Line data Source code
1 : #include "fd_solfuzz.h"
2 : #include "fd_solfuzz_private.h"
3 : #include "fd_txn_harness.h"
4 : #include "../fd_runtime.h"
5 : #include "../fd_executor.h"
6 : #include "../fd_txn_account.h"
7 : #include "../program/fd_builtin_programs.h"
8 : #include "../sysvar/fd_sysvar_clock.h"
9 : #include "../sysvar/fd_sysvar_epoch_schedule.h"
10 : #include "../sysvar/fd_sysvar_recent_hashes.h"
11 : #include "../sysvar/fd_sysvar_rent.h"
12 : #include "../sysvar/fd_sysvar_slot_hashes.h"
13 : #include "../sysvar/fd_sysvar_stake_history.h"
14 : #include "../../../disco/pack/fd_pack.h"
15 : #include <assert.h>
16 :
17 : /* Macros to append data to construct a serialized transaction
18 : without exceeding bounds */
19 0 : #define FD_CHECKED_ADD_TO_TXN_DATA( _begin, _cur_data, _to_add, _sz ) __extension__({ \
20 0 : if( FD_UNLIKELY( (*_cur_data)+_sz>_begin+FD_TXN_MTU ) ) return ULONG_MAX; \
21 0 : fd_memcpy( *_cur_data, _to_add, _sz ); \
22 0 : *_cur_data += _sz; \
23 0 : })
24 :
25 0 : #define FD_CHECKED_ADD_CU16_TO_TXN_DATA( _begin, _cur_data, _to_add ) __extension__({ \
26 0 : do { \
27 0 : uchar _buf[3]; \
28 0 : fd_bincode_encode_ctx_t _encode_ctx = { .data = _buf, .dataend = _buf+3 }; \
29 0 : fd_bincode_compact_u16_encode( &_to_add, &_encode_ctx ); \
30 0 : ulong _sz = (ulong) ((uchar *)_encode_ctx.data - _buf ); \
31 0 : FD_CHECKED_ADD_TO_TXN_DATA( _begin, _cur_data, _buf, _sz ); \
32 0 : } while(0); \
33 0 : })
34 :
35 : static void
36 : fd_runtime_fuzz_xid_cancel( fd_solfuzz_runner_t * runner,
37 0 : fd_funk_txn_xid_t * xid ) {
38 0 : if( FD_UNLIKELY( !xid ) ) return; // This shouldn't be false either
39 0 : fd_accdb_cancel( runner->accdb_admin, xid );
40 0 : fd_progcache_clear( runner->progcache_admin );
41 0 : }
42 :
43 : /* Creates transaction execution context for a single test case. Returns a
44 : a parsed txn descriptor on success and NULL on failure. */
45 : static fd_txn_p_t *
46 : fd_runtime_fuzz_txn_ctx_create( fd_solfuzz_runner_t * runner,
47 0 : fd_exec_test_txn_context_t const * test_ctx ) {
48 0 : fd_accdb_user_t * accdb = runner->accdb;
49 0 : fd_funk_t * funk = runner->accdb->funk;
50 :
51 : /* Default slot */
52 0 : ulong slot = test_ctx->slot_ctx.slot ? test_ctx->slot_ctx.slot : 10; // Arbitrary default > 0
53 :
54 : /* Set up the funk transaction */
55 0 : fd_funk_txn_xid_t xid = { .ul = { slot, 0UL } };
56 0 : fd_funk_txn_xid_t parent_xid; fd_funk_txn_xid_set_root( &parent_xid );
57 0 : fd_accdb_attach_child ( runner->accdb_admin, &parent_xid, &xid );
58 0 : fd_progcache_txn_attach_child( runner->progcache_admin, &parent_xid, &xid );
59 :
60 : /* Set up slot context */
61 0 : fd_banks_clear_bank( runner->banks, runner->bank );
62 :
63 : /* Restore feature flags */
64 0 : fd_exec_test_feature_set_t const * feature_set = &test_ctx->epoch_ctx.features;
65 0 : fd_features_t * features_bm = fd_bank_features_modify( runner->bank );
66 0 : if( !fd_runtime_fuzz_restore_features( features_bm, feature_set ) ) {
67 0 : return NULL;
68 0 : }
69 :
70 : /* Set bank variables (defaults obtained from GenesisConfig::default() in Agave) */
71 :
72 0 : fd_bank_slot_set( runner->bank, slot );
73 0 : fd_bank_parent_slot_set( runner->bank, fd_bank_slot_get( runner->bank ) - 1UL );
74 :
75 : /* Initialize builtin accounts */
76 0 : fd_builtin_programs_init( runner->bank, accdb, &xid, NULL );
77 :
78 : /* Load account states into funk (note this is different from the account keys):
79 : Account state = accounts to populate Funk
80 : Account keys = account keys that the transaction needs */
81 0 : for( ulong i = 0; i < test_ctx->account_shared_data_count; i++ ) {
82 : /* Load the accounts into the account manager
83 : Borrowed accounts get reset anyways - we just need to load the account somewhere */
84 0 : fd_txn_account_t acc[1];
85 0 : fd_runtime_fuzz_load_account( acc, funk, &xid, &test_ctx->account_shared_data[i], 1 );
86 0 : }
87 :
88 : /* Setup Bank manager */
89 :
90 0 : fd_bank_lamports_per_signature_set( runner->bank, 5000UL );
91 :
92 0 : fd_bank_prev_lamports_per_signature_set( runner->bank, 5000UL );
93 :
94 0 : fd_fee_rate_governor_t * fee_rate_governor = fd_bank_fee_rate_governor_modify( runner->bank );
95 0 : fee_rate_governor->burn_percent = 50;
96 0 : fee_rate_governor->min_lamports_per_signature = 0;
97 0 : fee_rate_governor->max_lamports_per_signature = 0;
98 0 : fee_rate_governor->target_lamports_per_signature = 10000;
99 0 : fee_rate_governor->target_signatures_per_slot = 20000;
100 :
101 0 : fd_bank_ticks_per_slot_set( runner->bank, 64 );
102 :
103 0 : fd_bank_slots_per_year_set( runner->bank, SECONDS_PER_YEAR * (1000000000.0 / (double)6250000) / (double)(fd_bank_ticks_per_slot_get( runner->bank )) );
104 :
105 : /* Ensure the presence of */
106 0 : fd_epoch_schedule_t epoch_schedule_[1];
107 0 : fd_epoch_schedule_t * epoch_schedule = fd_sysvar_epoch_schedule_read( funk, &xid, epoch_schedule_ );
108 0 : FD_TEST( epoch_schedule );
109 0 : fd_bank_epoch_schedule_set( runner->bank, *epoch_schedule );
110 :
111 0 : fd_rent_t const * rent = fd_sysvar_rent_read( funk, &xid, runner->spad );
112 0 : FD_TEST( rent );
113 0 : fd_bank_rent_set( runner->bank, *rent );
114 :
115 0 : uchar __attribute__((aligned(FD_SLOT_HASHES_GLOBAL_ALIGN))) slot_hashes_mem[ FD_SYSVAR_SLOT_HASHES_FOOTPRINT ];
116 0 : fd_slot_hashes_global_t * slot_hashes = fd_sysvar_slot_hashes_read( funk, &xid, slot_hashes_mem );
117 0 : FD_TEST( slot_hashes );
118 :
119 0 : fd_stake_history_t stake_history_[1];
120 0 : fd_stake_history_t * stake_history = fd_sysvar_stake_history_read( funk, &xid, stake_history_ );
121 0 : FD_TEST( stake_history );
122 :
123 0 : fd_sol_sysvar_clock_t clock_[1];
124 0 : fd_sol_sysvar_clock_t const * clock = fd_sysvar_clock_read( funk, &xid, clock_ );
125 0 : FD_TEST( clock );
126 :
127 : /* Setup vote states dummy account */
128 0 : fd_vote_states_t * vote_states = fd_vote_states_join( fd_vote_states_new( fd_bank_vote_states_locking_modify( runner->bank ), 64UL, 999UL ) );
129 0 : if( FD_UNLIKELY( !vote_states ) ) {
130 0 : fd_bank_vote_states_end_locking_modify( runner->bank );
131 0 : return NULL;
132 0 : }
133 0 : fd_bank_vote_states_end_locking_modify( runner->bank );
134 :
135 : /* Setup vote states dummy account */
136 0 : fd_vote_states_t * vote_states_prev = fd_vote_states_join( fd_vote_states_new( fd_bank_vote_states_prev_locking_modify( runner->bank ), FD_RUNTIME_MAX_WRITABLE_ACCOUNTS_PER_TRANSACTION, 999UL ) );
137 0 : if( FD_UNLIKELY( !vote_states_prev ) ) {
138 0 : fd_bank_vote_states_prev_end_locking_modify( runner->bank );
139 0 : return NULL;
140 0 : }
141 0 : fd_bank_vote_states_prev_end_locking_modify( runner->bank );
142 :
143 : /* Setup vote states dummy account */
144 0 : fd_vote_states_t * vote_states_prev_prev = fd_vote_states_join( fd_vote_states_new( fd_bank_vote_states_prev_prev_locking_modify( runner->bank ), FD_RUNTIME_MAX_WRITABLE_ACCOUNTS_PER_TRANSACTION, 999UL ) );
145 0 : if( FD_UNLIKELY( !vote_states_prev_prev ) ) {
146 0 : fd_bank_vote_states_prev_prev_end_locking_modify( runner->bank );
147 0 : return NULL;
148 0 : }
149 0 : fd_bank_vote_states_prev_prev_end_locking_modify( runner->bank );
150 :
151 : /* Epoch schedule and rent get set from the epoch bank */
152 0 : fd_sysvar_epoch_schedule_init( runner->bank, runner->accdb, &xid, NULL );
153 0 : fd_sysvar_rent_init( runner->bank, runner->accdb, &xid, NULL );
154 :
155 : /* Blockhash queue is given in txn message. We need to populate the following two fields:
156 : - block_hash_queue
157 : - recent_block_hashes */
158 0 : ulong num_blockhashes = test_ctx->blockhash_queue_count;
159 :
160 : /* Blockhash queue init */
161 0 : ulong blockhash_seed; FD_TEST( fd_rng_secure( &blockhash_seed, sizeof(ulong) ) );
162 0 : fd_blockhashes_t * blockhashes = fd_blockhashes_init( fd_bank_block_hash_queue_modify( runner->bank ), blockhash_seed );
163 :
164 : // Save lamports per signature for most recent blockhash, if sysvar cache contains recent block hashes
165 0 : fd_recent_block_hashes_t const * rbh_sysvar = fd_sysvar_recent_hashes_read( funk, &xid, runner->spad );
166 0 : fd_recent_block_hashes_t rbh[1];
167 0 : if( rbh_sysvar ) {
168 0 : rbh->hashes = rbh_sysvar->hashes;
169 0 : }
170 :
171 0 : if( rbh_sysvar && !deq_fd_block_block_hash_entry_t_empty( rbh->hashes ) ) {
172 0 : fd_block_block_hash_entry_t const * last = deq_fd_block_block_hash_entry_t_peek_head_const( rbh->hashes );
173 0 : if( last && last->fee_calculator.lamports_per_signature!=0UL ) {
174 0 : fd_bank_lamports_per_signature_set( runner->bank, last->fee_calculator.lamports_per_signature );
175 0 : fd_bank_prev_lamports_per_signature_set( runner->bank, last->fee_calculator.lamports_per_signature );
176 0 : }
177 0 : }
178 :
179 : // Blockhash_queue[end] = last (latest) hash
180 : // Blockhash_queue[0] = genesis hash
181 0 : if( num_blockhashes > 0 ) {
182 0 : fd_hash_t * genesis_hash = fd_bank_genesis_hash_modify( runner->bank );
183 0 : memcpy( genesis_hash->hash, test_ctx->blockhash_queue[0]->bytes, sizeof(fd_hash_t) );
184 :
185 0 : for( ulong i = 0; i < num_blockhashes; ++i ) {
186 0 : fd_hash_t blockhash = FD_LOAD( fd_hash_t, test_ctx->blockhash_queue[i]->bytes );
187 : /* Drop duplicate blockhashes */
188 0 : if( FD_UNLIKELY( fd_blockhash_map_idx_remove( blockhashes->map, &blockhash, ULONG_MAX, blockhashes->d.deque )!=ULONG_MAX ) ) {
189 0 : FD_LOG_WARNING(( "Fuzz input has a duplicate blockhash %s at index %lu",
190 0 : FD_BASE58_ENC_32_ALLOCA( blockhash.hash ), i ));
191 0 : }
192 : // Recent block hashes cap is 150 (actually 151), while blockhash queue capacity is 300 (actually 301)
193 0 : fd_bank_poh_set( runner->bank, blockhash );
194 0 : fd_sysvar_recent_hashes_update( runner->bank, runner->accdb, &xid, NULL );
195 0 : }
196 0 : } else {
197 : // Add a default empty blockhash and use it as genesis
198 0 : num_blockhashes = 1;
199 0 : *fd_bank_genesis_hash_modify( runner->bank ) = (fd_hash_t){0};
200 0 : fd_bank_poh_set( runner->bank, (fd_hash_t){0} );
201 0 : fd_sysvar_recent_hashes_update( runner->bank, runner->accdb, &xid, NULL );
202 0 : }
203 :
204 : /* Restore sysvars from account context */
205 0 : fd_sysvar_cache_restore_fuzz( runner->bank, runner->accdb->funk, &xid );
206 :
207 : /* Create the raw txn (https://solana.com/docs/core/transactions#transaction-size) */
208 0 : fd_txn_p_t * txn = fd_spad_alloc( runner->spad, alignof(fd_txn_p_t), sizeof(fd_txn_p_t) );
209 0 : ulong msg_sz = fd_runtime_fuzz_serialize_txn( txn->payload, &test_ctx->tx );
210 0 : if( FD_UNLIKELY( msg_sz==ULONG_MAX ) ) {
211 0 : return NULL;
212 0 : }
213 :
214 : /* Set up txn descriptor from raw data */
215 0 : if( FD_UNLIKELY( !fd_txn_parse( txn->payload, msg_sz, TXN( txn ), NULL ) ) ) {
216 0 : return NULL;
217 0 : }
218 :
219 0 : txn->payload_sz = msg_sz;
220 :
221 0 : return txn;
222 0 : }
223 :
224 : ulong
225 : fd_runtime_fuzz_serialize_txn( uchar * txn_raw_begin,
226 0 : fd_exec_test_sanitized_transaction_t const * tx ) {
227 0 : uchar * txn_raw_cur_ptr = txn_raw_begin;
228 :
229 : /* Compact array of signatures (https://solana.com/docs/core/transactions#transaction)
230 : Note that although documentation interchangably refers to the signature cnt as a compact-u16
231 : and a u8, the max signature cnt is capped at 48 (due to txn size limits), so u8 and compact-u16
232 : is represented the same way anyways and can be parsed identically. */
233 : // Note: always create a valid txn with 1+ signatures, add an empty signature if none is provided
234 0 : uchar signature_cnt = fd_uchar_max( 1, (uchar) tx->signatures_count );
235 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &signature_cnt, sizeof(uchar) );
236 0 : for( uchar i = 0; i < signature_cnt; ++i ) {
237 0 : fd_signature_t sig = {0};
238 0 : if( tx->signatures && tx->signatures[i] ) sig = FD_LOAD( fd_signature_t, tx->signatures[i]->bytes );
239 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &sig, FD_TXN_SIGNATURE_SZ );
240 0 : }
241 :
242 : /* Message */
243 : /* For v0 transactions, the highest bit of the num_required_signatures is set, and an extra byte is used for the version.
244 : https://solanacookbook.com/guides/versioned-transactions.html#versioned-transactions-transactionv0
245 :
246 : We will always create a transaction with at least 1 signature, and cap the signature count to 127 to avoid
247 : collisions with the header_b0 tag. */
248 0 : uchar num_required_signatures = fd_uchar_max( 1, fd_uchar_min( 127, (uchar) tx->message.header.num_required_signatures ) );
249 0 : if( !tx->message.is_legacy ) {
250 0 : uchar header_b0 = (uchar) 0x80UL;
251 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &header_b0, sizeof(uchar) );
252 0 : }
253 :
254 : /* Header (3 bytes) (https://solana.com/docs/core/transactions#message-header) */
255 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &num_required_signatures, sizeof(uchar) );
256 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &tx->message.header.num_readonly_signed_accounts, sizeof(uchar) );
257 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &tx->message.header.num_readonly_unsigned_accounts, sizeof(uchar) );
258 :
259 : /* Compact array of account addresses (https://solana.com/docs/core/transactions#compact-array-format) */
260 : // Array length is a compact u16
261 0 : ushort num_acct_keys = (ushort) tx->message.account_keys_count;
262 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, num_acct_keys );
263 0 : for( ushort i = 0; i < num_acct_keys; ++i ) {
264 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, tx->message.account_keys[i]->bytes, sizeof(fd_pubkey_t) );
265 0 : }
266 :
267 : /* Recent blockhash (32 bytes) (https://solana.com/docs/core/transactions#recent-blockhash) */
268 : // Note: add an empty blockhash if none is provided
269 0 : fd_hash_t msg_rbh = {0};
270 0 : if( tx->message.recent_blockhash ) msg_rbh = FD_LOAD( fd_hash_t, tx->message.recent_blockhash->bytes );
271 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &msg_rbh, sizeof(fd_hash_t) );
272 :
273 : /* Compact array of instructions (https://solana.com/docs/core/transactions#array-of-instructions) */
274 : // Instruction count is a compact u16
275 0 : ushort instr_count = (ushort) tx->message.instructions_count;
276 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, instr_count );
277 0 : for( ushort i = 0; i < instr_count; ++i ) {
278 : // Program ID index
279 0 : uchar program_id_index = (uchar) tx->message.instructions[i].program_id_index;
280 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &program_id_index, sizeof(uchar) );
281 :
282 : // Compact array of account addresses
283 0 : ushort acct_count = (ushort) tx->message.instructions[i].accounts_count;
284 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, acct_count );
285 0 : for( ushort j = 0; j < acct_count; ++j ) {
286 0 : uchar account_index = (uchar) tx->message.instructions[i].accounts[j];
287 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &account_index, sizeof(uchar) );
288 0 : }
289 :
290 : // Compact array of 8-bit data
291 0 : pb_bytes_array_t * data = tx->message.instructions[i].data;
292 0 : ushort data_len;
293 0 : if( data ) {
294 0 : data_len = (ushort) data->size;
295 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data_len );
296 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data->bytes, data_len );
297 0 : } else {
298 0 : data_len = 0;
299 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data_len );
300 0 : }
301 0 : }
302 :
303 : /* Address table lookups (N/A for legacy transactions) */
304 0 : ushort addr_table_cnt = 0;
305 0 : if( !tx->message.is_legacy ) {
306 : /* Compact array of address table lookups (https://solanacookbook.com/guides/versioned-transactions.html#compact-array-of-address-table-lookups) */
307 : // NOTE: The diagram is slightly wrong - the account key is a 32 byte pubkey, not a u8
308 0 : addr_table_cnt = (ushort) tx->message.address_table_lookups_count;
309 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, addr_table_cnt );
310 0 : for( ushort i = 0; i < addr_table_cnt; ++i ) {
311 : // Account key
312 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, tx->message.address_table_lookups[i].account_key, sizeof(fd_pubkey_t) );
313 :
314 : // Compact array of writable indexes
315 0 : ushort writable_count = (ushort) tx->message.address_table_lookups[i].writable_indexes_count;
316 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, writable_count );
317 0 : for( ushort j = 0; j < writable_count; ++j ) {
318 0 : uchar writable_index = (uchar) tx->message.address_table_lookups[i].writable_indexes[j];
319 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &writable_index, sizeof(uchar) );
320 0 : }
321 :
322 : // Compact array of readonly indexes
323 0 : ushort readonly_count = (ushort) tx->message.address_table_lookups[i].readonly_indexes_count;
324 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, readonly_count );
325 0 : for( ushort j = 0; j < readonly_count; ++j ) {
326 0 : uchar readonly_index = (uchar) tx->message.address_table_lookups[i].readonly_indexes[j];
327 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &readonly_index, sizeof(uchar) );
328 0 : }
329 0 : }
330 0 : }
331 :
332 0 : return (ulong)(txn_raw_cur_ptr - txn_raw_begin);
333 0 : }
334 :
335 : fd_exec_txn_ctx_t *
336 : fd_runtime_fuzz_txn_ctx_exec( fd_solfuzz_runner_t * runner,
337 : fd_funk_txn_xid_t const * xid,
338 : fd_txn_p_t * txn,
339 0 : int * exec_res ) {
340 :
341 : /* Setup the spad for account allocation */
342 0 : uchar * txn_ctx_mem = fd_spad_alloc_check( runner->spad, FD_EXEC_TXN_CTX_ALIGN, FD_EXEC_TXN_CTX_FOOTPRINT );
343 0 : fd_exec_txn_ctx_t * txn_ctx = fd_exec_txn_ctx_join( fd_exec_txn_ctx_new( txn_ctx_mem ), runner->spad, fd_wksp_containing( runner->spad ) );
344 0 : txn_ctx->flags = FD_TXN_P_FLAGS_SANITIZE_SUCCESS;
345 0 : if( FD_UNLIKELY( !fd_funk_join( txn_ctx->funk, runner->accdb->funk->shmem ) ) ) {
346 0 : FD_LOG_CRIT(( "fd_funk_join failed" ));
347 0 : }
348 0 : uchar * pc_scratch = fd_spad_alloc_check( runner->spad, FD_PROGCACHE_SCRATCH_ALIGN, FD_PROGCACHE_SCRATCH_FOOTPRINT );
349 0 : txn_ctx->progcache = fd_progcache_join( txn_ctx->_progcache, runner->progcache->funk->shmem, pc_scratch, FD_PROGCACHE_SCRATCH_FOOTPRINT );
350 0 : if( FD_UNLIKELY( !txn_ctx->progcache ) ) {
351 0 : FD_LOG_CRIT(( "fd_progcache_join failed" ));
352 0 : }
353 0 : txn_ctx->bank_hash_cmp = NULL;
354 0 : txn_ctx->fuzz_config.enable_vm_tracing = runner->enable_vm_tracing;
355 0 : txn_ctx->xid[0] = *xid;
356 :
357 0 : *exec_res = fd_runtime_prepare_and_execute_txn(
358 0 : runner->banks,
359 0 : 0UL,
360 0 : txn_ctx,
361 0 : txn,
362 0 : NULL );
363 :
364 0 : return txn_ctx;
365 0 : }
366 :
367 : ulong
368 : fd_solfuzz_txn_run( fd_solfuzz_runner_t * runner,
369 : void const * input_,
370 : void ** output_,
371 : void * output_buf,
372 0 : ulong output_bufsz ) {
373 0 : fd_exec_test_txn_context_t const * input = fd_type_pun_const( input_ );
374 0 : fd_exec_test_txn_result_t ** output = fd_type_pun( output_ );
375 :
376 0 : FD_SPAD_FRAME_BEGIN( runner->spad ) {
377 :
378 : /* Setup the transaction context */
379 0 : fd_txn_p_t * txn = fd_runtime_fuzz_txn_ctx_create( runner, input );
380 :
381 0 : fd_funk_txn_xid_t xid = { .ul = { fd_bank_slot_get( runner->bank ), 0UL } };
382 0 : if( FD_UNLIKELY( txn==NULL ) ) {
383 0 : fd_runtime_fuzz_xid_cancel( runner, &xid );
384 0 : return 0;
385 0 : }
386 :
387 : /* Execute the transaction against the runtime */
388 0 : int exec_res = 0;
389 0 : fd_exec_txn_ctx_t * txn_ctx = fd_runtime_fuzz_txn_ctx_exec( runner, &xid, txn, &exec_res );
390 :
391 : /* Start saving txn exec results */
392 0 : FD_SCRATCH_ALLOC_INIT( l, output_buf );
393 0 : ulong output_end = (ulong)output_buf + output_bufsz;
394 :
395 0 : fd_exec_test_txn_result_t * txn_result =
396 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_exec_test_txn_result_t),
397 0 : sizeof (fd_exec_test_txn_result_t) );
398 0 : if( FD_UNLIKELY( _l > output_end ) ) {
399 0 : abort();
400 0 : }
401 0 : fd_memset( txn_result, 0, sizeof(fd_exec_test_txn_result_t) );
402 :
403 : /* Capture basic results fields */
404 0 : txn_result->executed = txn_ctx->flags & FD_TXN_P_FLAGS_EXECUTE_SUCCESS;
405 0 : txn_result->sanitization_error = !(txn_ctx->flags & FD_TXN_P_FLAGS_SANITIZE_SUCCESS);
406 0 : txn_result->has_resulting_state = false;
407 0 : txn_result->resulting_state.acct_states_count = 0;
408 0 : txn_result->is_ok = !exec_res;
409 0 : txn_result->status = (uint32_t) -exec_res;
410 0 : txn_result->instruction_error = 0;
411 0 : txn_result->instruction_error_index = 0;
412 0 : txn_result->custom_error = 0;
413 0 : txn_result->has_fee_details = false;
414 0 : txn_result->loaded_accounts_data_size = txn_ctx->loaded_accounts_data_size;
415 :
416 0 : if( txn_result->sanitization_error ) {
417 : /* Collect fees for transactions that failed to load */
418 0 : if( txn_ctx->flags & FD_TXN_P_FLAGS_FEES_ONLY ) {
419 0 : txn_result->has_fee_details = true;
420 0 : txn_result->fee_details.prioritization_fee = txn_ctx->priority_fee;
421 0 : txn_result->fee_details.transaction_fee = txn_ctx->execution_fee;
422 0 : }
423 :
424 0 : if( exec_res==FD_RUNTIME_TXN_ERR_INSTRUCTION_ERROR ) {
425 0 : txn_result->instruction_error = (uint32_t) -txn_ctx->exec_err;
426 0 : txn_result->instruction_error_index = (uint32_t) txn_ctx->instr_err_idx;
427 0 : if( txn_ctx->exec_err==FD_EXECUTOR_INSTR_ERR_CUSTOM_ERR ) {
428 0 : txn_result->custom_error = txn_ctx->custom_err;
429 0 : }
430 0 : }
431 :
432 0 : ulong actual_end = FD_SCRATCH_ALLOC_FINI( l, 1UL );
433 0 : fd_runtime_fuzz_xid_cancel( runner, &xid );
434 :
435 0 : *output = txn_result;
436 0 : return actual_end - (ulong)output_buf;
437 :
438 0 : } else {
439 : /* Capture the instruction error code */
440 0 : if( exec_res==FD_RUNTIME_TXN_ERR_INSTRUCTION_ERROR ) {
441 0 : int instr_err_idx = txn_ctx->instr_err_idx;
442 0 : int program_id_idx = txn_ctx->instr_infos[instr_err_idx].program_id;
443 :
444 0 : txn_result->instruction_error = (uint32_t) -txn_ctx->exec_err;
445 0 : txn_result->instruction_error_index = (uint32_t) instr_err_idx;
446 :
447 : /* If the exec err was a custom instr error and came from a precompile instruction, don't capture the custom error code. */
448 0 : if( txn_ctx->exec_err==FD_EXECUTOR_INSTR_ERR_CUSTOM_ERR &&
449 0 : fd_executor_lookup_native_precompile_program( &txn_ctx->accounts[ program_id_idx ] )==NULL ) {
450 0 : txn_result->custom_error = txn_ctx->custom_err;
451 0 : }
452 0 : }
453 0 : }
454 :
455 0 : txn_result->has_fee_details = true;
456 0 : txn_result->fee_details.transaction_fee = txn_ctx->execution_fee;
457 0 : txn_result->fee_details.prioritization_fee = txn_ctx->priority_fee;
458 0 : txn_result->executed_units = txn_ctx->compute_budget_details.compute_unit_limit - txn_ctx->compute_budget_details.compute_meter;
459 :
460 :
461 : /* Rent is only collected on successfully loaded transactions */
462 0 : txn_result->rent = txn_ctx->collected_rent;
463 :
464 0 : if( txn_ctx->return_data.len > 0 ) {
465 0 : txn_result->return_data = FD_SCRATCH_ALLOC_APPEND( l, alignof(pb_bytes_array_t),
466 0 : PB_BYTES_ARRAY_T_ALLOCSIZE( txn_ctx->return_data.len ) );
467 0 : if( FD_UNLIKELY( _l > output_end ) ) {
468 0 : abort();
469 0 : }
470 :
471 0 : txn_result->return_data->size = (pb_size_t)txn_ctx->return_data.len;
472 0 : fd_memcpy( txn_result->return_data->bytes, txn_ctx->return_data.data, txn_ctx->return_data.len );
473 0 : }
474 :
475 : /* Allocate space for captured accounts */
476 0 : ulong modified_acct_cnt = txn_ctx->accounts_cnt;
477 :
478 0 : txn_result->has_resulting_state = true;
479 0 : txn_result->resulting_state.acct_states =
480 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_exec_test_acct_state_t),
481 0 : sizeof (fd_exec_test_acct_state_t) * modified_acct_cnt );
482 0 : if( FD_UNLIKELY( _l > output_end ) ) {
483 0 : abort();
484 0 : }
485 :
486 : /* If the transaction is a fees-only transaction, we have to create rollback accounts to iterate over and save. */
487 0 : fd_txn_account_t * accounts_to_save = txn_ctx->accounts;
488 0 : ulong accounts_cnt = txn_ctx->accounts_cnt;
489 0 : if( txn_ctx->flags & FD_TXN_P_FLAGS_FEES_ONLY ) {
490 0 : accounts_to_save = fd_spad_alloc( runner->spad, alignof(fd_txn_account_t), sizeof(fd_txn_account_t) * 2 );
491 0 : accounts_cnt = 0UL;
492 :
493 0 : if( FD_LIKELY( txn_ctx->nonce_account_idx_in_txn!=FD_FEE_PAYER_TXN_IDX ) ) {
494 0 : accounts_to_save[accounts_cnt++] = *txn_ctx->rollback_fee_payer_account;
495 0 : }
496 :
497 0 : if( txn_ctx->nonce_account_idx_in_txn!=ULONG_MAX ) {
498 0 : accounts_to_save[accounts_cnt++] = *txn_ctx->rollback_nonce_account;
499 0 : }
500 0 : }
501 :
502 : /* Capture borrowed accounts */
503 0 : for( ulong j=0UL; j<accounts_cnt; j++ ) {
504 0 : fd_txn_account_t * acc = &accounts_to_save[j];
505 :
506 0 : if( !( fd_exec_txn_ctx_account_is_writable_idx( txn_ctx, (ushort)j ) || j==FD_FEE_PAYER_TXN_IDX ) ) continue;
507 0 : assert( fd_txn_account_is_mutable( acc ) );
508 :
509 0 : ulong modified_idx = txn_result->resulting_state.acct_states_count;
510 0 : assert( modified_idx < modified_acct_cnt );
511 :
512 0 : fd_exec_test_acct_state_t * out_acct = &txn_result->resulting_state.acct_states[ modified_idx ];
513 0 : memset( out_acct, 0, sizeof(fd_exec_test_acct_state_t) );
514 : /* Copy over account content */
515 :
516 0 : memcpy( out_acct->address, acc->pubkey, sizeof(fd_pubkey_t) );
517 :
518 0 : out_acct->lamports = fd_txn_account_get_lamports( acc );
519 :
520 0 : if( fd_txn_account_get_data_len( acc )>0UL ) {
521 0 : out_acct->data =
522 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(pb_bytes_array_t),
523 0 : PB_BYTES_ARRAY_T_ALLOCSIZE( fd_txn_account_get_data_len( acc ) ) );
524 0 : if( FD_UNLIKELY( _l > output_end ) ) {
525 0 : abort();
526 0 : }
527 0 : out_acct->data->size = (pb_size_t)fd_txn_account_get_data_len( acc );
528 0 : fd_memcpy( out_acct->data->bytes, fd_txn_account_get_data( acc ), fd_txn_account_get_data_len( acc ) );
529 0 : }
530 :
531 0 : out_acct->executable = fd_txn_account_is_executable( acc );
532 0 : memcpy( out_acct->owner, fd_txn_account_get_owner( acc ), sizeof(fd_pubkey_t) );
533 :
534 0 : txn_result->resulting_state.acct_states_count++;
535 0 : }
536 :
537 0 : ulong actual_end = FD_SCRATCH_ALLOC_FINI( l, 1UL );
538 0 : fd_runtime_fuzz_xid_cancel( runner, &xid );
539 :
540 0 : *output = txn_result;
541 0 : return actual_end - (ulong)output_buf;
542 0 : } FD_SPAD_FRAME_END;
543 0 : }
|
