Line data Source code
1 : #undef FD_SPAD_USE_HANDHOLDING
2 : #define FD_SPAD_USE_HANDHOLDING 1
3 :
4 : #include "fd_solfuzz_private.h"
5 : #include "fd_instr_harness.h"
6 : #include "../fd_executor.h"
7 : #include "../fd_runtime.h"
8 : #include "../program/fd_bpf_loader_program.h"
9 : #include "../program/fd_precompiles.h"
10 : #include "../fd_system_ids.h"
11 : #include "../../accdb/fd_accdb_admin_v1.h"
12 : #include "../../progcache/fd_progcache_admin.h"
13 : #include "../../log_collector/fd_log_collector.h"
14 : #include <assert.h>
15 :
16 : void
17 : fd_solfuzz_pb_instr_ctx_create( fd_solfuzz_runner_t * runner,
18 : fd_exec_instr_ctx_t * ctx,
19 0 : fd_exec_test_instr_context_t const * test_ctx ) {
20 :
21 0 : memset( ctx, 0, sizeof(fd_exec_instr_ctx_t) );
22 :
23 : /* Generate unique ID for funk txn */
24 :
25 0 : fd_funk_txn_xid_t xid[1] = {{ .ul={ LONG_MAX, LONG_MAX } }};
26 :
27 : /* Create temporary funk transaction and txn / slot / epoch contexts */
28 :
29 0 : fd_funk_txn_xid_t parent_xid; fd_funk_txn_xid_set_root( &parent_xid );
30 0 : fd_accdb_attach_child( runner->accdb_admin, &parent_xid, xid );
31 0 : runner->bank->progcache_fork_id = fd_progcache_attach_child( runner->progcache->join, fd_progcache_fork_id_initial() );
32 :
33 0 : fd_txn_in_t * txn_in = fd_spad_alloc( runner->spad, alignof(fd_txn_in_t), sizeof(fd_txn_in_t) );
34 0 : fd_txn_out_t * txn_out = fd_spad_alloc( runner->spad, alignof(fd_txn_out_t), sizeof(fd_txn_out_t) );
35 :
36 0 : fd_log_collector_t * log = fd_spad_alloc( runner->spad, alignof(fd_log_collector_t), sizeof(fd_log_collector_t) );
37 :
38 0 : fd_runtime_t * runtime = runner->runtime;
39 :
40 0 : runtime->log.log_collector = log;
41 :
42 0 : ctx->txn_out = txn_out;
43 0 : ctx->txn_in = txn_in;
44 :
45 0 : memset( txn_out->accounts.account, 0, sizeof(fd_accdb_rw_t) * MAX_TX_ACCOUNT_LOCKS );
46 :
47 : /* Bank manager */
48 0 : fd_banks_clear_bank( runner->banks, runner->bank, 4UL );
49 :
50 : /* Restore features */
51 0 : FD_TEST( test_ctx->has_features );
52 0 : fd_features_t * features = &runner->bank->f.features;
53 0 : fd_exec_test_feature_set_t const * feature_set = &test_ctx->features;
54 0 : FD_TEST( fd_solfuzz_pb_restore_features( features, feature_set ) );
55 :
56 : /* Blockhash queue init */
57 0 : ulong blockhash_seed; FD_TEST( fd_rng_secure( &blockhash_seed, sizeof(ulong) ) );
58 0 : fd_blockhashes_t * blockhashes = fd_blockhashes_init( &runner->bank->f.block_hash_queue, blockhash_seed );
59 0 : fd_memset( fd_blockhash_deq_push_tail_nocopy( blockhashes->d.deque ), 0, sizeof(fd_hash_t) );
60 :
61 : /* Set up mock txn descriptor and payload
62 : FIXME: More fields may need to be initialized. This seems to be
63 : the minimal set of fields needed to retain full context for
64 : precompile execution. */
65 0 : fd_txn_p_t * txn = fd_spad_alloc_check( runner->spad, alignof(fd_txn_p_t), sizeof(fd_txn_p_t) );
66 0 : fd_txn_t * txn_descriptor = TXN( txn );
67 0 : if( test_ctx->data ) {
68 0 : memcpy( txn->payload, test_ctx->data->bytes, test_ctx->data->size );
69 0 : txn->payload_sz = test_ctx->data->size;
70 0 : } else {
71 0 : txn->payload_sz = 0;
72 0 : }
73 0 : txn_descriptor->transaction_version = FD_TXN_VLEGACY;
74 0 : txn_descriptor->acct_addr_cnt = (ushort)test_ctx->accounts_count;
75 0 : txn_descriptor->instr_cnt = 1;
76 0 : txn_descriptor->instr[0] = (fd_txn_instr_t) {
77 0 : .acct_cnt = (ushort)test_ctx->accounts_count,
78 0 : .data_off = 0,
79 0 : .data_sz = (ushort)txn->payload_sz,
80 0 : };
81 :
82 0 : runtime->log.enable_log_collector = 0;
83 :
84 0 : fd_compute_budget_details_new( &txn_out->details.compute_budget );
85 0 : runtime->instr.stack_sz = 0;
86 0 : txn_out->accounts.cnt = 0UL;
87 0 : runtime->accounts.executable_cnt = 0UL;
88 :
89 0 : txn_out->details.loaded_accounts_data_size = 0UL;
90 0 : txn_out->details.accounts_resize_delta = 0L;
91 :
92 0 : memset( txn_out->details.return_data.program_id.key, 0, sizeof(fd_pubkey_t) );
93 0 : txn_out->details.return_data.len = 0;
94 :
95 0 : runtime->log.capture_ctx = NULL;
96 0 : runtime->log.dump_proto_ctx = NULL;
97 0 : runtime->log.txn_dump_ctx = NULL;
98 :
99 0 : runtime->instr.trace_length = 1UL;
100 :
101 0 : txn_out->err.exec_err = 0;
102 0 : txn_out->err.exec_err_kind = FD_EXECUTOR_ERR_KIND_NONE;
103 0 : runtime->instr.current_idx = 0;
104 :
105 0 : txn_in->txn = txn;
106 0 : txn_out->details.compute_budget.compute_unit_limit = test_ctx->cu_avail;
107 0 : txn_out->details.compute_budget.compute_meter = test_ctx->cu_avail;
108 0 : runtime->log.enable_vm_tracing = runner->enable_vm_tracing;
109 0 : runtime->log.tracing_mem = runner->enable_vm_tracing ?
110 0 : fd_spad_alloc_check( runner->spad, FD_RUNTIME_VM_TRACE_STATIC_ALIGN, FD_RUNTIME_VM_TRACE_STATIC_FOOTPRINT * FD_MAX_INSTRUCTION_STACK_DEPTH ) :
111 0 : NULL;
112 :
113 : /* Set up instruction context */
114 0 : fd_instr_info_t * info = &runtime->instr.trace[ 0UL ];
115 0 : memset( info, 0, sizeof(fd_instr_info_t) );
116 0 : info->stack_height = 1;
117 :
118 0 : if( test_ctx->data ) {
119 0 : if( FD_UNLIKELY( test_ctx->data->size>FD_INSTR_DATA_MAX ) ) {
120 0 : FD_LOG_ERR(( "invariant violation: instr data sz is too large %u > %lu", test_ctx->data->size, FD_INSTR_DATA_MAX ));
121 0 : }
122 0 : info->data_sz = (ushort)test_ctx->data->size;
123 0 : memcpy( info->data, test_ctx->data->bytes, info->data_sz );
124 0 : }
125 :
126 : /* Prepare borrowed account table (correctly handles aliasing) */
127 :
128 0 : if( FD_UNLIKELY( test_ctx->accounts_count > MAX_TX_ACCOUNT_LOCKS ) ) {
129 0 : FD_LOG_ERR(( "invariant violation: too many accounts (%lu > %lu)",
130 0 : (ulong)test_ctx->accounts_count, (ulong)MAX_TX_ACCOUNT_LOCKS ));
131 0 : }
132 :
133 : /* Load accounts from input */
134 :
135 0 : fd_account_meta_t * metas[MAX_TX_ACCOUNT_LOCKS] = {0};
136 0 : txn_out->accounts.cnt = test_ctx->accounts_count;
137 :
138 0 : int has_program_id = 0;
139 :
140 0 : for( ulong j=0UL; j < test_ctx->accounts_count; j++ ) {
141 0 : fd_pubkey_t * acc_key = (fd_pubkey_t *)test_ctx->accounts[j].address;
142 :
143 0 : memcpy( &(txn_out->accounts.keys[j]), test_ctx->accounts[j].address, sizeof(fd_pubkey_t) );
144 0 : runtime->accounts.refcnt[j] = 0UL;
145 :
146 0 : uchar * data = fd_spad_alloc( runner->spad, FD_ACCOUNT_REC_ALIGN, FD_ACC_TOT_SZ_MAX );
147 0 : fd_account_meta_t * meta = (fd_account_meta_t *)data;
148 0 : uint dlen = test_ctx->accounts[j].data ? test_ctx->accounts[j].data->size : 0U;
149 0 : if( test_ctx->accounts[j].data ) {
150 0 : fd_memcpy( meta+1, test_ctx->accounts[j].data->bytes, dlen );
151 0 : }
152 0 : meta->dlen = dlen;
153 0 : meta->lamports = test_ctx->accounts[j].lamports;
154 0 : meta->executable = test_ctx->accounts[j].executable;
155 0 : fd_memcpy( meta->owner, test_ctx->accounts[j].owner, sizeof(fd_pubkey_t) );
156 0 : metas[j] = meta;
157 0 : fd_accdb_rw_init_nodb( &txn_out->accounts.account[j], acc_key, metas[j], FD_RUNTIME_ACC_SZ_MAX );
158 0 : txn_out->accounts.keys[j] = *acc_key;
159 :
160 0 : if( !memcmp( acc_key, test_ctx->program_id, sizeof(fd_pubkey_t) ) ) {
161 0 : has_program_id = 1;
162 0 : info->program_id = (uchar)j;
163 0 : }
164 0 : }
165 :
166 : /* Ensure the program id is in the set of accounts */
167 0 : FD_TEST( has_program_id );
168 :
169 : /* Load in executable accounts */
170 0 : for( ulong i = 0; i < txn_out->accounts.cnt; i++ ) {
171 :
172 0 : fd_account_meta_t * meta = txn_out->accounts.account[i].meta;
173 0 : fd_pubkey_t const * owner = fd_type_pun_const( meta->owner );
174 :
175 0 : if( !fd_executor_pubkey_is_bpf_loader( owner ) ) {
176 0 : continue;
177 0 : }
178 :
179 0 : if( FD_UNLIKELY( !memcmp( owner, fd_solana_bpf_loader_upgradeable_program_id.key, sizeof(fd_pubkey_t) ) ) ) {
180 0 : fd_bpf_state_t program_loader_state[1];
181 0 : int err = fd_bpf_loader_program_get_state( meta, program_loader_state );
182 0 : if( FD_UNLIKELY( err!=FD_EXECUTOR_INSTR_SUCCESS ) ) {
183 0 : continue;
184 0 : }
185 :
186 0 : if( program_loader_state->discriminant!=FD_BPF_STATE_PROGRAM ) {
187 0 : continue;
188 0 : }
189 :
190 0 : fd_pubkey_t * programdata_acc = &program_loader_state->inner.program.programdata_address;
191 :
192 0 : meta = NULL;
193 0 : for( ulong j=0UL; j<test_ctx->accounts_count; j++ ) {
194 0 : if( !memcmp( test_ctx->accounts[j].address, programdata_acc, sizeof(fd_pubkey_t) ) ) {
195 0 : meta = txn_out->accounts.account[j].meta;
196 0 : break;
197 0 : }
198 0 : }
199 0 : if( FD_UNLIKELY( meta==NULL ) ) {
200 0 : continue;
201 0 : }
202 :
203 0 : FD_TEST( runtime->accounts.executable_cnt < MAX_TX_ACCOUNT_LOCKS );
204 0 : fd_accdb_ro_t * ro = &runtime->accounts.executable[ runtime->accounts.executable_cnt ];
205 0 : fd_accdb_ro_init_nodb( ro, programdata_acc, meta );
206 0 : runtime->accounts.executable_cnt++;
207 0 : } else if( FD_UNLIKELY( !memcmp( meta->owner, fd_solana_bpf_loader_program_id.key, sizeof(fd_pubkey_t) ) ||
208 0 : !memcmp( meta->owner, fd_solana_bpf_loader_deprecated_program_id.key, sizeof(fd_pubkey_t) ) ) ) {
209 0 : meta = txn_out->accounts.account[i].meta;
210 0 : }
211 0 : }
212 :
213 : /* Load instruction accounts */
214 :
215 0 : if( FD_UNLIKELY( test_ctx->instr_accounts_count > FD_INSTR_ACCT_MAX ) ) {
216 0 : FD_LOG_ERR(( "invariant violation: too many instruction accounts (%lu > %lu)",
217 0 : (ulong)test_ctx->instr_accounts_count, (ulong)FD_INSTR_ACCT_MAX ));
218 0 : }
219 :
220 : /* Restore sysvar cache */
221 0 : fd_sysvar_cache_t * sysvar_cache = &runner->bank->f.sysvar_cache;
222 0 : ctx->sysvar_cache = sysvar_cache;
223 0 : for( ulong i=0UL; i<txn_out->accounts.cnt; i++ ) {
224 0 : fd_sysvar_cache_restore_from_ref( sysvar_cache, txn_out->accounts.account[i].ro );
225 0 : }
226 :
227 0 : ctx->runtime = runtime;
228 :
229 0 : fd_sol_sysvar_clock_t clock_[1];
230 0 : fd_sol_sysvar_clock_t * clock = fd_sysvar_cache_clock_read( ctx->sysvar_cache, clock_ );
231 0 : FD_TEST( clock );
232 0 : runner->bank->f.slot = clock->slot;
233 :
234 0 : fd_funk_txn_xid_t exec_xid[1] = { fd_bank_xid( runner->bank ) };
235 0 : fd_accdb_attach_child( runner->accdb_admin, xid, exec_xid );
236 0 : runner->bank->progcache_fork_id = fd_progcache_attach_child( runner->progcache->join, runner->bank->progcache_fork_id );
237 :
238 0 : fd_epoch_schedule_t epoch_schedule_[1];
239 0 : fd_epoch_schedule_t * epoch_schedule = fd_sysvar_cache_epoch_schedule_read( ctx->sysvar_cache, epoch_schedule_ );
240 0 : FD_TEST( epoch_schedule );
241 0 : runner->bank->f.epoch_schedule = *epoch_schedule;
242 :
243 0 : fd_rent_t rent_[1];
244 0 : fd_rent_t * rent = fd_sysvar_cache_rent_read( ctx->sysvar_cache, rent_ );
245 0 : FD_TEST( rent );
246 0 : runner->bank->f.rent = *rent;
247 :
248 0 : if( !fd_sysvar_cache_recent_hashes_is_empty( sysvar_cache ) ) {
249 0 : uchar const * rbh_data = sysvar_cache->bin_recent_hashes;
250 0 : ulong rbh_len = FD_LOAD( ulong, rbh_data );
251 0 : ulong entry_off = sizeof(ulong) + ((rbh_len - 1UL) * 40UL);
252 0 : uchar const * entry = rbh_data + entry_off;
253 0 : FD_TEST( entry_off+40UL <= sysvar_cache->desc[ FD_SYSVAR_recent_hashes_IDX ].data_sz );
254 :
255 0 : fd_blockhashes_t * blockhashes = &runner->bank->f.block_hash_queue;
256 0 : fd_blockhashes_pop_new( blockhashes );
257 0 : fd_hash_t hash = FD_LOAD( fd_hash_t, entry );
258 0 : fd_blockhash_info_t * info = fd_blockhashes_push_new( blockhashes, &hash );
259 0 : info->lamports_per_signature = runner->bank->f.rbh_lamports_per_sig =
260 0 : FD_LOAD( ulong, entry+32UL );
261 0 : }
262 :
263 0 : uchar acc_idx_seen[ FD_TXN_ACCT_ADDR_MAX ] = {0};
264 0 : for( ulong j=0UL; j < test_ctx->instr_accounts_count; j++ ) {
265 0 : uint index = test_ctx->instr_accounts[j].index;
266 0 : if( index >= test_ctx->accounts_count ) {
267 0 : FD_LOG_ERR(( "invariant violation: instruction account index out of range (%u > %u)",
268 0 : index, test_ctx->instr_accounts_count ));
269 0 : }
270 :
271 : /* Setup instruction accounts */
272 0 : fd_instr_info_setup_instr_account( info,
273 0 : acc_idx_seen,
274 0 : (ushort)index,
275 0 : (ushort)j,
276 0 : (ushort)j,
277 0 : test_ctx->instr_accounts[j].is_writable,
278 0 : test_ctx->instr_accounts[j].is_signer );
279 0 : }
280 0 : info->acct_cnt = (ushort)test_ctx->instr_accounts_count;
281 :
282 0 : ctx->instr = info;
283 0 : ctx->runtime->progcache = runner->progcache;
284 0 : ctx->runtime->accdb = runner->accdb;
285 :
286 0 : runtime->log.enable_log_collector = 0;
287 :
288 0 : fd_log_collector_init( ctx->runtime->log.log_collector, 0 );
289 0 : fd_base58_encode_32( txn_out->accounts.keys[ ctx->instr->program_id ].uc, NULL, ctx->program_id_base58 );
290 0 : }
291 :
292 : void
293 : fd_solfuzz_pb_instr_ctx_destroy( fd_solfuzz_runner_t * runner,
294 0 : fd_exec_instr_ctx_t * ctx ) {
295 0 : if( !ctx ) return;
296 0 : fd_accdb_v1_clear( runner->accdb_admin );
297 0 : fd_progcache_reset( runner->progcache->join );
298 :
299 : /* In order to check for leaks in the workspace, we need to compact the
300 : allocators. Without doing this, empty superblocks may be retained
301 : by the fd_alloc instance, which mean we cannot check for leaks. */
302 0 : fd_alloc_compact( fd_accdb_admin_v1_funk( runner->accdb_admin )->alloc );
303 0 : fd_alloc_compact( runner->progcache->join->alloc );
304 0 : }
305 :
306 : ulong
307 : fd_solfuzz_pb_instr_run( fd_solfuzz_runner_t * runner,
308 : void const * input_,
309 : void ** output_,
310 : void * output_buf,
311 0 : ulong output_bufsz ) {
312 0 : fd_exec_test_instr_context_t const * input = fd_type_pun_const( input_ );
313 0 : fd_exec_test_instr_effects_t ** output = fd_type_pun( output_ );
314 :
315 : /* Convert the Protobuf inputs to a fd_exec context */
316 0 : fd_exec_instr_ctx_t ctx[1];
317 0 : fd_solfuzz_pb_instr_ctx_create( runner, ctx, input );
318 :
319 0 : fd_instr_info_t * instr = (fd_instr_info_t *) ctx->instr;
320 :
321 : /* Execute the test */
322 0 : int exec_result = fd_execute_instr( ctx->runtime, runner->bank, ctx->txn_in, ctx->txn_out, instr );
323 :
324 : /* Allocate space to capture outputs */
325 0 : ulong output_end = (ulong)output_buf + output_bufsz;
326 0 : FD_SCRATCH_ALLOC_INIT( l, output_buf );
327 :
328 0 : fd_exec_test_instr_effects_t * effects =
329 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_exec_test_instr_effects_t),
330 0 : sizeof (fd_exec_test_instr_effects_t) );
331 0 : if( FD_UNLIKELY( _l > output_end ) ) {
332 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
333 0 : return 0UL;
334 0 : }
335 0 : fd_memset( effects, 0, sizeof(fd_exec_test_instr_effects_t) );
336 :
337 : /* Capture error code */
338 :
339 0 : effects->result = -exec_result;
340 0 : effects->cu_avail = ctx->txn_out->details.compute_budget.compute_meter;
341 :
342 : /* Don't capture custom error codes if the program is a precompile */
343 0 : if( FD_LIKELY( effects->result ) ) {
344 0 : int program_id_idx = ctx->instr[ 0UL ].program_id;
345 0 : if( exec_result==FD_EXECUTOR_INSTR_ERR_CUSTOM_ERR &&
346 0 : fd_executor_lookup_native_precompile_program( &ctx->txn_out->accounts.keys[ program_id_idx ] )==NULL ) {
347 0 : effects->custom_err = ctx->txn_out->err.custom_err;
348 0 : }
349 0 : }
350 :
351 : /* Allocate space for captured accounts */
352 0 : ulong modified_acct_cnt = ctx->txn_out->accounts.cnt;
353 :
354 0 : fd_exec_test_acct_state_t * modified_accts =
355 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_exec_test_acct_state_t),
356 0 : sizeof (fd_exec_test_acct_state_t) * modified_acct_cnt );
357 0 : if( FD_UNLIKELY( _l > output_end ) ) {
358 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
359 0 : return 0;
360 0 : }
361 0 : effects->modified_accounts = modified_accts;
362 0 : effects->modified_accounts_count = 0UL;
363 :
364 : /* Capture borrowed accounts */
365 :
366 0 : for( ulong j=0UL; j < ctx->txn_out->accounts.cnt; j++ ) {
367 0 : fd_pubkey_t * acc_key = &ctx->txn_out->accounts.keys[j];
368 0 : fd_account_meta_t * acc = ctx->txn_out->accounts.account[j].meta;
369 0 : if( !acc ) {
370 0 : continue;
371 0 : }
372 :
373 0 : ulong modified_idx = effects->modified_accounts_count;
374 0 : assert( modified_idx < modified_acct_cnt );
375 :
376 0 : fd_exec_test_acct_state_t * out_acct = &effects->modified_accounts[ modified_idx ];
377 0 : memset( out_acct, 0, sizeof(fd_exec_test_acct_state_t) );
378 : /* Copy over account content */
379 :
380 0 : memcpy( out_acct->address, acc_key, sizeof(fd_pubkey_t) );
381 0 : out_acct->lamports = acc->lamports;
382 0 : if( acc->dlen>0UL ) {
383 0 : out_acct->data =
384 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(pb_bytes_array_t),
385 0 : PB_BYTES_ARRAY_T_ALLOCSIZE( acc->dlen ) );
386 0 : if( FD_UNLIKELY( _l > output_end ) ) {
387 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
388 0 : return 0UL;
389 0 : }
390 0 : out_acct->data->size = (pb_size_t)acc->dlen;
391 0 : fd_memcpy( out_acct->data->bytes, fd_account_data( acc ), acc->dlen );
392 0 : }
393 :
394 0 : out_acct->executable = acc->executable;
395 0 : memcpy( out_acct->owner, acc->owner, sizeof(fd_pubkey_t) );
396 :
397 0 : effects->modified_accounts_count++;
398 0 : }
399 :
400 0 : fd_solfuzz_direct_mapping_handle_cu_exhaustion(
401 0 : runner, effects->cu_avail, effects->result,
402 0 : effects->modified_accounts, (pb_size_t)effects->modified_accounts_count );
403 :
404 : /* Capture return data */
405 0 : fd_txn_return_data_t * return_data = &ctx->txn_out->details.return_data;
406 0 : if( return_data->len>0UL ) {
407 0 : effects->return_data = FD_SCRATCH_ALLOC_APPEND(l, alignof(pb_bytes_array_t),
408 0 : PB_BYTES_ARRAY_T_ALLOCSIZE( return_data->len ) );
409 0 : if( FD_UNLIKELY( _l > output_end ) ) {
410 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
411 0 : return 0UL;
412 0 : }
413 0 : effects->return_data->size = (pb_size_t)return_data->len;
414 0 : fd_memcpy( effects->return_data->bytes, return_data->data, return_data->len );
415 0 : }
416 :
417 0 : ulong actual_end = FD_SCRATCH_ALLOC_FINI( l, 1UL );
418 0 : fd_solfuzz_pb_instr_ctx_destroy( runner, ctx );
419 :
420 0 : *output = effects;
421 0 : return actual_end - (ulong)output_buf;
422 0 : }
|
