diff --git a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.cpp b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.cpp index b104917ebe5f..c96a60510f49 100644 --- a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.cpp +++ b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.cpp @@ -40,16 +40,18 @@ SimulatorResult fuzz_against_ts_simulator(FuzzerData& fuzzer_data, FuzzerContext FF fee_required_l2 = FF(tx.effective_gas_fees.fee_per_l2_gas) * FF(tx.gas_settings.gas_limits.l2_gas); ws_mgr->write_fee_payer_balance(tx.fee_payer, fee_required_da + fee_required_l2); + auto globals = create_default_globals(); + try { ws_mgr->checkpoint(); - cpp_result = cpp_simulator.simulate(*ws_mgr, contract_db, tx, /*public_data_writes=*/{}); + cpp_result = cpp_simulator.simulate(*ws_mgr, contract_db, tx, globals, /*public_data_writes=*/{}); ws_mgr->revert(); } catch (const std::exception& e) { throw std::runtime_error(std::string("CppSimulator threw an exception: ") + e.what()); } ws_mgr->checkpoint(); - auto js_result = js_simulator->simulate(*ws_mgr, contract_db, tx, /*public_data_writes=*/{}); + auto js_result = js_simulator->simulate(*ws_mgr, contract_db, tx, globals, /*public_data_writes=*/{}); context.reset(); diff --git a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.test.cpp b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.test.cpp index ce8b4efa795a..8dd4bd6f95e1 100644 --- a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.test.cpp +++ b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/fuzz.test.cpp @@ -54,8 +54,9 @@ class FuzzTest : public ::testing::Test { FF fee_required_l2 = FF(tx.effective_gas_fees.fee_per_l2_gas) * FF(tx.gas_settings.gas_limits.l2_gas); ws_mgr->write_fee_payer_balance(tx.fee_payer, fee_required_da + fee_required_l2); auto cpp_simulator = CppSimulator(); + auto globals = create_default_globals(); - auto result = cpp_simulator.simulate(*ws_mgr, contract_db, tx); + auto result = cpp_simulator.simulate(*ws_mgr, contract_db, tx, globals, /*public_data_writes=*/{}); ws_mgr->revert(); diff --git a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.cpp b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.cpp index 87773722977a..d05ebb19b5e4 100644 --- a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.cpp +++ b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.cpp @@ -79,6 +79,7 @@ SimulatorResult CppSimulator::simulate( fuzzer::FuzzerWorldStateManager& ws_mgr, fuzzer::FuzzerContractDB& contract_db, const Tx& tx, + const GlobalVariables& globals, [[maybe_unused]] const std::vector& public_data_writes) { // Note: public_data_writes are already applied to C++ world state in setup_fuzzer_state @@ -94,8 +95,6 @@ SimulatorResult CppSimulator::simulate( ProtocolContracts protocol_contracts{}; - auto globals = create_default_globals(); - WorldState& ws = ws_mgr.get_world_state(); WorldStateRevision ws_rev = ws_mgr.get_current_revision(); @@ -153,10 +152,9 @@ SimulatorResult JsSimulator::simulate( [[maybe_unused]] fuzzer::FuzzerWorldStateManager& ws_mgr, fuzzer::FuzzerContractDB& contract_db, const Tx& tx, + const GlobalVariables& globals, const std::vector& public_data_writes) { - auto globals = create_default_globals(); - std::string serialized = serialize_simulation_request(tx, globals, contract_db, public_data_writes); // Send the request diff --git a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp index 97c1c2a02512..f8e32bf7ba9a 100644 --- a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp +++ b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/simulator.hpp @@ -53,6 +53,7 @@ class Simulator { fuzzer::FuzzerWorldStateManager& ws_mgr, fuzzer::FuzzerContractDB& contract_db, const Tx& tx, + const GlobalVariables& globals, const std::vector& public_data_writes) = 0; }; @@ -63,6 +64,7 @@ class CppSimulator : public Simulator { fuzzer::FuzzerWorldStateManager& ws_mgr, fuzzer::FuzzerContractDB& contract_db, const Tx& tx, + const GlobalVariables& globals, const std::vector& public_data_writes) override; }; @@ -89,6 +91,7 @@ class JsSimulator : public Simulator { fuzzer::FuzzerWorldStateManager& ws_mgr, fuzzer::FuzzerContractDB& contract_db, const Tx& tx, + const GlobalVariables& globals, const std::vector& public_data_writes) override; }; @@ -102,5 +105,3 @@ Tx create_default_tx(const AztecAddress& contract_address, const Gas& gas_limit); bool compare_simulator_results(SimulatorResult& result1, SimulatorResult& result2); - -GlobalVariables create_default_globals(); diff --git a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.cpp b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.cpp index 04c3db7896a5..8165a6588c07 100644 --- a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.cpp +++ b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.cpp @@ -11,6 +11,8 @@ #include "barretenberg/avm_fuzzer/fuzz_lib/control_flow.hpp" #include "barretenberg/avm_fuzzer/fuzz_lib/fuzz.hpp" #include "barretenberg/avm_fuzzer/fuzzer_comparison_helper.hpp" +#include "barretenberg/avm_fuzzer/mutations/basic_types/uint64_t.hpp" +#include "barretenberg/avm_fuzzer/mutations/configuration.hpp" #include "barretenberg/avm_fuzzer/mutations/fuzzer_data.hpp" #include "barretenberg/avm_fuzzer/mutations/tx_data.hpp" #include "barretenberg/avm_fuzzer/mutations/tx_types/gas.hpp" @@ -79,7 +81,8 @@ SimulatorResult fuzz_tx(FuzzerWorldStateManager& ws_mgr, FuzzerContractDB& contr try { ws_mgr.checkpoint(); - cpp_result = cpp_simulator.simulate(ws_mgr, contract_db, tx_data.tx, tx_data.public_data_writes); + cpp_result = cpp_simulator.simulate( + ws_mgr, contract_db, tx_data.tx, tx_data.global_variables, tx_data.public_data_writes); fuzz_info("CppSimulator completed without exception"); fuzz_info("CppSimulator result: ", cpp_result); ws_mgr.revert(); @@ -95,7 +98,8 @@ SimulatorResult fuzz_tx(FuzzerWorldStateManager& ws_mgr, FuzzerContractDB& contr } ws_mgr.checkpoint(); - auto js_result = js_simulator->simulate(ws_mgr, contract_db, tx_data.tx, tx_data.public_data_writes); + auto js_result = + js_simulator->simulate(ws_mgr, contract_db, tx_data.tx, tx_data.global_variables, tx_data.public_data_writes); // If the results do not match if (!compare_simulator_results(cpp_result, js_result)) { @@ -344,8 +348,16 @@ size_t mutate_tx_data(FuzzerContext& context, case FuzzerTxDataMutationType::ContractInstanceMutation: mutate_contract_instances(tx_data.contract_instances, tx_data.contract_addresses, rng); break; - // case TxDataMutationType::GlobalVariablesMutation: - // break; + case FuzzerTxDataMutationType::GlobalVariablesMutation: + // This is just mutating the gas values and timestamp + mutate_uint64_t(tx_data.global_variables.timestamp, rng, BASIC_UINT64_T_MUTATION_CONFIGURATION); + mutate_gas_fees(tx_data.global_variables.gas_fees, rng); + // This must be less than or equal to the tx max fees per gas + tx_data.global_variables.gas_fees.fee_per_da_gas = std::min( + tx_data.global_variables.gas_fees.fee_per_da_gas, tx_data.tx.gas_settings.max_fees_per_gas.fee_per_da_gas); + tx_data.global_variables.gas_fees.fee_per_l2_gas = std::min( + tx_data.global_variables.gas_fees.fee_per_l2_gas, tx_data.tx.gas_settings.max_fees_per_gas.fee_per_l2_gas); + break; // case TxDataMutationType::ProtocolContractsMutation: // break; } diff --git a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.hpp b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.hpp index 3be0c1b62b77..f27d3394e8b7 100644 --- a/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.hpp +++ b/barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzzer_lib.hpp @@ -63,17 +63,18 @@ enum class FuzzerTxDataMutationType : uint8_t { BytecodeMutation, ContractClassMutation, ContractInstanceMutation, - // GlobalVariablesMutation, + GlobalVariablesMutation, // ProtocolContractsMutation }; -using FuzzerTxDataMutationConfig = WeightedSelectionConfig; +using FuzzerTxDataMutationConfig = WeightedSelectionConfig; constexpr FuzzerTxDataMutationConfig FUZZER_TX_DATA_MUTATION_CONFIGURATION = FuzzerTxDataMutationConfig({ { FuzzerTxDataMutationType::TxMutation, 10 }, { FuzzerTxDataMutationType::BytecodeMutation, 1 }, { FuzzerTxDataMutationType::ContractClassMutation, 1 }, { FuzzerTxDataMutationType::ContractInstanceMutation, 1 }, + { FuzzerTxDataMutationType::GlobalVariablesMutation, 4 }, }); // Build bytecode and contract artifacts from fuzzer data diff --git a/barretenberg/cpp/src/barretenberg/avm_fuzzer/mutations/bytecode.cpp b/barretenberg/cpp/src/barretenberg/avm_fuzzer/mutations/bytecode.cpp index 98b5e3c06c9e..9d1e413280a7 100644 --- a/barretenberg/cpp/src/barretenberg/avm_fuzzer/mutations/bytecode.cpp +++ b/barretenberg/cpp/src/barretenberg/avm_fuzzer/mutations/bytecode.cpp @@ -98,6 +98,7 @@ void mutate_bytecode(std::vector& contract_classes, FF delayed_public_mutable_slot = Poseidon2::hash({ FF(UPDATED_CLASS_IDS_SLOT), address }); // Build preimage + // todo(ilyas): make this somewhat random but also take into account the mutation on global variables.timestamp FF metadata = 0; // The lower 32 bits are the timestamp_of_change, we set to 0 so it has "taken effect" FF hash = Poseidon2::hash({ metadata, original_class_id, new_class_id });