Line data Source code
1 : #undef FD_SPAD_USE_HANDHOLDING
2 : #define FD_SPAD_USE_HANDHOLDING 1
3 :
4 : #include "fd_solfuzz_private.h"
5 : #include "fd_instr_harness.h"
6 : #include "../fd_executor.h"
7 : #include "../fd_runtime.h"
8 : #include "../program/fd_bpf_loader_program.h"
9 : #include "../program/fd_loader_v4_program.h"
10 : #include "../program/fd_precompiles.h"
11 : #include "../fd_system_ids.h"
12 : #include "../../accdb/fd_accdb_admin_v1.h"
13 : #include "../../progcache/fd_progcache_admin.h"
14 : #include "../../log_collector/fd_log_collector.h"
15 : #include <assert.h>
16 :
17 : void
18 : fd_solfuzz_pb_instr_ctx_create( fd_solfuzz_runner_t * runner,
19 : fd_exec_instr_ctx_t * ctx,
20 0 : fd_exec_test_instr_context_t const * test_ctx ) {
21 :
22 0 : memset( ctx, 0, sizeof(fd_exec_instr_ctx_t) );
23 :
24 : /* Generate unique ID for funk txn */
25 :
26 0 : fd_funk_txn_xid_t xid[1] = {{ .ul={ LONG_MAX, LONG_MAX } }};
27 :
28 : /* Create temporary funk transaction and txn / slot / epoch contexts */
29 :
30 0 : fd_funk_txn_xid_t parent_xid; fd_funk_txn_xid_set_root( &parent_xid );
31 0 : fd_accdb_attach_child ( runner->accdb_admin, &parent_xid, xid );
32 0 : fd_progcache_attach_child( runner->progcache->join, &parent_xid, xid );
33 :
34 0 : fd_txn_in_t * txn_in = fd_spad_alloc( runner->spad, alignof(fd_txn_in_t), sizeof(fd_txn_in_t) );
35 0 : fd_txn_out_t * txn_out = fd_spad_alloc( runner->spad, alignof(fd_txn_out_t), sizeof(fd_txn_out_t) );
36 :
37 0 : fd_log_collector_t * log = fd_spad_alloc( runner->spad, alignof(fd_log_collector_t), sizeof(fd_log_collector_t) );
38 :
39 0 : fd_runtime_t * runtime = runner->runtime;
40 :
41 0 : runtime->log.log_collector = log;
42 :
43 0 : ctx->txn_out = txn_out;
44 0 : ctx->txn_in = txn_in;
45 :
46 0 : memset( txn_out->accounts.account, 0, sizeof(fd_accdb_rw_t) * MAX_TX_ACCOUNT_LOCKS );
47 :
48 : /* Bank manager */
49 0 : fd_banks_clear_bank( runner->banks, runner->bank, 4UL );
50 :
51 : /* Restore features */
52 0 : FD_TEST( test_ctx->has_features );
53 0 : fd_features_t * features = &runner->bank->f.features;
54 0 : fd_exec_test_feature_set_t const * feature_set = &test_ctx->features;
55 0 : FD_TEST( fd_solfuzz_pb_restore_features( features, feature_set ) );
56 :
57 : /* Blockhash queue init */
58 0 : ulong blockhash_seed; FD_TEST( fd_rng_secure( &blockhash_seed, sizeof(ulong) ) );
59 0 : fd_blockhashes_t * blockhashes = fd_blockhashes_init( &runner->bank->f.block_hash_queue, blockhash_seed );
60 0 : fd_memset( fd_blockhash_deq_push_tail_nocopy( blockhashes->d.deque ), 0, sizeof(fd_hash_t) );
61 :
62 : /* Set up mock txn descriptor and payload
63 : FIXME: More fields may need to be initialized. This seems to be
64 : the minimal set of fields needed to retain full context for
65 : precompile execution. */
66 0 : fd_txn_p_t * txn = fd_spad_alloc_check( runner->spad, alignof(fd_txn_p_t), sizeof(fd_txn_p_t) );
67 0 : fd_txn_t * txn_descriptor = TXN( txn );
68 0 : if( test_ctx->data ) {
69 0 : memcpy( txn->payload, test_ctx->data->bytes, test_ctx->data->size );
70 0 : txn->payload_sz = test_ctx->data->size;
71 0 : } else {
72 0 : txn->payload_sz = 0;
73 0 : }
74 0 : txn_descriptor->transaction_version = FD_TXN_VLEGACY;
75 0 : txn_descriptor->acct_addr_cnt = (ushort)test_ctx->accounts_count;
76 0 : txn_descriptor->instr_cnt = 1;
77 0 : txn_descriptor->instr[0] = (fd_txn_instr_t) {
78 0 : .acct_cnt = (ushort)test_ctx->accounts_count,
79 0 : .data_off = 0,
80 0 : .data_sz = (ushort)txn->payload_sz,
81 0 : };
82 :
83 0 : runtime->log.enable_log_collector = 0;
84 :
85 0 : fd_compute_budget_details_new( &txn_out->details.compute_budget );
86 0 : runtime->instr.stack_sz = 0;
87 0 : txn_out->accounts.cnt = 0UL;
88 0 : runtime->accounts.executable_cnt = 0UL;
89 :
90 0 : txn_out->details.loaded_accounts_data_size = 0UL;
91 0 : txn_out->details.accounts_resize_delta = 0L;
92 :
93 0 : memset( txn_out->details.return_data.program_id.key, 0, sizeof(fd_pubkey_t) );
94 0 : txn_out->details.return_data.len = 0;
95 :
96 0 : runtime->log.capture_ctx = NULL;
97 0 : runtime->log.dump_proto_ctx = NULL;
98 0 : runtime->log.txn_dump_ctx = NULL;
99 :
100 0 : runtime->instr.trace_length = 1UL;
101 :
102 0 : txn_out->err.exec_err = 0;
103 0 : txn_out->err.exec_err_kind = FD_EXECUTOR_ERR_KIND_NONE;
104 0 : runtime->instr.current_idx = 0;
105 :
106 0 : txn_in->txn = txn;
107 0 : txn_out->details.compute_budget.compute_unit_limit = test_ctx->cu_avail;
108 0 : txn_out->details.compute_budget.compute_meter = test_ctx->cu_avail;
109 0 : runtime->log.enable_vm_tracing = runner->enable_vm_tracing;
110 0 : runtime->log.tracing_mem = runner->enable_vm_tracing ?
111 0 : fd_spad_alloc_check( runner->spad, FD_RUNTIME_VM_TRACE_STATIC_ALIGN, FD_RUNTIME_VM_TRACE_STATIC_FOOTPRINT * FD_MAX_INSTRUCTION_STACK_DEPTH ) :
112 0 : NULL;
113 :
114 : /* Set up instruction context */
115 0 : fd_instr_info_t * info = &runtime->instr.trace[ 0UL ];
116 0 : memset( info, 0, sizeof(fd_instr_info_t) );
117 0 : info->stack_height = 1;
118 :
119 0 : if( test_ctx->data ) {
120 0 : if( FD_UNLIKELY( test_ctx->data->size>FD_INSTR_DATA_MAX ) ) {
121 0 : FD_LOG_ERR(( "invariant violation: instr data sz is too large %u > %lu", test_ctx->data->size, FD_INSTR_DATA_MAX ));
122 0 : }
123 0 : info->data_sz = (ushort)test_ctx->data->size;
124 0 : memcpy( info->data, test_ctx->data->bytes, info->data_sz );
125 0 : }
126 :
127 : /* Prepare borrowed account table (correctly handles aliasing) */
128 :
129 0 : if( FD_UNLIKELY( test_ctx->accounts_count > MAX_TX_ACCOUNT_LOCKS ) ) {
130 0 : FD_LOG_ERR(( "invariant violation: too many accounts (%lu > %lu)",
131 0 : (ulong)test_ctx->accounts_count, (ulong)MAX_TX_ACCOUNT_LOCKS ));
132 0 : }
133 :
134 : /* Load accounts from input */
135 :
136 0 : fd_account_meta_t * metas[MAX_TX_ACCOUNT_LOCKS] = {0};
137 0 : txn_out->accounts.cnt = test_ctx->accounts_count;
138 :
139 0 : int has_program_id = 0;
140 :
141 0 : for( ulong j=0UL; j < test_ctx->accounts_count; j++ ) {
142 0 : fd_pubkey_t * acc_key = (fd_pubkey_t *)test_ctx->accounts[j].address;
143 :
144 0 : memcpy( &(txn_out->accounts.keys[j]), test_ctx->accounts[j].address, sizeof(fd_pubkey_t) );
145 0 : runtime->accounts.refcnt[j] = 0UL;
146 :
147 0 : uchar * data = fd_spad_alloc( runner->spad, FD_ACCOUNT_REC_ALIGN, FD_ACC_TOT_SZ_MAX );
148 0 : fd_account_meta_t * meta = (fd_account_meta_t *)data;
149 0 : uint dlen = test_ctx->accounts[j].data ? test_ctx->accounts[j].data->size : 0U;
150 0 : if( test_ctx->accounts[j].data ) {
151 0 : fd_memcpy( meta+1, test_ctx->accounts[j].data->bytes, dlen );
152 0 : }
153 0 : meta->dlen = dlen;
154 0 : meta->lamports = test_ctx->accounts[j].lamports;
155 0 : meta->executable = test_ctx->accounts[j].executable;
156 0 : fd_memcpy( meta->owner, test_ctx->accounts[j].owner, sizeof(fd_pubkey_t) );
157 0 : metas[j] = meta;
158 0 : fd_accdb_rw_init_nodb( &txn_out->accounts.account[j], acc_key, metas[j], FD_RUNTIME_ACC_SZ_MAX );
159 0 : txn_out->accounts.keys[j] = *acc_key;
160 :
161 0 : if( !memcmp( acc_key, test_ctx->program_id, sizeof(fd_pubkey_t) ) ) {
162 0 : has_program_id = 1;
163 0 : info->program_id = (uchar)j;
164 0 : }
165 0 : }
166 :
167 : /* Ensure the program id is in the set of accounts */
168 0 : FD_TEST( has_program_id );
169 :
170 : /* Load in executable accounts */
171 0 : for( ulong i = 0; i < txn_out->accounts.cnt; i++ ) {
172 :
173 0 : fd_account_meta_t * meta = txn_out->accounts.account[i].meta;
174 0 : fd_pubkey_t const * owner = fd_type_pun_const( meta->owner );
175 :
176 0 : if( !fd_executor_pubkey_is_bpf_loader( owner ) ) {
177 0 : continue;
178 0 : }
179 :
180 0 : if( FD_UNLIKELY( !memcmp( owner, fd_solana_bpf_loader_upgradeable_program_id.key, sizeof(fd_pubkey_t) ) ) ) {
181 0 : fd_bpf_upgradeable_loader_state_t program_loader_state[1];
182 0 : int err = fd_bpf_loader_program_get_state( meta, program_loader_state );
183 0 : if( FD_UNLIKELY( err!=FD_EXECUTOR_INSTR_SUCCESS ) ) {
184 0 : continue;
185 0 : }
186 :
187 0 : if( !fd_bpf_upgradeable_loader_state_is_program( program_loader_state ) ) {
188 0 : continue;
189 0 : }
190 :
191 0 : fd_pubkey_t * programdata_acc = &program_loader_state->inner.program.programdata_address;
192 :
193 0 : meta = NULL;
194 0 : for( ulong j=0UL; j<test_ctx->accounts_count; j++ ) {
195 0 : if( !memcmp( test_ctx->accounts[j].address, programdata_acc, sizeof(fd_pubkey_t) ) ) {
196 0 : meta = txn_out->accounts.account[j].meta;
197 0 : break;
198 0 : }
199 0 : }
200 0 : if( FD_UNLIKELY( meta==NULL ) ) {
201 0 : continue;
202 0 : }
203 :
204 0 : FD_TEST( runtime->accounts.executable_cnt < MAX_TX_ACCOUNT_LOCKS );
205 0 : fd_accdb_ro_t * ro = &runtime->accounts.executable[ runtime->accounts.executable_cnt ];
206 0 : fd_accdb_ro_init_nodb( ro, programdata_acc, meta );
207 0 : runtime->accounts.executable_cnt++;
208 0 : } else if( FD_UNLIKELY( !memcmp( meta->owner, fd_solana_bpf_loader_program_id.key, sizeof(fd_pubkey_t) ) ||
209 0 : !memcmp( meta->owner, fd_solana_bpf_loader_deprecated_program_id.key, sizeof(fd_pubkey_t) ) ) ) {
210 0 : meta = txn_out->accounts.account[i].meta;
211 0 : } else if( !memcmp( owner, fd_solana_bpf_loader_v4_program_id.key, sizeof(fd_pubkey_t) ) ) {
212 0 : int err;
213 0 : fd_loader_v4_state_t const * state = fd_loader_v4_get_state( fd_account_data( meta ), meta->dlen, &err );
214 0 : if( FD_UNLIKELY( err ) ) {
215 0 : continue;
216 0 : }
217 :
218 : /* The program must be deployed or finalized. */
219 0 : if( FD_UNLIKELY( fd_loader_v4_status_is_retracted( state ) ) ) {
220 0 : continue;
221 0 : }
222 0 : meta = txn_out->accounts.account[i].meta;
223 0 : }
224 0 : }
225 :
226 0 : fd_funk_txn_xid_t exec_xid[1] = {{ .ul={ runner->bank->f.slot, runner->bank->idx } }};
227 0 : fd_accdb_attach_child ( runner->accdb_admin, xid, exec_xid );
228 0 : fd_progcache_attach_child( runner->progcache->join, xid, exec_xid );
229 :
230 : /* Load instruction accounts */
231 :
232 0 : if( FD_UNLIKELY( test_ctx->instr_accounts_count > FD_INSTR_ACCT_MAX ) ) {
233 0 : FD_LOG_ERR(( "invariant violation: too many instruction accounts (%lu > %lu)",
234 0 : (ulong)test_ctx->instr_accounts_count, (ulong)FD_INSTR_ACCT_MAX ));
235 0 : }
236 :
237 : /* Restore sysvar cache */
238 0 : fd_sysvar_cache_t * sysvar_cache = &runner->bank->f.sysvar_cache;
239 0 : ctx->sysvar_cache = sysvar_cache;
240 0 : for( ulong i=0UL; i<txn_out->accounts.cnt; i++ ) {
241 0 : fd_sysvar_cache_restore_from_ref( sysvar_cache, txn_out->accounts.account[i].ro );
242 0 : }
243 :
244 0 : ctx->runtime = runtime;
245 :
246 0 : fd_sol_sysvar_clock_t clock_[1];
247 0 : fd_sol_sysvar_clock_t * clock = fd_sysvar_cache_clock_read( ctx->sysvar_cache, clock_ );
248 0 : FD_TEST( clock );
249 0 : runner->bank->f.slot = clock->slot;
250 :
251 0 : fd_epoch_schedule_t epoch_schedule_[1];
252 0 : fd_epoch_schedule_t * epoch_schedule = fd_sysvar_cache_epoch_schedule_read( ctx->sysvar_cache, epoch_schedule_ );
253 0 : FD_TEST( epoch_schedule );
254 0 : runner->bank->f.epoch_schedule = *epoch_schedule;
255 :
256 0 : fd_rent_t rent_[1];
257 0 : fd_rent_t * rent = fd_sysvar_cache_rent_read( ctx->sysvar_cache, rent_ );
258 0 : FD_TEST( rent );
259 0 : runner->bank->f.rent = *rent;
260 :
261 0 : fd_block_block_hash_entry_t const * deq = fd_sysvar_cache_recent_hashes_join_const( ctx->sysvar_cache );
262 0 : FD_TEST( deq );
263 0 : if( !deq_fd_block_block_hash_entry_t_empty( deq ) ) {
264 0 : fd_block_block_hash_entry_t const * last = deq_fd_block_block_hash_entry_t_peek_tail_const( deq );
265 0 : if( last ) {
266 0 : fd_blockhashes_t * blockhashes = &runner->bank->f.block_hash_queue;
267 0 : fd_blockhashes_pop_new( blockhashes );
268 0 : fd_blockhash_info_t * info = fd_blockhashes_push_new( blockhashes, &last->blockhash );
269 0 : info->fee_calculator = last->fee_calculator;
270 :
271 0 : runner->bank->f.rbh_lamports_per_sig = last->fee_calculator.lamports_per_signature;
272 0 : }
273 0 : }
274 0 : fd_sysvar_cache_recent_hashes_leave_const( ctx->sysvar_cache, deq );
275 :
276 0 : uchar acc_idx_seen[ FD_TXN_ACCT_ADDR_MAX ] = {0};
277 0 : for( ulong j=0UL; j < test_ctx->instr_accounts_count; j++ ) {
278 0 : uint index = test_ctx->instr_accounts[j].index;
279 0 : if( index >= test_ctx->accounts_count ) {
280 0 : FD_LOG_ERR(( "invariant violation: instruction account index out of range (%u > %u)",
281 0 : index, test_ctx->instr_accounts_count ));
282 0 : }
283 :
284 : /* Setup instruction accounts */
285 0 : fd_instr_info_setup_instr_account( info,
286 0 : acc_idx_seen,
287 0 : (ushort)index,
288 0 : (ushort)j,
289 0 : (ushort)j,
290 0 : test_ctx->instr_accounts[j].is_writable,
291 0 : test_ctx->instr_accounts[j].is_signer );
292 0 : }
293 0 : info->acct_cnt = (ushort)test_ctx->instr_accounts_count;
294 :
295 0 : ctx->instr = info;
296 0 : ctx->runtime->progcache = runner->progcache;
297 0 : ctx->runtime->accdb = runner->accdb;
298 :
299 0 : runtime->log.enable_log_collector = 0;
300 :
301 0 : fd_log_collector_init( ctx->runtime->log.log_collector, 1 );
302 0 : fd_base58_encode_32( txn_out->accounts.keys[ ctx->instr->program_id ].uc, NULL, ctx->program_id_base58 );
303 0 : }
304 :
305 : void
306 : fd_solfuzz_pb_instr_ctx_destroy( fd_solfuzz_runner_t * runner,
307 0 : fd_exec_instr_ctx_t * ctx ) {
308 0 : if( !ctx ) return;
309 0 : fd_accdb_v1_clear( runner->accdb_admin );
310 0 : fd_progcache_clear( runner->progcache->join );
311 :
312 : /* In order to check for leaks in the workspace, we need to compact the
313 : allocators. Without doing this, empty superblocks may be retained
314 : by the fd_alloc instance, which mean we cannot check for leaks. */
315 0 : fd_alloc_compact( fd_accdb_admin_v1_funk( runner->accdb_admin )->alloc );
316 0 : fd_alloc_compact( runner->progcache->join->alloc );
317 0 : }
318 :
319 : ulong
320 : fd_solfuzz_pb_instr_run( fd_solfuzz_runner_t * runner,
321 : void const * input_,
322 : void ** output_,
323 : void * output_buf,
324 0 : ulong output_bufsz ) {
325 0 : fd_exec_test_instr_context_t const * input = fd_type_pun_const( input_ );
326 0 : fd_exec_test_instr_effects_t ** output = fd_type_pun( output_ );
327 :
328 : /* Convert the Protobuf inputs to a fd_exec context */
329 0 : fd_exec_instr_ctx_t ctx[1];
330 0 : fd_solfuzz_pb_instr_ctx_create( runner, ctx, input );
331 :
332 0 : fd_instr_info_t * instr = (fd_instr_info_t *) ctx->instr;
333 :
334 : /* Execute the test */
335 0 : int exec_result = fd_execute_instr( ctx->runtime, runner->bank, ctx->txn_in, ctx->txn_out, instr );
336 :
337 : /* Allocate space to capture outputs */
338 0 : ulong output_end = (ulong)output_buf + output_bufsz;
339 0 : FD_SCRATCH_ALLOC_INIT( l, output_buf );
340 :
341 0 : fd_exec_test_instr_effects_t * effects =
342 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_exec_test_instr_effects_t),
343 0 : sizeof (fd_exec_test_instr_effects_t) );
344 0 : if( FD_UNLIKELY( _l > output_end ) ) {
345 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
346 0 : return 0UL;
347 0 : }
348 0 : fd_memset( effects, 0, sizeof(fd_exec_test_instr_effects_t) );
349 :
350 : /* Capture error code */
351 :
352 0 : effects->result = -exec_result;
353 0 : effects->cu_avail = ctx->txn_out->details.compute_budget.compute_meter;
354 :
355 : /* Don't capture custom error codes if the program is a precompile */
356 0 : if( FD_LIKELY( effects->result ) ) {
357 0 : int program_id_idx = ctx->instr[ 0UL ].program_id;
358 0 : if( exec_result==FD_EXECUTOR_INSTR_ERR_CUSTOM_ERR &&
359 0 : fd_executor_lookup_native_precompile_program( &ctx->txn_out->accounts.keys[ program_id_idx ] )==NULL ) {
360 0 : effects->custom_err = ctx->txn_out->err.custom_err;
361 0 : }
362 0 : }
363 :
364 : /* Allocate space for captured accounts */
365 0 : ulong modified_acct_cnt = ctx->txn_out->accounts.cnt;
366 :
367 0 : fd_exec_test_acct_state_t * modified_accts =
368 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_exec_test_acct_state_t),
369 0 : sizeof (fd_exec_test_acct_state_t) * modified_acct_cnt );
370 0 : if( FD_UNLIKELY( _l > output_end ) ) {
371 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
372 0 : return 0;
373 0 : }
374 0 : effects->modified_accounts = modified_accts;
375 0 : effects->modified_accounts_count = 0UL;
376 :
377 : /* Capture borrowed accounts */
378 :
379 0 : for( ulong j=0UL; j < ctx->txn_out->accounts.cnt; j++ ) {
380 0 : fd_pubkey_t * acc_key = &ctx->txn_out->accounts.keys[j];
381 0 : fd_account_meta_t * acc = ctx->txn_out->accounts.account[j].meta;
382 0 : if( !acc ) {
383 0 : continue;
384 0 : }
385 :
386 0 : ulong modified_idx = effects->modified_accounts_count;
387 0 : assert( modified_idx < modified_acct_cnt );
388 :
389 0 : fd_exec_test_acct_state_t * out_acct = &effects->modified_accounts[ modified_idx ];
390 0 : memset( out_acct, 0, sizeof(fd_exec_test_acct_state_t) );
391 : /* Copy over account content */
392 :
393 0 : memcpy( out_acct->address, acc_key, sizeof(fd_pubkey_t) );
394 0 : out_acct->lamports = acc->lamports;
395 0 : if( acc->dlen>0UL ) {
396 0 : out_acct->data =
397 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(pb_bytes_array_t),
398 0 : PB_BYTES_ARRAY_T_ALLOCSIZE( acc->dlen ) );
399 0 : if( FD_UNLIKELY( _l > output_end ) ) {
400 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
401 0 : return 0UL;
402 0 : }
403 0 : out_acct->data->size = (pb_size_t)acc->dlen;
404 0 : fd_memcpy( out_acct->data->bytes, fd_account_data( acc ), acc->dlen );
405 0 : }
406 :
407 0 : out_acct->executable = acc->executable;
408 0 : memcpy( out_acct->owner, acc->owner, sizeof(fd_pubkey_t) );
409 :
410 0 : effects->modified_accounts_count++;
411 0 : }
412 :
413 : /* Capture return data */
414 0 : fd_txn_return_data_t * return_data = &ctx->txn_out->details.return_data;
415 0 : if( return_data->len>0UL ) {
416 0 : effects->return_data = FD_SCRATCH_ALLOC_APPEND(l, alignof(pb_bytes_array_t),
417 0 : PB_BYTES_ARRAY_T_ALLOCSIZE( return_data->len ) );
418 0 : if( FD_UNLIKELY( _l > output_end ) ) {
419 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
420 0 : return 0UL;
421 0 : }
422 0 : effects->return_data->size = (pb_size_t)return_data->len;
423 0 : fd_memcpy( effects->return_data->bytes, return_data->data, return_data->len );
424 0 : }
425 :
426 0 : ulong actual_end = FD_SCRATCH_ALLOC_FINI( l, 1UL );
427 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
428 :
429 0 : *output = effects;
430 0 : return actual_end - (ulong)output_buf;
431 0 : }
|
