Skip to content

Commit

Permalink
Checking cycles in fuzz (nervosnetwork#441)
Browse files Browse the repository at this point in the history
  • Loading branch information
mohanson authored Oct 22, 2024
1 parent 468f52c commit a4dab6b
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 14 deletions.
23 changes: 15 additions & 8 deletions fuzz/fuzz_targets/asm.rs
Original file line number Diff line number Diff line change
@@ -1,37 +1,44 @@
#![no_main]
use ckb_vm::cost_model::constant_cycles;
use ckb_vm::machine::asm::{AsmCoreMachine, AsmMachine};
use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, VERSION2};
use ckb_vm::machine::trace::TraceMachine;
use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, SupportMachine, VERSION2};
use ckb_vm::memory::sparse::SparseMemory;
use ckb_vm::memory::wxorx::WXorXMemory;
use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
use libfuzzer_sys::fuzz_target;

fn run_asm(data: &[u8]) -> Result<i8, Error> {
fn run_asm(data: &[u8]) -> Result<(i8, u64), Error> {
let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000);
let core = DefaultMachineBuilder::<Box<AsmCoreMachine>>::new(asm_core)
.instruction_cycle_func(Box::new(constant_cycles))
.build();
let mut machine = AsmMachine::new(core);
let program = Bytes::copy_from_slice(data);
machine.load_program(&program, &[])?;
machine.run()
let exit_code = machine.run()?;
let cycles = machine.machine.cycles();
Ok((exit_code, cycles))
}

fn run_int(data: &[u8]) -> Result<i8, Error> {
fn run_int(data: &[u8]) -> Result<(i8, u64), Error> {
let machine_memory = WXorXMemory::new(SparseMemory::<u64>::default());
let machine_core = DefaultCoreMachine::new_with_memory(
ISA_IMC | ISA_A | ISA_B | ISA_MOP,
VERSION2,
200_000,
machine_memory,
);
let mut machine = DefaultMachineBuilder::new(machine_core)
.instruction_cycle_func(Box::new(constant_cycles))
.build();
let mut machine = TraceMachine::new(
DefaultMachineBuilder::new(machine_core)
.instruction_cycle_func(Box::new(constant_cycles))
.build(),
);
let program = Bytes::copy_from_slice(data);
machine.load_program(&program, &[])?;
machine.run()
let exit_code = machine.run()?;
let cycles = machine.machine.cycles();
Ok((exit_code, cycles))
}

fuzz_target!(|data: &[u8]| {
Expand Down
17 changes: 11 additions & 6 deletions fuzz/fuzz_targets/interpreter.rs
Original file line number Diff line number Diff line change
@@ -1,25 +1,30 @@
#![no_main]
use ckb_vm::cost_model::constant_cycles;
use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, VERSION2};
use ckb_vm::machine::trace::TraceMachine;
use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, SupportMachine, VERSION2};
use ckb_vm::memory::sparse::SparseMemory;
use ckb_vm::memory::wxorx::WXorXMemory;
use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
use libfuzzer_sys::fuzz_target;

fn run(data: &[u8]) -> Result<i8, Error> {
fn run(data: &[u8]) -> Result<(i8, u64), Error> {
let machine_memory = WXorXMemory::new(SparseMemory::<u64>::default());
let machine_core = DefaultCoreMachine::new_with_memory(
ISA_IMC | ISA_A | ISA_B | ISA_MOP,
VERSION2,
200_000,
machine_memory,
);
let mut machine = DefaultMachineBuilder::new(machine_core)
.instruction_cycle_func(Box::new(constant_cycles))
.build();
let mut machine = TraceMachine::new(
DefaultMachineBuilder::new(machine_core)
.instruction_cycle_func(Box::new(constant_cycles))
.build(),
);
let program = Bytes::copy_from_slice(data);
machine.load_program(&program, &[])?;
machine.run()
let exit_code = machine.run()?;
let cycles = machine.machine.cycles();
Ok((exit_code, cycles))
}

fuzz_target!(|data: &[u8]| {
Expand Down

0 comments on commit a4dab6b

Please sign in to comment.