Skip to content

feat(avm): avm fuzzer bytecode mutation #19378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
IlyasRidhuan merged 1 commit into from
Jan 14, 2026
Merged

feat(avm): avm fuzzer bytecode mutation #19378

IlyasRidhuan merged 1 commit into from
Jan 14, 2026

Conversation

@IlyasRidhuan
Copy link
Contributor

@IlyasRidhuan IlyasRidhuan commented Jan 7, 2026
edited
Loading

Introduces bytecode mutation using the standard LLVMFuzzerMutate. We allow the mutated bytecode to expand up to 2x the original size.

The mutation itself then utilises the contract upgrade path, this way we do not need to modify other classes or instances that may be used by other enqueued calls.

This does require the addition of public data writes as part of the setup to the fuzzer state (that also needs to happen in TS)

This was referenced Jan 7, 2026
Merged
Merged
Merged
@IlyasRidhuan Graphite App
Copy link
Contributor Author

IlyasRidhuan commented Jan 7, 2026
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@IlyasRidhuan IlyasRidhuan mentioned this pull request Jan 7, 2026
Merged
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch from 93eb5a8 to aa96990 Compare January 7, 2026 10:43
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch 2 times, most recently from 52b4d03 to fdd48ce Compare January 7, 2026 10:56
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch 2 times, most recently from 3700f20 to 3d86939 Compare January 7, 2026 15:49
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch from fdd48ce to 1b2d92c Compare January 7, 2026 15:49
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch from 3d86939 to d39d11f Compare January 8, 2026 12:48
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch from 1b2d92c to e6d52ef Compare January 8, 2026 12:48
@IlyasRidhuan IlyasRidhuan mentioned this pull request Jan 8, 2026
Merged
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch from d39d11f to 4168739 Compare January 8, 2026 13:04
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch from e6d52ef to 84fa05f Compare January 8, 2026 13:04
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch from 4168739 to 6f984cd Compare January 8, 2026 13:11
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch from 84fa05f to 1a64875 Compare January 8, 2026 13:11
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch from 6f984cd to fbabbed Compare January 8, 2026 15:49
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch 2 times, most recently from 5481b98 to dd4e396 Compare January 9, 2026 13:38
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch from fbabbed to ac33049 Compare January 9, 2026 13:38
@IlyasRidhuan IlyasRidhuan changed the base branch from ir/01-05-feat_avm_gas_mutations to graphite-base/19378 January 9, 2026 14:38
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch from dd4e396 to d5a76af Compare January 9, 2026 14:52
@IlyasRidhuan IlyasRidhuan changed the base branch from graphite-base/19378 to ir/01-05-feat_avm_gas_mutations January 9, 2026 14:52
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch from d5a76af to a9f59ee Compare January 12, 2026 13:51
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch from 3faa9e2 to 35ef4be Compare January 12, 2026 13:51
This was referenced Jan 12, 2026
Merged
Merged
@IlyasRidhuan IlyasRidhuan mentioned this pull request Jan 12, 2026
Merged
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch from a9f59ee to 5962f63 Compare January 12, 2026 14:36
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-05-feat_avm_gas_mutations branch from 35ef4be to a4be5dc Compare January 12, 2026 14:36
IlyasRidhuan
IlyasRidhuan commented Jan 12, 2026
View reviewed changes
barretenberg/cpp/src/barretenberg/avm_fuzzer/mutations/tx_types/accumulated_data.hpp
std::function<void(T&, std::mt19937_64&)> mutate_element_function,
std::function<T(std::mt19937_64&)> generate_random_element_function,
const std::function<void(T&, std::mt19937_64&)>& mutate_element_function,
const std::function<T(std::mt19937_64&)>& generate_random_element_function,
Copy link
Contributor Author

@IlyasRidhuan IlyasRidhuan Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these were missing from an earlier pr

@IlyasRidhuan IlyasRidhuan marked this pull request as ready for review January 12, 2026 14:41
@AztecBot
Copy link
Collaborator

AztecBot commented Jan 12, 2026
edited
Loading

Flakey Tests

🤖 says: This CI run detected 3 tests that failed, but were tolerated due to a .test_patterns.yml entry.

\033FLAKED\033 (8;;http://ci.aztec-labs.com/944de764b8b94445�944de764b8b944458;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_epochs/epochs_invalidate_block.parallel.test.ts "committee member invalidates a block if proposer does not come through" (92s) (code: 1) group:e2e-p2p-epoch-flakes (\033IlyasRidhuan\033: feat(avm): avm fuzzer bytecode mutation)
\033FLAKED\033 (8;;http://ci.aztec-labs.com/6f77fe45d064ee78�6f77fe45d064ee788;;�): yarn-project/end-to-end/scripts/run_test.sh web3signer src/composed/web3signer/e2e_multi_validator_node_key_store.test.ts (36s) (code: 1) (\033IlyasRidhuan\033: feat(avm): avm fuzzer bytecode mutation)
\033FLAKED\033 (8;;http://ci.aztec-labs.com/e7ddcea930056bbd�e7ddcea930056bbd8;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_p2p/gossip_network.test.ts (424s) (code: 1) group:e2e-p2p-epoch-flakes (\033IlyasRidhuan\033: feat(avm): avm fuzzer bytecode mutation)

sirasistant
sirasistant approved these changes Jan 13, 2026
View reviewed changes
Copy link
Contributor

@sirasistant sirasistant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

Base automatically changed from ir/01-05-feat_avm_gas_mutations to merge-train/avm January 13, 2026 09:26
@IlyasRidhuan IlyasRidhuan force-pushed the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch from 5962f63 to 58ce0a2 Compare January 14, 2026 10:42
@IlyasRidhuan IlyasRidhuan merged commit e67fc66 into merge-train/avm Jan 14, 2026
9 checks passed
@IlyasRidhuan IlyasRidhuan deleted the ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation branch January 14, 2026 11:50
@AztecBot AztecBot mentioned this pull request Jan 14, 2026
Merged
@IlyasRidhuan IlyasRidhuan mentioned this pull request Jan 14, 2026
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jan 14, 2026
@AztecBot
feat: merge-train/avm (#19571)
7b2178e 
BEGIN_COMMIT_OVERRIDE
fix(avm): Fix relative addressing in fuzzer (#19550)
feat(avm): avm fuzzer bytecode mutation (#19378)
chore(avm): there is automatic conversion from uint128_t to FF
chore(avm): ECC pre-audit - normalise infinity points (#19462)
feat(bb-pilcom): single-component graph check (#19578)
feat(avm): contract class mutation (#19498)
chore: support uint128_t in uint256_t construction (#19581)
fix!: remove unused column in update_check.pil (#19557)
fix(avm)!: pre-audit review of context.pil (#19549)
fix(avm): Relax fuzzer memory manager asserts (#19591)
fix!: sha256.pil missing input propagation constraints (#19590)
END_COMMIT_OVERRIDE
This was referenced Jan 15, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sirasistant sirasistant sirasistant approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@IlyasRidhuan @AztecBot @sirasistant