMode mode, uint32_t base_offset)
 {
-    return pointer_address_seed % (max_operand_address + 1);
+    switch (mode) {
+    case AddressingMode::Relative:
+        return base_offset;
+    case AddressingMode::Direct:
+    case AddressingMode::Indirect:
+    case AddressingMode::IndirectRelative:
+        return 0;
+    }
 }
 
-uint32_t trimmed_relative_operand_address(uint32_t base_offset_seed,
-                                          uint32_t relative_target,
-                                          uint32_t max_operand_address)
+uint32_t trimmed_pointer_address(uint32_t pointer_address_seed, uint32_t max_operand_address)
 {
-    uint32_t max_operand = std::min(relative_target, max_operand_address);
-    return (base_offset_seed % (max_operand + 1));
+    return pointer_address_seed % (max_operand_address + 1);
 }
 
-uint32_t trimmed_base_pointer(uint32_t base_offset_seed, uint32_t relative_target, uint32_t max_operand_address)
+uint32_t trimmed_relative_pointer_address(uint32_t pointer_address_seed,
+                                          uint32_t base_offset,
+                                          uint32_t max_operand_address)
 {
-    return relative_target - trimmed_relative_operand_address(base_offset_seed, relative_target, max_operand_address);
+    return base_offset + (pointer_address_seed % (max_operand_address + 1));
 }
 
 } // namespace
@@ -107,19 +117,19 @@ ResolvedAddress MemoryManager::resolve_address(VariableRef variable,
         break;
     }
     case AddressingMode::Relative:
-        resolved_address.base_pointer =
-            trimmed_base_pointer(variable.base_offset_seed, absolute_address, max_operand_address);
-        resolved_address.operand_address =
-            trimmed_relative_operand_address(variable.base_offset_seed, absolute_address, max_operand_address);
+        BB_ASSERT_LTE(absolute_address, base_offset + max_operand_address);
+        resolved_address.operand_address = absolute_address - base_offset;
+        resolved_address.via_relative = true;
         break;
-    case AddressingMode::IndirectRelative:
-        resolved_address.pointer_address = variable.pointer_address_seed;
+    case AddressingMode::IndirectRelative: {
+        uint32_t trimmed_pointer_address_value =
+            trimmed_relative_pointer_address(variable.pointer_address_seed, base_offset, max_operand_address);
+        resolved_address.pointer_address = trimmed_pointer_address_value;
         // Relative addressing target is the pointer
-        resolved_address.base_pointer =
-            trimmed_base_pointer(variable.base_offset_seed, variable.pointer_address_seed, max_operand_address);
-        resolved_address.operand_address = trimmed_relative_operand_address(
-            variable.base_offset_seed, variable.pointer_address_seed, max_operand_address);
+        resolved_address.operand_address = trimmed_pointer_address_value - base_offset;
+        resolved_address.via_relative = true;
         break;
+    }
     case AddressingMode::Direct:
         // We can't change the absolute address, or it won't find anything useful there.
         resolved_address.operand_address = absolute_address;
@@ -136,30 +146,31 @@ ResolvedAddress MemoryManager::resolve_address(AddressRef address, uint32_t max_
     };
     switch (address.mode) {
     case AddressingMode::Indirect: {
-        // Trim the pointer to 16 bits for it to be writable by SET_32
+        // Trim the pointer to max_operand_address bits for it to be reachable by the instruction
         uint32_t trimmed_pointer_address_value =
             trimmed_pointer_address(address.pointer_address_seed, max_operand_address);
         resolved_address.pointer_address = trimmed_pointer_address_value;
         resolved_address.operand_address = trimmed_pointer_address_value;
         break;
     }
     case AddressingMode::Relative:
-        resolved_address.base_pointer =
-            trimmed_base_pointer(address.base_offset_seed, resolved_address.absolute_address, max_operand_address);
-        resolved_address.operand_address = trimmed_relative_operand_address(
-            address.base_offset_seed, resolved_address.absolute_address, max_operand_address);
+        BB_ASSERT_LTE(address.address, base_offset + max_operand_address);
+        resolved_address.operand_address = address.address - base_offset;
+        resolved_address.via_relative = true;
         break;
-    case AddressingMode::IndirectRelative:
-        resolved_address.pointer_address = address.pointer_address_seed;
+    case AddressingMode::IndirectRelative: {
         // Relative addressing target is the pointer
-        resolved_address.base_pointer =
-            trimmed_base_pointer(address.base_offset_seed, address.pointer_address_seed, max_operand_address);
-        resolved_address.operand_address = trimmed_relative_operand_address(
-            address.base_offset_seed, address.pointer_address_seed, max_operand_address);
+        uint32_t trimmed_pointer_address_value =
+            trimmed_relative_pointer_address(address.pointer_address_seed, base_offset, max_operand_address);
+        resolved_address.pointer_address = trimmed_pointer_address_value;
+
+        resolved_address.operand_address = trimmed_pointer_address_value - base_offset;
+        resolved_address.via_relative = true;
         break;
+    }
     case AddressingMode::Direct:
         // Do not delete this assert, if it fails, it means that some address was generated / mutated incorrectly in
-        // instruction.cpp. Check all the `max_operand` parameters that you're passing to generate_address_ref.
+        // instruction_block.cpp. Check all the `max_operand` parameters that you're passing to generate_address_ref.
         BB_ASSERT_LTE(address.address, max_operand_address);
         resolved_address.operand_address = resolved_address.absolute_address;
         break;
@@ -197,7 +208,10 @@ std::optional<std::pair<ResolvedAddress, bb::avm2::testing::OperandBuilder>> Mem
 std::optional<std::pair<ResolvedAddress, bb::avm2::testing::OperandBuilder>> MemoryManager::
     get_resolved_address_and_operand_8(VariableRef address)
 {
-    auto actual_address = get_variable_address(address.tag, address.index, get_max_variable_address(address.mode, 255));
+    auto actual_address = get_variable_address(address.tag,
+                                               address.index,
+                                               get_min_variable_address(address.mode, base_offset),
+                                               get_max_variable_address(address.mode, base_offset, 255));
     if (!actual_address.has_value()) {
         return std::nullopt;
     }
@@ -214,6 +228,9 @@ std::optional<std::pair<ResolvedAddress, bb::avm2::testing::OperandBuilder>> Mem
     get_resolved_address_and_operand_8(AddressRef address)
 {
     auto resolved_address = resolve_address(address, 255);
+
+    BB_ASSERT_LTE(resolved_address.operand_address, uint32_t{ 255 });
+
     auto operand = OperandBuilder::from<uint8_t>(static_cast<uint8_t>(resolved_address.operand_address));
     return std::make_pair(resolved_address, get_memory_address_operand(operand, address.mode));
 }
@@ -229,8 +246,10 @@ std::optional<std::pair<ResolvedAddress, bb::avm2::testing::OperandBuilder>> Mem
 std::optional<std::pair<ResolvedAddress, bb::avm2::testing::OperandBuilder>> MemoryManager::
     get_resolved_address_and_operand_16(VariableRef address)
 {
-    auto actual_address =
-        get_variable_address(address.tag, address.index, get_max_variable_address(address.mode, 65535));
+    auto actual_address = get_variable_address(address.tag,
+                                               address.index,
+                                               get_min_variable_address(address.mode, base_offset),
+                                               get_max_variable_address(address.mode, base_offset, 65535));
     if (!actual_address.has_value()) {
         return std::nullopt;
     }
@@ -246,18 +265,26 @@ std::optional<std::pair<ResolvedAddress, bb::avm2::testing::OperandBuilder>> Mem
     get_resolved_address_and_operand_16(AddressRef address)
 {
     auto resolved_address = resolve_address(address, 65535);
+    BB_ASSERT_LTE(resolved_address.operand_address, uint32_t{ 65535 });
+
     auto operand = OperandBuilder::from<uint16_t>(static_cast<uint16_t>(resolved_address.operand_address));
     return std::make_pair(resolved_address, get_memory_address_operand(operand, address.mode));
 }
 
-std::optional<uint32_t> MemoryManager::get_variable_address(bb::avm2::MemoryTag tag, uint32_t index, uint32_t max_value)
+std::optional<uint32_t> MemoryManager::get_variable_address(bb::avm2::MemoryTag tag,
+                                                            uint32_t index,
+                                                            uint32_t min_value,
+                                                            uint32_t max_value)
 {
-    return get_nth_filtered(this->stored_variables[tag], [max_value](uint32_t val) { return val <= max_value; }, index);
+    return get_nth_filtered(
+        this->stored_variables[tag],
+        [min_value, max_value](uint32_t val) { return val >= min_value && val <= max_value; },
+        index);
 }
 
 std::optional<uint8_t> MemoryManager::get_memory_offset_8(bb::avm2::MemoryTag tag, uint32_t index)
 {
-    auto value = get_variable_address(tag, index, 255);
+    auto value = get_variable_address(tag, index, 0, 255);
     if (!value.has_value()) {
         return std::nullopt;
     }
@@ -267,7 +294,7 @@ std::optional<uint8_t> MemoryManager::get_memory_offset_8(bb::avm2::MemoryTag ta
 
 std::optional<uint16_t> MemoryManager::get_memory_offset_16(bb::avm2::MemoryTag tag, uint32_t index)
 {
-    auto value = get_variable_address(tag, index, 65535);
+    auto value = get_variable_address(tag, index, 0, 65535);
     if (!value.has_value()) {
         return std::nullopt;
     }
@@ -308,3 +335,8 @@ std::optional<uint16_t> MemoryManager::get_leaf_index(uint16_t note_hash_index)
     }
     return note_hash_index % emitted_note_hashes.size();
 }
+
+void MemoryManager::set_base_offset(uint32_t base_offset)
+{
+    this->base_offset = base_offset;
+}