Add a fuzz target to the interpreter (#389)

nervosnetwork · Dec 13, 2023 · 3e3d974 · 3e3d974
1 parent 11a59cf
commit 3e3d974
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 4 deletions.
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -10,7 +10,7 @@ cargo-fuzz = true
 
 [dependencies]
 libfuzzer-sys = "0.4"
-spike-sys = "0.1.1"
+spike-sys = "0.1.2"
 
 [dependencies.ckb-vm]
 path = ".."
@@ -26,6 +26,12 @@ path = "fuzz_targets/asm.rs"
 test = false
 doc = false
 
+[[bin]]
+name = "interpreter"
+path = "fuzz_targets/interpreter.rs"
+test = false
+doc = false
+
 [[bin]]
 name = "isa_a"
 path = "fuzz_targets/isa_a.rs"

diff --git a/fuzz/fuzz_targets/asm.rs b/fuzz/fuzz_targets/asm.rs
@@ -1,12 +1,12 @@
 #![no_main]
 use ckb_vm::cost_model::constant_cycles;
 use ckb_vm::machine::asm::{AsmCoreMachine, AsmMachine};
-use ckb_vm::machine::{DefaultMachineBuilder, VERSION0};
-use ckb_vm::{Bytes, ISA_IMC};
+use ckb_vm::machine::{DefaultMachineBuilder, VERSION2};
+use ckb_vm::{Bytes, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
 use libfuzzer_sys::fuzz_target;
 
 fn run(data: &[u8]) {
-    let asm_core = AsmCoreMachine::new(ISA_IMC, VERSION0, 200_000);
+    let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000);
     let core = DefaultMachineBuilder::<Box<AsmCoreMachine>>::new(asm_core)
         .instruction_cycle_func(Box::new(constant_cycles))
         .build();

diff --git a/fuzz/fuzz_targets/interpreter.rs b/fuzz/fuzz_targets/interpreter.rs
@@ -0,0 +1,28 @@
+#![no_main]
+use ckb_vm::cost_model::constant_cycles;
+use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, VERSION2};
+use ckb_vm::memory::sparse::SparseMemory;
+use ckb_vm::memory::wxorx::WXorXMemory;
+use ckb_vm::{Bytes, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
+use libfuzzer_sys::fuzz_target;
+
+fn run(data: &[u8]) {
+    let machine_memory = WXorXMemory::new(SparseMemory::<u64>::default());
+    let machine_core = DefaultCoreMachine::new_with_memory(
+        ISA_IMC | ISA_A | ISA_B | ISA_MOP,
+        VERSION2,
+        200_000,
+        machine_memory,
+    );
+    let mut machine = DefaultMachineBuilder::new(machine_core)
+        .instruction_cycle_func(Box::new(constant_cycles))
+        .build();
+    let program = Bytes::copy_from_slice(data);
+    if let Ok(_) = machine.load_program(&program, &[]) {
+        let _ = machine.run();
+    }
+}
+
+fuzz_target!(|data: &[u8]| {
+    run(data);
+});