diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index bf8116b0..ff713454 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -197,3 +197,13 @@ jobs: shell: pwsh run: | make ci-asm + + linux-fuzz: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Build fuzz + run: | + sudo apt install device-tree-compiler + cargo install cargo-fuzz + cargo +nightly fuzz build diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index da0a13af..48965880 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -3,7 +3,7 @@ name = "ckb-vm-fuzz" version = "0.1.0" authors = ["Nervos Core Dev "] publish = false -edition = "2018" +edition = "2024" [package.metadata] cargo-fuzz = true diff --git a/fuzz/fuzz_targets/asm.rs b/fuzz/fuzz_targets/asm.rs index 2da6ba48..58875ca4 100644 --- a/fuzz/fuzz_targets/asm.rs +++ b/fuzz/fuzz_targets/asm.rs @@ -1,8 +1,10 @@ #![no_main] use ckb_vm::cost_model::constant_cycles; -use ckb_vm::machine::asm::{AsmCoreMachine, AsmMachine}; +use ckb_vm::machine::asm::{AsmCoreMachine, AsmDefaultMachineBuilder, AsmMachine}; use ckb_vm::machine::trace::TraceMachine; -use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, SupportMachine, VERSION2}; +use ckb_vm::machine::{ + DefaultCoreMachine, DefaultMachineRunner, RustDefaultMachineBuilder, SupportMachine, VERSION2, +}; use ckb_vm::memory::sparse::SparseMemory; use ckb_vm::memory::wxorx::WXorXMemory; use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP}; @@ -10,7 +12,7 @@ use libfuzzer_sys::fuzz_target; fn run_asm(data: &[u8]) -> Result<(i8, u64), Error> { let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000); - let core = DefaultMachineBuilder::>::new(asm_core) + let core = AsmDefaultMachineBuilder::new(asm_core) .instruction_cycle_func(Box::new(constant_cycles)) .build(); let mut machine = AsmMachine::new(core); @@ -22,15 +24,13 @@ fn run_asm(data: &[u8]) -> Result<(i8, u64), Error> { } fn run_int(data: &[u8]) -> Result<(i8, u64), Error> { - let machine_memory = WXorXMemory::new(SparseMemory::::default()); - let machine_core = DefaultCoreMachine::new_with_memory( + let machine_core = DefaultCoreMachine::>>::new( ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000, - machine_memory, ); let mut machine = TraceMachine::new( - DefaultMachineBuilder::new(machine_core) + RustDefaultMachineBuilder::new(machine_core) .instruction_cycle_func(Box::new(constant_cycles)) .build(), ); diff --git a/fuzz/fuzz_targets/interpreter.rs b/fuzz/fuzz_targets/interpreter.rs index 411fd7c5..1376157a 100644 --- a/fuzz/fuzz_targets/interpreter.rs +++ b/fuzz/fuzz_targets/interpreter.rs @@ -1,22 +1,20 @@ #![no_main] use ckb_vm::cost_model::constant_cycles; use ckb_vm::machine::trace::TraceMachine; -use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, SupportMachine, VERSION2}; +use ckb_vm::machine::{DefaultCoreMachine, RustDefaultMachineBuilder, SupportMachine, VERSION2}; use ckb_vm::memory::sparse::SparseMemory; use ckb_vm::memory::wxorx::WXorXMemory; -use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP}; +use ckb_vm::{Bytes, DefaultMachineRunner, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP}; use libfuzzer_sys::fuzz_target; fn run(data: &[u8]) -> Result<(i8, u64), Error> { - let machine_memory = WXorXMemory::new(SparseMemory::::default()); - let machine_core = DefaultCoreMachine::new_with_memory( + let machine_core = DefaultCoreMachine::>>::new( ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000, - machine_memory, ); let mut machine = TraceMachine::new( - DefaultMachineBuilder::new(machine_core) + RustDefaultMachineBuilder::new(machine_core) .instruction_cycle_func(Box::new(constant_cycles)) .build(), ); diff --git a/fuzz/fuzz_targets/isa_a.rs b/fuzz/fuzz_targets/isa_a.rs index 25e4688c..06430d33 100644 --- a/fuzz/fuzz_targets/isa_a.rs +++ b/fuzz/fuzz_targets/isa_a.rs @@ -1,5 +1,5 @@ #![no_main] -use ckb_vm::{CoreMachine, Memory}; +use ckb_vm::{CoreMachine, Memory, SupportMachine}; use libfuzzer_sys::fuzz_target; use spike_sys::Spike; use std::collections::VecDeque; @@ -34,13 +34,17 @@ fuzz_target!(|data: [u8; 512]| { let ckb_vm_isa = ckb_vm::ISA_IMC | ckb_vm::ISA_A | ckb_vm::ISA_B; let ckb_vm_version = ckb_vm::machine::VERSION2; let mut ckb_vm_int = - ckb_vm::DefaultMachineBuilder::new(ckb_vm::DefaultCoreMachine::< + ckb_vm::RustDefaultMachineBuilder::new(ckb_vm::DefaultCoreMachine::< u64, ckb_vm::SparseMemory, >::new(ckb_vm_isa, ckb_vm_version, u64::MAX)) .build(); - let mut ckb_vm_asm = ckb_vm::DefaultMachineBuilder::new( - ckb_vm::machine::asm::AsmCoreMachine::new(ckb_vm_isa, ckb_vm_version, u64::MAX), + let mut ckb_vm_asm = ckb_vm::machine::asm::AsmDefaultMachineBuilder::new( + ::new( + ckb_vm_isa, + ckb_vm_version, + u64::MAX, + ), ) .build(); let insts: [u32; 18] = [ diff --git a/fuzz/fuzz_targets/isa_b.rs b/fuzz/fuzz_targets/isa_b.rs index 29777e74..84e08903 100644 --- a/fuzz/fuzz_targets/isa_b.rs +++ b/fuzz/fuzz_targets/isa_b.rs @@ -1,5 +1,5 @@ #![no_main] -use ckb_vm::CoreMachine; +use ckb_vm::{CoreMachine, SupportMachine}; use libfuzzer_sys::fuzz_target; use spike_sys::Spike; use std::collections::VecDeque; @@ -40,13 +40,17 @@ fuzz_target!(|data: [u8; 512]| { let ckb_vm_isa = ckb_vm::ISA_IMC | ckb_vm::ISA_A | ckb_vm::ISA_B; let ckb_vm_version = ckb_vm::machine::VERSION2; let mut ckb_vm_int = - ckb_vm::DefaultMachineBuilder::new(ckb_vm::DefaultCoreMachine::< + ckb_vm::RustDefaultMachineBuilder::new(ckb_vm::DefaultCoreMachine::< u64, ckb_vm::SparseMemory, >::new(ckb_vm_isa, ckb_vm_version, u64::MAX)) .build(); - let mut ckb_vm_asm = ckb_vm::DefaultMachineBuilder::new( - ckb_vm::machine::asm::AsmCoreMachine::new(ckb_vm_isa, ckb_vm_version, u64::MAX), + let mut ckb_vm_asm = ckb_vm::machine::asm::AsmDefaultMachineBuilder::new( + ::new( + ckb_vm_isa, + ckb_vm_version, + u64::MAX, + ), ) .build(); diff --git a/fuzz/fuzz_targets/snapshot.rs b/fuzz/fuzz_targets/snapshot.rs index aa923e48..697b5845 100644 --- a/fuzz/fuzz_targets/snapshot.rs +++ b/fuzz/fuzz_targets/snapshot.rs @@ -1,15 +1,15 @@ #![no_main] use ckb_vm::cost_model::constant_cycles; -use ckb_vm::machine::asm::{AsmCoreMachine, AsmMachine}; -use ckb_vm::machine::{DefaultMachineBuilder, VERSION2}; +use ckb_vm::machine::VERSION2; +use ckb_vm::machine::asm::{AsmCoreMachine, AsmDefaultMachineBuilder, AsmMachine}; use ckb_vm::snapshot; -use ckb_vm::{Bytes, Error, SupportMachine, ISA_A, ISA_B, ISA_IMC, ISA_MOP}; +use ckb_vm::{Bytes, DefaultMachineRunner, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP, SupportMachine}; use libfuzzer_sys::fuzz_target; fuzz_target!(|data: &[u8]| { let mut machine1 = { let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000); - let machine = DefaultMachineBuilder::>::new(asm_core) + let machine = AsmDefaultMachineBuilder::new(asm_core) .instruction_cycle_func(Box::new(constant_cycles)) .build(); AsmMachine::new(machine) @@ -27,7 +27,7 @@ fuzz_target!(|data: &[u8]| { let mut machine2 = { let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, half_cycles); - let machine = DefaultMachineBuilder::>::new(asm_core) + let machine = AsmDefaultMachineBuilder::new(asm_core) .instruction_cycle_func(Box::new(constant_cycles)) .build(); AsmMachine::new(machine) @@ -40,7 +40,7 @@ fuzz_target!(|data: &[u8]| { let mut machine3 = { let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, half_cycles); - let machine = DefaultMachineBuilder::>::new(asm_core) + let machine = AsmDefaultMachineBuilder::new(asm_core) .instruction_cycle_func(Box::new(constant_cycles)) .build(); AsmMachine::new(machine) diff --git a/fuzz/fuzz_targets/snapshot2.rs b/fuzz/fuzz_targets/snapshot2.rs index 6f74ac63..6fa3cf04 100644 --- a/fuzz/fuzz_targets/snapshot2.rs +++ b/fuzz/fuzz_targets/snapshot2.rs @@ -1,11 +1,12 @@ #![no_main] use ckb_vm::{ + Bytes, CoreMachine, DEFAULT_MEMORY_SIZE, ISA_A, ISA_B, ISA_IMC, ISA_MOP, Memory, + RISCV_PAGESIZE, SupportMachine, elf::{LoadingAction, ProgramMetadata}, machine::VERSION2, - memory::{round_page_down, round_page_up, FLAG_EXECUTABLE, FLAG_FREEZED}, + machine::asm::{AsmDefaultMachine, AsmDefaultMachineBuilder}, + memory::{FLAG_EXECUTABLE, FLAG_FREEZED, round_page_down, round_page_up}, snapshot2::{DataSource, Snapshot2Context}, - Bytes, CoreMachine, DefaultMachine, DefaultMachineBuilder, Memory, DEFAULT_MEMORY_SIZE, ISA_A, - ISA_B, ISA_IMC, ISA_MOP, RISCV_PAGESIZE, }; use ckb_vm_definitions::asm::AsmCoreMachine; use libfuzzer_sys::fuzz_target; @@ -63,10 +64,10 @@ impl DataSource for DummyData { } } -fn build_machine() -> DefaultMachine> { +fn build_machine() -> AsmDefaultMachine { let isa = ISA_IMC | ISA_A | ISA_B | ISA_MOP; - let core_machine = AsmCoreMachine::new(isa, VERSION2, u64::MAX); - DefaultMachineBuilder::new(core_machine).build() + let core_machine = ::new(isa.into(), VERSION2, u64::MAX); + AsmDefaultMachineBuilder::new(core_machine).build() } fuzz_target!(|data: [u8; 96]| {