Line data Source code
1 : #include "fd_solfuzz.h"
2 : #include "fd_solfuzz_private.h"
3 : #include "fd_txn_harness.h"
4 : #include "fd_dump_pb.h"
5 : #include "../fd_runtime.h"
6 : #include "../sysvar/fd_sysvar_epoch_schedule.h"
7 : #include "../../accdb/fd_accdb_admin_v1.h"
8 : #include "../../accdb/fd_accdb_impl_v1.h"
9 : #include "../../progcache/fd_progcache_admin.h"
10 : #include "../../log_collector/fd_log_collector.h"
11 : #include "../../../ballet/txn/fd_compact_u16.h"
12 :
13 : /* Macros to append data to construct a serialized transaction
14 : without exceeding bounds */
15 0 : #define FD_CHECKED_ADD_TO_TXN_DATA( _begin, _cur_data, _to_add, _sz ) __extension__({ \
16 0 : if( FD_UNLIKELY( (*_cur_data)+_sz>_begin+FD_TXN_MTU ) ) return ULONG_MAX; \
17 0 : fd_memcpy( *_cur_data, _to_add, _sz ); \
18 0 : *_cur_data += _sz; \
19 0 : })
20 :
21 0 : #define FD_CHECKED_ADD_CU16_TO_TXN_DATA( _begin, _cur_data, _to_add ) __extension__({ \
22 0 : do { \
23 0 : uchar _buf[3]; \
24 0 : ulong _sz = (ulong)fd_cu16_enc( (ushort)_to_add, _buf ); \
25 0 : FD_CHECKED_ADD_TO_TXN_DATA( _begin, _cur_data, _buf, _sz ); \
26 0 : } while(0); \
27 0 : })
28 :
29 : static void
30 0 : fd_solfuzz_txn_ctx_destroy( fd_solfuzz_runner_t * runner ) {
31 0 : fd_accdb_v1_clear( runner->accdb_admin );
32 0 : fd_progcache_reset( runner->progcache->join );
33 :
34 : /* In order to check for leaks in the workspace, we need to compact the
35 : allocators. Without doing this, empty superblocks may be retained
36 : by the fd_alloc instance, which mean we cannot check for leaks. */
37 0 : fd_alloc_compact( fd_accdb_user_v1_funk( runner->accdb )->alloc );
38 0 : fd_alloc_compact( runner->progcache->join->alloc );
39 0 : }
40 :
41 : /* Creates transaction execution context for a single test case.
42 : Returns a parsed txn descriptor on success and NULL on failure. */
43 : static fd_txn_p_t *
44 : fd_solfuzz_pb_txn_ctx_create( fd_solfuzz_runner_t * runner,
45 0 : fd_exec_test_txn_context_t const * test_ctx ) {
46 0 : fd_accdb_user_t * accdb = runner->accdb;
47 :
48 0 : ulong slot = fd_solfuzz_pb_get_slot( test_ctx->account_shared_data, test_ctx->account_shared_data_count );
49 :
50 : /* Initialize bank from input txn bank */
51 0 : fd_banks_clear_bank( runner->banks, runner->bank, 64UL );
52 0 : runner->bank->f.slot = slot;
53 :
54 : /* Set up the funk transaction */
55 0 : fd_xid_t xid = fd_bank_xid( runner->bank );
56 0 : fd_xid_t parent_xid; fd_funk_txn_xid_set_root( &parent_xid );
57 0 : fd_accdb_attach_child( runner->accdb_admin, &parent_xid, &xid );
58 0 : runner->bank->progcache_fork_id = fd_progcache_attach_child( runner->progcache->join, fd_progcache_fork_id_initial() );
59 :
60 0 : FD_TEST( test_ctx->has_bank );
61 0 : fd_exec_test_txn_bank_t const * txn_bank = &test_ctx->bank;
62 :
63 : /* Blockhash queue */
64 0 : fd_solfuzz_pb_restore_blockhash_queue( runner->bank, txn_bank->blockhash_queue, txn_bank->blockhash_queue_count );
65 :
66 : /* RBH lamports per signature. In the Agave harness this is set inside
67 : the fee rate governor itself. */
68 0 : runner->bank->f.rbh_lamports_per_sig = txn_bank->rbh_lamports_per_signature;
69 :
70 : /* Fee rate governor */
71 0 : FD_TEST( txn_bank->has_fee_rate_governor );
72 0 : fd_solfuzz_pb_restore_fee_rate_governor( runner->bank, &txn_bank->fee_rate_governor );
73 :
74 : /* Parent slot */
75 0 : runner->bank->f.parent_slot = slot-1UL;
76 :
77 : /* Total epoch stake */
78 0 : runner->bank->f.total_epoch_stake = txn_bank->total_epoch_stake;
79 :
80 : /* Epoch schedule */
81 0 : FD_TEST( txn_bank->has_epoch_schedule );
82 0 : fd_solfuzz_pb_restore_epoch_schedule( runner->bank, &txn_bank->epoch_schedule );
83 :
84 : /* Features */
85 0 : FD_TEST( txn_bank->has_features );
86 0 : fd_exec_test_feature_set_t const * feature_set = &txn_bank->features;
87 0 : fd_features_t * features_bm = &runner->bank->f.features;
88 0 : FD_TEST( fd_solfuzz_pb_restore_features( features_bm, feature_set ) );
89 :
90 : /* Epoch */
91 0 : ulong epoch = fd_slot_to_epoch( &runner->bank->f.epoch_schedule, slot, NULL );
92 0 : runner->bank->f.epoch = epoch;
93 :
94 : /* Load account states into funk (note this is different from the account keys):
95 : Account state = accounts to populate Funk
96 : Account keys = account keys that the transaction needs */
97 0 : for( ulong i = 0; i < test_ctx->account_shared_data_count; i++ ) {
98 : /* Load the accounts into the account manager
99 : Borrowed accounts get reset anyways - we just need to load the account somewhere */
100 0 : fd_solfuzz_pb_load_account( runner->runtime, accdb, &xid, &test_ctx->account_shared_data[i], i );
101 0 : }
102 :
103 0 : runner->bank->f.ticks_per_slot = 64;
104 0 : runner->bank->f.slots_per_year = SECONDS_PER_YEAR * (1000000000.0 / (double)6250000) / (double)(runner->bank->f.ticks_per_slot);
105 :
106 : /* Restore sysvars from account context */
107 0 : fd_sysvar_cache_restore_fuzz( runner->bank, runner->accdb, &xid );
108 :
109 : /* Rent */
110 0 : FD_TEST( fd_sysvar_cache_rent_read( &runner->bank->f.sysvar_cache, &runner->bank->f.rent ) );
111 :
112 : /* Create the raw txn (https://solana.com/docs/core/transactions#transaction-size) */
113 0 : fd_txn_p_t * txn = fd_spad_alloc( runner->spad, alignof(fd_txn_p_t), sizeof(fd_txn_p_t) );
114 0 : ulong msg_sz = fd_solfuzz_pb_txn_serialize( txn->payload, &test_ctx->tx );
115 0 : if( FD_UNLIKELY( msg_sz==ULONG_MAX ) ) {
116 0 : return NULL;
117 0 : }
118 :
119 : /* Set up txn descriptor from raw data */
120 0 : if( FD_UNLIKELY( !fd_txn_parse( txn->payload, msg_sz, TXN( txn ), NULL ) ) ) {
121 0 : return NULL;
122 0 : }
123 :
124 0 : txn->payload_sz = msg_sz;
125 :
126 0 : return txn;
127 0 : }
128 :
129 : ulong
130 : fd_solfuzz_pb_txn_serialize( uchar * txn_raw_begin,
131 0 : fd_exec_test_sanitized_transaction_t const * tx ) {
132 0 : uchar * txn_raw_cur_ptr = txn_raw_begin;
133 :
134 : /* Compact array of signatures (https://solana.com/docs/core/transactions#transaction)
135 : Note that although documentation interchangably refers to the signature cnt as a compact-u16
136 : and a u8, the max signature cnt is capped at 48 (due to txn size limits), so u8 and compact-u16
137 : is represented the same way anyways and can be parsed identically. */
138 : // Note: always create a valid txn with 1+ signatures, add an empty signature if none is provided
139 0 : uchar signature_cnt = fd_uchar_max( 1, (uchar) tx->signatures_count );
140 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &signature_cnt, sizeof(uchar) );
141 0 : for( uchar i = 0; i < signature_cnt; ++i ) {
142 0 : fd_signature_t sig = {0};
143 0 : if( tx->signatures && tx->signatures[i] ) sig = FD_LOAD( fd_signature_t, tx->signatures[i]->bytes );
144 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &sig, FD_TXN_SIGNATURE_SZ );
145 0 : }
146 :
147 : /* Message */
148 : /* For v0 transactions, the highest bit of the num_required_signatures is set, and an extra byte is used for the version.
149 : https://solanacookbook.com/guides/versioned-transactions.html#versioned-transactions-transactionv0
150 :
151 : We will always create a transaction with at least 1 signature, and cap the signature count to 127 to avoid
152 : collisions with the header_b0 tag. */
153 0 : uchar num_required_signatures = fd_uchar_max( 1, fd_uchar_min( 127, (uchar) tx->message.header.num_required_signatures ) );
154 0 : if( !tx->message.is_legacy ) {
155 0 : uchar header_b0 = (uchar) 0x80UL;
156 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &header_b0, sizeof(uchar) );
157 0 : }
158 :
159 : /* Header (3 bytes) (https://solana.com/docs/core/transactions#message-header) */
160 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &num_required_signatures, sizeof(uchar) );
161 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &tx->message.header.num_readonly_signed_accounts, sizeof(uchar) );
162 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &tx->message.header.num_readonly_unsigned_accounts, sizeof(uchar) );
163 :
164 : /* Compact array of account addresses (https://solana.com/docs/core/transactions#compact-array-format) */
165 : // Array length is a compact u16
166 0 : ushort num_acct_keys = (ushort) tx->message.account_keys_count;
167 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, num_acct_keys );
168 0 : for( ushort i = 0; i < num_acct_keys; ++i ) {
169 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, tx->message.account_keys[i]->bytes, sizeof(fd_pubkey_t) );
170 0 : }
171 :
172 : /* Recent blockhash (32 bytes) (https://solana.com/docs/core/transactions#recent-blockhash) */
173 : // Note: add an empty blockhash if none is provided
174 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, tx->message.recent_blockhash, sizeof(fd_hash_t) );
175 :
176 : /* Compact array of instructions (https://solana.com/docs/core/transactions#array-of-instructions) */
177 : // Instruction count is a compact u16
178 0 : ushort instr_count = (ushort) tx->message.instructions_count;
179 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, instr_count );
180 0 : for( ushort i = 0; i < instr_count; ++i ) {
181 : // Program ID index
182 0 : uchar program_id_index = (uchar) tx->message.instructions[i].program_id_index;
183 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &program_id_index, sizeof(uchar) );
184 :
185 : // Compact array of account addresses
186 0 : ushort acct_count = (ushort) tx->message.instructions[i].accounts_count;
187 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, acct_count );
188 0 : for( ushort j = 0; j < acct_count; ++j ) {
189 0 : uchar account_index = (uchar) tx->message.instructions[i].accounts[j];
190 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &account_index, sizeof(uchar) );
191 0 : }
192 :
193 : // Compact array of 8-bit data
194 0 : pb_bytes_array_t * data = tx->message.instructions[i].data;
195 0 : ushort data_len;
196 0 : if( data ) {
197 0 : data_len = (ushort) data->size;
198 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data_len );
199 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data->bytes, data_len );
200 0 : } else {
201 0 : data_len = 0;
202 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data_len );
203 0 : }
204 0 : }
205 :
206 : /* Address table lookups (N/A for legacy transactions) */
207 0 : ushort addr_table_cnt = 0;
208 0 : if( !tx->message.is_legacy ) {
209 : /* Compact array of address table lookups (https://solanacookbook.com/guides/versioned-transactions.html#compact-array-of-address-table-lookups) */
210 : // NOTE: The diagram is slightly wrong - the account key is a 32 byte pubkey, not a u8
211 0 : addr_table_cnt = (ushort) tx->message.address_table_lookups_count;
212 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, addr_table_cnt );
213 0 : for( ushort i = 0; i < addr_table_cnt; ++i ) {
214 : // Account key
215 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, tx->message.address_table_lookups[i].account_key, sizeof(fd_pubkey_t) );
216 :
217 : // Compact array of writable indexes
218 0 : ushort writable_count = (ushort) tx->message.address_table_lookups[i].writable_indexes_count;
219 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, writable_count );
220 0 : for( ushort j = 0; j < writable_count; ++j ) {
221 0 : uchar writable_index = (uchar) tx->message.address_table_lookups[i].writable_indexes[j];
222 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &writable_index, sizeof(uchar) );
223 0 : }
224 :
225 : // Compact array of readonly indexes
226 0 : ushort readonly_count = (ushort) tx->message.address_table_lookups[i].readonly_indexes_count;
227 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, readonly_count );
228 0 : for( ushort j = 0; j < readonly_count; ++j ) {
229 0 : uchar readonly_index = (uchar) tx->message.address_table_lookups[i].readonly_indexes[j];
230 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &readonly_index, sizeof(uchar) );
231 0 : }
232 0 : }
233 0 : }
234 :
235 0 : return (ulong)(txn_raw_cur_ptr - txn_raw_begin);
236 0 : }
237 :
238 : void
239 : fd_solfuzz_txn_ctx_exec( fd_solfuzz_runner_t * runner,
240 : fd_runtime_t * runtime,
241 : fd_txn_in_t const * txn_in,
242 : int * exec_res,
243 : fd_txn_out_t * txn_out,
244 0 : int reclaim_accounts ) {
245 :
246 0 : txn_out->err.is_committable = 1;
247 :
248 0 : runtime->log.enable_vm_tracing = runner->enable_vm_tracing;
249 0 : uchar * tracing_mem = NULL;
250 0 : if( runner->enable_vm_tracing ) {
251 0 : tracing_mem = fd_spad_alloc_check( runner->spad, FD_RUNTIME_VM_TRACE_STATIC_ALIGN, FD_RUNTIME_VM_TRACE_STATIC_FOOTPRINT * FD_MAX_INSTRUCTION_STACK_DEPTH );
252 0 : }
253 :
254 0 : runtime->accdb = runner->accdb;
255 0 : runtime->progcache = runner->progcache;
256 0 : runtime->status_cache = NULL;
257 0 : runtime->log.tracing_mem = tracing_mem;
258 0 : runtime->log.dumping_mem = NULL;
259 0 : runtime->log.capture_ctx = NULL;
260 0 : runtime->log.dump_proto_ctx = NULL;
261 0 : runtime->log.txn_dump_ctx = NULL;
262 0 : runtime->fuzz.enabled = 1;
263 0 : runtime->fuzz.reclaim_accounts = reclaim_accounts;
264 :
265 0 : fd_runtime_prepare_and_execute_txn( runtime, runner->bank, txn_in, txn_out );
266 0 : *exec_res = txn_out->err.txn_err;
267 0 : }
268 :
269 : ulong
270 : fd_solfuzz_pb_txn_run( fd_solfuzz_runner_t * runner,
271 : void const * input_,
272 : void ** output_,
273 : void * output_buf,
274 0 : ulong output_bufsz ) {
275 0 : fd_exec_test_txn_context_t const * input = fd_type_pun_const( input_ );
276 0 : fd_exec_test_txn_result_t ** output = fd_type_pun( output_ );
277 :
278 0 : FD_SPAD_FRAME_BEGIN( runner->spad ) {
279 :
280 : /* Setup the transaction context */
281 0 : fd_txn_p_t * txn = fd_solfuzz_pb_txn_ctx_create( runner, input );
282 0 : if( FD_UNLIKELY( txn==NULL ) ) {
283 0 : fd_solfuzz_txn_ctx_destroy( runner );
284 0 : return 0UL;
285 0 : }
286 :
287 : /* Execute the transaction against the runtime */
288 0 : int exec_res = 0;
289 0 : fd_runtime_t * runtime = runner->runtime;
290 0 : fd_txn_in_t * txn_in = fd_spad_alloc( runner->spad, alignof(fd_txn_in_t), sizeof(fd_txn_in_t) );
291 0 : fd_txn_out_t * txn_out = fd_spad_alloc( runner->spad, alignof(fd_txn_out_t), sizeof(fd_txn_out_t) );
292 0 : fd_log_collector_t * log = fd_spad_alloc( runner->spad, alignof(fd_log_collector_t), sizeof(fd_log_collector_t) );
293 0 : runtime->log.log_collector = log;
294 0 : runtime->acc_pool = runner->acc_pool;
295 0 : txn_in->txn = txn;
296 0 : txn_in->bundle.is_bundle = 0;
297 0 : fd_solfuzz_txn_ctx_exec( runner, runtime, txn_in, &exec_res, txn_out, 0 );
298 :
299 : /* Build result directly into the caller-owned output_buf */
300 0 : fd_exec_test_txn_result_t * txn_result = NULL;
301 0 : ulong result_sz = create_txn_result_protobuf_from_txn(
302 0 : &txn_result,
303 0 : output_buf,
304 0 : output_bufsz,
305 0 : txn_in,
306 0 : txn_out,
307 0 : exec_res
308 0 : );
309 :
310 0 : fd_solfuzz_direct_mapping_handle_cu_exhaustion(
311 0 : runner, txn_out->details.compute_budget.compute_meter, exec_res,
312 0 : txn_result->modified_accounts, txn_result->modified_accounts_count );
313 :
314 0 : txn_out->err.is_committable = 0;
315 0 : fd_runtime_cancel_txn( runner->runtime, txn_out );
316 0 : fd_solfuzz_txn_ctx_destroy( runner );
317 :
318 0 : *output = txn_result;
319 0 : return result_sz;
320 0 : } FD_SPAD_FRAME_END;
321 0 : }
|
