Line data Source code
1 : #include "fd_solfuzz.h"
2 : #include "fd_solfuzz_private.h"
3 : #include "fd_txn_harness.h"
4 : #include "../fd_runtime.h"
5 : #include "../fd_executor.h"
6 : #include "../fd_txn_account.h"
7 : #include "../fd_cost_tracker.h"
8 : #include "../program/fd_builtin_programs.h"
9 : #include "../sysvar/fd_sysvar_clock.h"
10 : #include "../sysvar/fd_sysvar_epoch_rewards.h"
11 : #include "../sysvar/fd_sysvar_epoch_schedule.h"
12 : #include "../sysvar/fd_sysvar_recent_hashes.h"
13 : #include "../sysvar/fd_sysvar_rent.h"
14 : #include "../sysvar/fd_sysvar_slot_hashes.h"
15 : #include "../sysvar/fd_sysvar_stake_history.h"
16 : #include "../sysvar/fd_sysvar_last_restart_slot.h"
17 : #include "../../../disco/pack/fd_pack.h"
18 : #include <assert.h>
19 :
20 : /* Macros to append data to construct a serialized transaction
21 : without exceeding bounds */
22 0 : #define FD_CHECKED_ADD_TO_TXN_DATA( _begin, _cur_data, _to_add, _sz ) __extension__({ \
23 0 : if( FD_UNLIKELY( (*_cur_data)+_sz>_begin+FD_TXN_MTU ) ) return ULONG_MAX; \
24 0 : fd_memcpy( *_cur_data, _to_add, _sz ); \
25 0 : *_cur_data += _sz; \
26 0 : })
27 :
28 0 : #define FD_CHECKED_ADD_CU16_TO_TXN_DATA( _begin, _cur_data, _to_add ) __extension__({ \
29 0 : do { \
30 0 : uchar _buf[3]; \
31 0 : fd_bincode_encode_ctx_t _encode_ctx = { .data = _buf, .dataend = _buf+3 }; \
32 0 : fd_bincode_compact_u16_encode( &_to_add, &_encode_ctx ); \
33 0 : ulong _sz = (ulong) ((uchar *)_encode_ctx.data - _buf ); \
34 0 : FD_CHECKED_ADD_TO_TXN_DATA( _begin, _cur_data, _buf, _sz ); \
35 0 : } while(0); \
36 0 : })
37 :
38 : static void
39 : fd_runtime_fuzz_xid_cancel( fd_solfuzz_runner_t * runner,
40 0 : fd_funk_txn_xid_t * xid ) {
41 0 : if( FD_UNLIKELY( !xid ) ) return; // This shouldn't be false either
42 0 : fd_funk_txn_cancel( runner->funk, xid );
43 0 : }
44 :
45 : /* Creates transaction execution context for a single test case. Returns a
46 : a parsed txn descriptor on success and NULL on failure. */
47 : static fd_txn_p_t *
48 : fd_runtime_fuzz_txn_ctx_create( fd_solfuzz_runner_t * runner,
49 0 : fd_exec_test_txn_context_t const * test_ctx ) {
50 0 : fd_funk_t * funk = runner->funk;
51 :
52 : /* Default slot */
53 0 : ulong slot = test_ctx->slot_ctx.slot ? test_ctx->slot_ctx.slot : 10; // Arbitrary default > 0
54 :
55 : /* Set up the funk transaction */
56 0 : fd_funk_txn_xid_t xid = { .ul = { slot, slot } };
57 0 : fd_funk_txn_xid_t parent_xid; fd_funk_txn_xid_set_root( &parent_xid );
58 0 : fd_funk_txn_prepare( funk, &parent_xid, &xid );
59 :
60 : /* Set up slot context */
61 0 : fd_banks_clear_bank( runner->banks, runner->bank );
62 :
63 : /* Restore feature flags */
64 0 : fd_exec_test_feature_set_t const * feature_set = &test_ctx->epoch_ctx.features;
65 0 : fd_features_t * features_bm = fd_bank_features_modify( runner->bank );
66 0 : if( !fd_runtime_fuzz_restore_features( features_bm, feature_set ) ) {
67 0 : return NULL;
68 0 : }
69 :
70 : /* Set bank variables (defaults obtained from GenesisConfig::default() in Agave) */
71 :
72 0 : fd_bank_slot_set( runner->bank, slot );
73 0 : fd_bank_parent_slot_set( runner->bank, fd_bank_slot_get( runner->bank ) - 1UL );
74 :
75 : /* Initialize builtin accounts */
76 0 : fd_builtin_programs_init( runner->bank, runner->funk, &xid, NULL );
77 :
78 : /* Load account states into funk (note this is different from the account keys):
79 : Account state = accounts to populate Funk
80 : Account keys = account keys that the transaction needs */
81 0 : for( ulong i = 0; i < test_ctx->account_shared_data_count; i++ ) {
82 : /* Load the accounts into the account manager
83 : Borrowed accounts get reset anyways - we just need to load the account somewhere */
84 0 : FD_TXN_ACCOUNT_DECL( acc );
85 0 : fd_runtime_fuzz_load_account( acc, funk, &xid, &test_ctx->account_shared_data[i], 1 );
86 0 : }
87 :
88 : /* Setup Bank manager */
89 :
90 0 : fd_bank_lamports_per_signature_set( runner->bank, 5000UL );
91 :
92 0 : fd_bank_prev_lamports_per_signature_set( runner->bank, 5000UL );
93 :
94 0 : fd_fee_rate_governor_t * fee_rate_governor = fd_bank_fee_rate_governor_modify( runner->bank );
95 0 : fee_rate_governor->burn_percent = 50;
96 0 : fee_rate_governor->min_lamports_per_signature = 0;
97 0 : fee_rate_governor->max_lamports_per_signature = 0;
98 0 : fee_rate_governor->target_lamports_per_signature = 10000;
99 0 : fee_rate_governor->target_signatures_per_slot = 20000;
100 :
101 0 : fd_bank_ticks_per_slot_set( runner->bank, 64 );
102 :
103 0 : fd_bank_slots_per_year_set( runner->bank, SECONDS_PER_YEAR * (1000000000.0 / (double)6250000) / (double)(fd_bank_ticks_per_slot_get( runner->bank )) );
104 :
105 : /* Ensure the presence of */
106 0 : fd_epoch_schedule_t epoch_schedule_[1];
107 0 : fd_epoch_schedule_t * epoch_schedule = fd_sysvar_epoch_schedule_read( funk, &xid, epoch_schedule_ );
108 0 : FD_TEST( epoch_schedule );
109 0 : fd_bank_epoch_schedule_set( runner->bank, *epoch_schedule );
110 :
111 0 : fd_rent_t const * rent = fd_sysvar_rent_read( funk, &xid, runner->spad );
112 0 : FD_TEST( rent );
113 0 : fd_bank_rent_set( runner->bank, *rent );
114 :
115 0 : fd_slot_hashes_global_t * slot_hashes = fd_sysvar_slot_hashes_read( funk, &xid, runner->spad );
116 0 : FD_TEST( slot_hashes );
117 :
118 0 : fd_stake_history_t * stake_history = fd_sysvar_stake_history_read( funk, &xid, runner->spad );
119 0 : FD_TEST( stake_history );
120 :
121 0 : fd_sol_sysvar_clock_t clock_[1];
122 0 : fd_sol_sysvar_clock_t const * clock = fd_sysvar_clock_read( funk, &xid, clock_ );
123 0 : FD_TEST( clock );
124 :
125 : /* Setup vote states dummy account */
126 0 : fd_vote_states_t * vote_states = fd_vote_states_join( fd_vote_states_new( fd_bank_vote_states_locking_modify( runner->bank ), FD_RUNTIME_MAX_WRITABLE_ACCOUNTS_PER_TRANSACTION, 999UL ) );
127 0 : if( FD_UNLIKELY( !vote_states ) ) {
128 0 : fd_bank_vote_states_end_locking_modify( runner->bank );
129 0 : return NULL;
130 0 : }
131 0 : fd_bank_vote_states_end_locking_modify( runner->bank );
132 :
133 : /* Setup vote states dummy account */
134 0 : fd_vote_states_t * vote_states_prev = fd_vote_states_join( fd_vote_states_new( fd_bank_vote_states_prev_locking_modify( runner->bank ), FD_RUNTIME_MAX_WRITABLE_ACCOUNTS_PER_TRANSACTION, 999UL ) );
135 0 : if( FD_UNLIKELY( !vote_states_prev ) ) {
136 0 : fd_bank_vote_states_prev_end_locking_modify( runner->bank );
137 0 : return NULL;
138 0 : }
139 0 : fd_bank_vote_states_prev_end_locking_modify( runner->bank );
140 :
141 : /* Setup vote states dummy account */
142 0 : fd_vote_states_t * vote_states_prev_prev = fd_vote_states_join( fd_vote_states_new( fd_bank_vote_states_prev_prev_locking_modify( runner->bank ), FD_RUNTIME_MAX_WRITABLE_ACCOUNTS_PER_TRANSACTION, 999UL ) );
143 0 : if( FD_UNLIKELY( !vote_states_prev_prev ) ) {
144 0 : fd_bank_vote_states_prev_prev_end_locking_modify( runner->bank );
145 0 : return NULL;
146 0 : }
147 0 : fd_bank_vote_states_prev_prev_end_locking_modify( runner->bank );
148 :
149 : /* Epoch schedule and rent get set from the epoch bank */
150 0 : fd_sysvar_epoch_schedule_init( runner->bank, runner->funk, &xid, NULL );
151 0 : fd_sysvar_rent_init( runner->bank, runner->funk, &xid, NULL );
152 :
153 : /* Blockhash queue is given in txn message. We need to populate the following two fields:
154 : - block_hash_queue
155 : - recent_block_hashes */
156 0 : ulong num_blockhashes = test_ctx->blockhash_queue_count;
157 :
158 : /* Blockhash queue init */
159 0 : ulong blockhash_seed; FD_TEST( fd_rng_secure( &blockhash_seed, sizeof(ulong) ) );
160 0 : fd_blockhashes_t * blockhashes = fd_blockhashes_init( fd_bank_block_hash_queue_modify( runner->bank ), blockhash_seed );
161 :
162 : // Save lamports per signature for most recent blockhash, if sysvar cache contains recent block hashes
163 0 : fd_recent_block_hashes_t const * rbh_sysvar = fd_sysvar_recent_hashes_read( funk, &xid, runner->spad );
164 0 : fd_recent_block_hashes_t rbh[1];
165 0 : if( rbh_sysvar ) {
166 0 : rbh->hashes = rbh_sysvar->hashes;
167 0 : }
168 :
169 0 : if( rbh_sysvar && !deq_fd_block_block_hash_entry_t_empty( rbh->hashes ) ) {
170 0 : fd_block_block_hash_entry_t const * last = deq_fd_block_block_hash_entry_t_peek_head_const( rbh->hashes );
171 0 : if( last && last->fee_calculator.lamports_per_signature!=0UL ) {
172 0 : fd_bank_lamports_per_signature_set( runner->bank, last->fee_calculator.lamports_per_signature );
173 0 : fd_bank_prev_lamports_per_signature_set( runner->bank, last->fee_calculator.lamports_per_signature );
174 0 : }
175 0 : }
176 :
177 : // Blockhash_queue[end] = last (latest) hash
178 : // Blockhash_queue[0] = genesis hash
179 0 : if( num_blockhashes > 0 ) {
180 0 : fd_hash_t * genesis_hash = fd_bank_genesis_hash_modify( runner->bank );
181 0 : memcpy( genesis_hash->hash, test_ctx->blockhash_queue[0]->bytes, sizeof(fd_hash_t) );
182 :
183 0 : for( ulong i = 0; i < num_blockhashes; ++i ) {
184 0 : fd_hash_t blockhash = FD_LOAD( fd_hash_t, test_ctx->blockhash_queue[i]->bytes );
185 : /* Drop duplicate blockhashes */
186 0 : if( FD_UNLIKELY( fd_blockhash_map_idx_remove( blockhashes->map, &blockhash, ULONG_MAX, blockhashes->d.deque )!=ULONG_MAX ) ) {
187 0 : FD_LOG_WARNING(( "Fuzz input has a duplicate blockhash %s at index %lu",
188 0 : FD_BASE58_ENC_32_ALLOCA( blockhash.hash ), i ));
189 0 : }
190 : // Recent block hashes cap is 150 (actually 151), while blockhash queue capacity is 300 (actually 301)
191 0 : fd_bank_poh_set( runner->bank, blockhash );
192 0 : fd_sysvar_recent_hashes_update( runner->bank, runner->funk, &xid, NULL );
193 0 : }
194 0 : } else {
195 : // Add a default empty blockhash and use it as genesis
196 0 : num_blockhashes = 1;
197 0 : *fd_bank_genesis_hash_modify( runner->bank ) = (fd_hash_t){0};
198 0 : fd_bank_poh_set( runner->bank, (fd_hash_t){0} );
199 0 : fd_sysvar_recent_hashes_update( runner->bank, runner->funk, &xid, NULL );
200 0 : }
201 :
202 : /* Restore sysvars from account context */
203 0 : fd_sysvar_cache_restore_fuzz( runner->bank, runner->funk, &xid );
204 :
205 : /* Refresh the program cache */
206 0 : fd_runtime_fuzz_refresh_program_cache( runner->bank, runner->funk, &xid, test_ctx->account_shared_data, test_ctx->account_shared_data_count, runner->spad );
207 :
208 : /* Create the raw txn (https://solana.com/docs/core/transactions#transaction-size) */
209 0 : fd_txn_p_t * txn = fd_spad_alloc( runner->spad, alignof(fd_txn_p_t), sizeof(fd_txn_p_t) );
210 0 : ulong msg_sz = fd_runtime_fuzz_serialize_txn( txn->payload, &test_ctx->tx );
211 0 : if( FD_UNLIKELY( msg_sz==ULONG_MAX ) ) {
212 0 : return NULL;
213 0 : }
214 :
215 : /* Set up txn descriptor from raw data */
216 0 : if( FD_UNLIKELY( !fd_txn_parse( txn->payload, msg_sz, TXN( txn ), NULL ) ) ) {
217 0 : return NULL;
218 0 : }
219 :
220 0 : txn->payload_sz = msg_sz;
221 :
222 0 : return txn;
223 0 : }
224 :
225 : ulong
226 : fd_runtime_fuzz_serialize_txn( uchar * txn_raw_begin,
227 0 : fd_exec_test_sanitized_transaction_t const * tx ) {
228 0 : uchar * txn_raw_cur_ptr = txn_raw_begin;
229 :
230 : /* Compact array of signatures (https://solana.com/docs/core/transactions#transaction)
231 : Note that although documentation interchangably refers to the signature cnt as a compact-u16
232 : and a u8, the max signature cnt is capped at 48 (due to txn size limits), so u8 and compact-u16
233 : is represented the same way anyways and can be parsed identically. */
234 : // Note: always create a valid txn with 1+ signatures, add an empty signature if none is provided
235 0 : uchar signature_cnt = fd_uchar_max( 1, (uchar) tx->signatures_count );
236 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &signature_cnt, sizeof(uchar) );
237 0 : for( uchar i = 0; i < signature_cnt; ++i ) {
238 0 : fd_signature_t sig = {0};
239 0 : if( tx->signatures && tx->signatures[i] ) sig = FD_LOAD( fd_signature_t, tx->signatures[i]->bytes );
240 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &sig, FD_TXN_SIGNATURE_SZ );
241 0 : }
242 :
243 : /* Message */
244 : /* For v0 transactions, the highest bit of the num_required_signatures is set, and an extra byte is used for the version.
245 : https://solanacookbook.com/guides/versioned-transactions.html#versioned-transactions-transactionv0
246 :
247 : We will always create a transaction with at least 1 signature, and cap the signature count to 127 to avoid
248 : collisions with the header_b0 tag. */
249 0 : uchar num_required_signatures = fd_uchar_max( 1, fd_uchar_min( 127, (uchar) tx->message.header.num_required_signatures ) );
250 0 : if( !tx->message.is_legacy ) {
251 0 : uchar header_b0 = (uchar) 0x80UL;
252 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &header_b0, sizeof(uchar) );
253 0 : }
254 :
255 : /* Header (3 bytes) (https://solana.com/docs/core/transactions#message-header) */
256 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &num_required_signatures, sizeof(uchar) );
257 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &tx->message.header.num_readonly_signed_accounts, sizeof(uchar) );
258 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &tx->message.header.num_readonly_unsigned_accounts, sizeof(uchar) );
259 :
260 : /* Compact array of account addresses (https://solana.com/docs/core/transactions#compact-array-format) */
261 : // Array length is a compact u16
262 0 : ushort num_acct_keys = (ushort) tx->message.account_keys_count;
263 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, num_acct_keys );
264 0 : for( ushort i = 0; i < num_acct_keys; ++i ) {
265 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, tx->message.account_keys[i]->bytes, sizeof(fd_pubkey_t) );
266 0 : }
267 :
268 : /* Recent blockhash (32 bytes) (https://solana.com/docs/core/transactions#recent-blockhash) */
269 : // Note: add an empty blockhash if none is provided
270 0 : fd_hash_t msg_rbh = {0};
271 0 : if( tx->message.recent_blockhash ) msg_rbh = FD_LOAD( fd_hash_t, tx->message.recent_blockhash->bytes );
272 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &msg_rbh, sizeof(fd_hash_t) );
273 :
274 : /* Compact array of instructions (https://solana.com/docs/core/transactions#array-of-instructions) */
275 : // Instruction count is a compact u16
276 0 : ushort instr_count = (ushort) tx->message.instructions_count;
277 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, instr_count );
278 0 : for( ushort i = 0; i < instr_count; ++i ) {
279 : // Program ID index
280 0 : uchar program_id_index = (uchar) tx->message.instructions[i].program_id_index;
281 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &program_id_index, sizeof(uchar) );
282 :
283 : // Compact array of account addresses
284 0 : ushort acct_count = (ushort) tx->message.instructions[i].accounts_count;
285 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, acct_count );
286 0 : for( ushort j = 0; j < acct_count; ++j ) {
287 0 : uchar account_index = (uchar) tx->message.instructions[i].accounts[j];
288 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &account_index, sizeof(uchar) );
289 0 : }
290 :
291 : // Compact array of 8-bit data
292 0 : pb_bytes_array_t * data = tx->message.instructions[i].data;
293 0 : ushort data_len;
294 0 : if( data ) {
295 0 : data_len = (ushort) data->size;
296 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data_len );
297 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data->bytes, data_len );
298 0 : } else {
299 0 : data_len = 0;
300 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, data_len );
301 0 : }
302 0 : }
303 :
304 : /* Address table lookups (N/A for legacy transactions) */
305 0 : ushort addr_table_cnt = 0;
306 0 : if( !tx->message.is_legacy ) {
307 : /* Compact array of address table lookups (https://solanacookbook.com/guides/versioned-transactions.html#compact-array-of-address-table-lookups) */
308 : // NOTE: The diagram is slightly wrong - the account key is a 32 byte pubkey, not a u8
309 0 : addr_table_cnt = (ushort) tx->message.address_table_lookups_count;
310 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, addr_table_cnt );
311 0 : for( ushort i = 0; i < addr_table_cnt; ++i ) {
312 : // Account key
313 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, tx->message.address_table_lookups[i].account_key, sizeof(fd_pubkey_t) );
314 :
315 : // Compact array of writable indexes
316 0 : ushort writable_count = (ushort) tx->message.address_table_lookups[i].writable_indexes_count;
317 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, writable_count );
318 0 : for( ushort j = 0; j < writable_count; ++j ) {
319 0 : uchar writable_index = (uchar) tx->message.address_table_lookups[i].writable_indexes[j];
320 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &writable_index, sizeof(uchar) );
321 0 : }
322 :
323 : // Compact array of readonly indexes
324 0 : ushort readonly_count = (ushort) tx->message.address_table_lookups[i].readonly_indexes_count;
325 0 : FD_CHECKED_ADD_CU16_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, readonly_count );
326 0 : for( ushort j = 0; j < readonly_count; ++j ) {
327 0 : uchar readonly_index = (uchar) tx->message.address_table_lookups[i].readonly_indexes[j];
328 0 : FD_CHECKED_ADD_TO_TXN_DATA( txn_raw_begin, &txn_raw_cur_ptr, &readonly_index, sizeof(uchar) );
329 0 : }
330 0 : }
331 0 : }
332 :
333 0 : return (ulong)(txn_raw_cur_ptr - txn_raw_begin);
334 0 : }
335 :
336 : fd_exec_txn_ctx_t *
337 : fd_runtime_fuzz_txn_ctx_exec( fd_solfuzz_runner_t * runner,
338 : fd_funk_txn_xid_t const * xid,
339 : fd_txn_p_t * txn,
340 0 : int * exec_res ) {
341 :
342 : /* Setup the spad for account allocation */
343 0 : uchar * txn_ctx_mem = fd_spad_alloc( runner->spad, FD_EXEC_TXN_CTX_ALIGN, FD_EXEC_TXN_CTX_FOOTPRINT );
344 0 : fd_exec_txn_ctx_t * txn_ctx = fd_exec_txn_ctx_join( fd_exec_txn_ctx_new( txn_ctx_mem ), runner->spad, fd_wksp_containing( runner->spad ) );
345 0 : txn_ctx->flags = FD_TXN_P_FLAGS_SANITIZE_SUCCESS;
346 0 : txn_ctx->funk[0] = *runner->funk;
347 0 : txn_ctx->bank_hash_cmp = NULL;
348 0 : txn_ctx->fuzz_config.enable_vm_tracing = runner->enable_vm_tracing;
349 0 : txn_ctx->xid[0] = *xid;
350 :
351 0 : *exec_res = fd_runtime_prepare_and_execute_txn(
352 0 : runner->banks,
353 0 : 0UL,
354 0 : txn_ctx,
355 0 : txn,
356 0 : runner->spad,
357 0 : NULL );
358 :
359 0 : return txn_ctx;
360 0 : }
361 :
362 : ulong
363 : fd_solfuzz_txn_run( fd_solfuzz_runner_t * runner,
364 : void const * input_,
365 : void ** output_,
366 : void * output_buf,
367 0 : ulong output_bufsz ) {
368 0 : fd_exec_test_txn_context_t const * input = fd_type_pun_const( input_ );
369 0 : fd_exec_test_txn_result_t ** output = fd_type_pun( output_ );
370 :
371 0 : FD_SPAD_FRAME_BEGIN( runner->spad ) {
372 :
373 : /* Setup the transaction context */
374 0 : fd_txn_p_t * txn = fd_runtime_fuzz_txn_ctx_create( runner, input );
375 :
376 0 : fd_funk_txn_xid_t xid = { .ul = { fd_bank_slot_get( runner->bank ), fd_bank_slot_get( runner->bank ) } };
377 0 : if( FD_UNLIKELY( txn==NULL ) ) {
378 0 : fd_runtime_fuzz_xid_cancel( runner, &xid );
379 0 : return 0;
380 0 : }
381 :
382 : /* Execute the transaction against the runtime */
383 0 : int exec_res = 0;
384 0 : fd_exec_txn_ctx_t * txn_ctx = fd_runtime_fuzz_txn_ctx_exec( runner, &xid, txn, &exec_res );
385 :
386 : /* Start saving txn exec results */
387 0 : FD_SCRATCH_ALLOC_INIT( l, output_buf );
388 0 : ulong output_end = (ulong)output_buf + output_bufsz;
389 :
390 0 : fd_exec_test_txn_result_t * txn_result =
391 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_exec_test_txn_result_t),
392 0 : sizeof (fd_exec_test_txn_result_t) );
393 0 : if( FD_UNLIKELY( _l > output_end ) ) {
394 0 : abort();
395 0 : }
396 0 : fd_memset( txn_result, 0, sizeof(fd_exec_test_txn_result_t) );
397 :
398 : /* Capture basic results fields */
399 0 : txn_result->executed = txn_ctx->flags & FD_TXN_P_FLAGS_EXECUTE_SUCCESS;
400 0 : txn_result->sanitization_error = !(txn_ctx->flags & FD_TXN_P_FLAGS_SANITIZE_SUCCESS);
401 0 : txn_result->has_resulting_state = false;
402 0 : txn_result->resulting_state.acct_states_count = 0;
403 0 : txn_result->is_ok = !exec_res;
404 0 : txn_result->status = (uint32_t) -exec_res;
405 0 : txn_result->instruction_error = 0;
406 0 : txn_result->instruction_error_index = 0;
407 0 : txn_result->custom_error = 0;
408 0 : txn_result->has_fee_details = false;
409 0 : txn_result->loaded_accounts_data_size = txn_ctx->loaded_accounts_data_size;
410 :
411 0 : if( txn_result->sanitization_error ) {
412 : /* Collect fees for transactions that failed to load */
413 0 : if( txn_ctx->flags & FD_TXN_P_FLAGS_FEES_ONLY ) {
414 0 : txn_result->has_fee_details = true;
415 0 : txn_result->fee_details.prioritization_fee = txn_ctx->priority_fee;
416 0 : txn_result->fee_details.transaction_fee = txn_ctx->execution_fee;
417 0 : }
418 :
419 0 : if( exec_res==FD_RUNTIME_TXN_ERR_INSTRUCTION_ERROR ) {
420 0 : txn_result->instruction_error = (uint32_t) -txn_ctx->exec_err;
421 0 : txn_result->instruction_error_index = (uint32_t) txn_ctx->instr_err_idx;
422 0 : if( txn_ctx->exec_err==FD_EXECUTOR_INSTR_ERR_CUSTOM_ERR ) {
423 0 : txn_result->custom_error = txn_ctx->custom_err;
424 0 : }
425 0 : }
426 :
427 0 : ulong actual_end = FD_SCRATCH_ALLOC_FINI( l, 1UL );
428 0 : fd_runtime_fuzz_xid_cancel( runner, &xid );
429 :
430 0 : *output = txn_result;
431 0 : return actual_end - (ulong)output_buf;
432 :
433 0 : } else {
434 : /* Capture the instruction error code */
435 0 : if( exec_res==FD_RUNTIME_TXN_ERR_INSTRUCTION_ERROR ) {
436 0 : int instr_err_idx = txn_ctx->instr_err_idx;
437 0 : int program_id_idx = txn_ctx->instr_infos[instr_err_idx].program_id;
438 :
439 0 : txn_result->instruction_error = (uint32_t) -txn_ctx->exec_err;
440 0 : txn_result->instruction_error_index = (uint32_t) instr_err_idx;
441 :
442 : /* If the exec err was a custom instr error and came from a precompile instruction, don't capture the custom error code. */
443 0 : if( txn_ctx->exec_err==FD_EXECUTOR_INSTR_ERR_CUSTOM_ERR &&
444 0 : fd_executor_lookup_native_precompile_program( &txn_ctx->accounts[ program_id_idx ] )==NULL ) {
445 0 : txn_result->custom_error = txn_ctx->custom_err;
446 0 : }
447 0 : }
448 0 : }
449 :
450 0 : txn_result->has_fee_details = true;
451 0 : txn_result->fee_details.transaction_fee = txn_ctx->execution_fee;
452 0 : txn_result->fee_details.prioritization_fee = txn_ctx->priority_fee;
453 0 : txn_result->executed_units = txn_ctx->compute_budget_details.compute_unit_limit - txn_ctx->compute_budget_details.compute_meter;
454 :
455 :
456 : /* Rent is only collected on successfully loaded transactions */
457 0 : txn_result->rent = txn_ctx->collected_rent;
458 :
459 0 : if( txn_ctx->return_data.len > 0 ) {
460 0 : txn_result->return_data = FD_SCRATCH_ALLOC_APPEND( l, alignof(pb_bytes_array_t),
461 0 : PB_BYTES_ARRAY_T_ALLOCSIZE( txn_ctx->return_data.len ) );
462 0 : if( FD_UNLIKELY( _l > output_end ) ) {
463 0 : abort();
464 0 : }
465 :
466 0 : txn_result->return_data->size = (pb_size_t)txn_ctx->return_data.len;
467 0 : fd_memcpy( txn_result->return_data->bytes, txn_ctx->return_data.data, txn_ctx->return_data.len );
468 0 : }
469 :
470 : /* Allocate space for captured accounts */
471 0 : ulong modified_acct_cnt = txn_ctx->accounts_cnt;
472 :
473 0 : txn_result->has_resulting_state = true;
474 0 : txn_result->resulting_state.acct_states =
475 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_exec_test_acct_state_t),
476 0 : sizeof (fd_exec_test_acct_state_t) * modified_acct_cnt );
477 0 : if( FD_UNLIKELY( _l > output_end ) ) {
478 0 : abort();
479 0 : }
480 :
481 : /* If the transaction is a fees-only transaction, we have to create rollback accounts to iterate over and save. */
482 0 : fd_txn_account_t * accounts_to_save = txn_ctx->accounts;
483 0 : ulong accounts_cnt = txn_ctx->accounts_cnt;
484 0 : if( txn_ctx->flags & FD_TXN_P_FLAGS_FEES_ONLY ) {
485 0 : accounts_to_save = fd_spad_alloc( runner->spad, alignof(fd_txn_account_t), sizeof(fd_txn_account_t) * 2 );
486 0 : accounts_cnt = 0UL;
487 :
488 0 : if( FD_LIKELY( txn_ctx->nonce_account_idx_in_txn!=FD_FEE_PAYER_TXN_IDX ) ) {
489 0 : accounts_to_save[accounts_cnt++] = *txn_ctx->rollback_fee_payer_account;
490 0 : }
491 :
492 0 : if( txn_ctx->nonce_account_idx_in_txn!=ULONG_MAX ) {
493 0 : accounts_to_save[accounts_cnt++] = *txn_ctx->rollback_nonce_account;
494 0 : }
495 0 : }
496 :
497 : /* Capture borrowed accounts */
498 0 : for( ulong j=0UL; j<accounts_cnt; j++ ) {
499 0 : fd_txn_account_t * acc = &accounts_to_save[j];
500 :
501 0 : if( !( fd_exec_txn_ctx_account_is_writable_idx( txn_ctx, (ushort)j ) || j==FD_FEE_PAYER_TXN_IDX ) ) continue;
502 0 : assert( fd_txn_account_is_mutable( acc ) );
503 :
504 0 : ulong modified_idx = txn_result->resulting_state.acct_states_count;
505 0 : assert( modified_idx < modified_acct_cnt );
506 :
507 0 : fd_exec_test_acct_state_t * out_acct = &txn_result->resulting_state.acct_states[ modified_idx ];
508 0 : memset( out_acct, 0, sizeof(fd_exec_test_acct_state_t) );
509 : /* Copy over account content */
510 :
511 0 : memcpy( out_acct->address, acc->pubkey, sizeof(fd_pubkey_t) );
512 :
513 0 : out_acct->lamports = fd_txn_account_get_lamports( acc );
514 :
515 0 : if( fd_txn_account_get_data_len( acc )>0UL ) {
516 0 : out_acct->data =
517 0 : FD_SCRATCH_ALLOC_APPEND( l, alignof(pb_bytes_array_t),
518 0 : PB_BYTES_ARRAY_T_ALLOCSIZE( fd_txn_account_get_data_len( acc ) ) );
519 0 : if( FD_UNLIKELY( _l > output_end ) ) {
520 0 : abort();
521 0 : }
522 0 : out_acct->data->size = (pb_size_t)fd_txn_account_get_data_len( acc );
523 0 : fd_memcpy( out_acct->data->bytes, fd_txn_account_get_data( acc ), fd_txn_account_get_data_len( acc ) );
524 0 : }
525 :
526 0 : out_acct->executable = fd_txn_account_is_executable( acc );
527 0 : memcpy( out_acct->owner, fd_txn_account_get_owner( acc ), sizeof(fd_pubkey_t) );
528 :
529 0 : txn_result->resulting_state.acct_states_count++;
530 0 : }
531 :
532 0 : ulong actual_end = FD_SCRATCH_ALLOC_FINI( l, 1UL );
533 0 : fd_runtime_fuzz_xid_cancel( runner, &xid );
534 :
535 0 : *output = txn_result;
536 0 : return actual_end - (ulong)output_buf;
537 0 : } FD_SPAD_FRAME_END;
538 0 : }
|
