svm: integrate Firedancer's fuzz harness for instructions (solana-labs#8047)

* init fixture lib

* init instr lib

* hook up bin

* fix ci

* expose entrypoints into single .so file (#33)

* expose entrypoints into single .so file

* test

* fix

* fix submodule

* fix submodule path

* remove bad file

* whitespace

* update manifests

* clean up directories

* remove outdated submodule (#34)

* clean up directories

* update submodules

* update script

* cleaned up feature comment

* cleanups to fuzz harness instrcontext and sysvar cache setup (solana-labs#35)

* remove `rlib` target

* Revert "remove `rlib` target"

This reverts commit 1543c01.

* fix sysvars in test

* configure instruction changes from rebase

* rebase updates

---------

Co-authored-by: mjain-jump <[email protected]>

Author: buffalojoec

.github/workflows/cargo.yml

@@ -55,6 +55,8 @@ jobs:
           apk add bash git
 
       - uses: actions/checkout@v5
+        with:
+          submodules: recursive
 
       - uses: mozilla-actions/[email protected]
         with:

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "svm-fuzz-harness/protosol"]
+	path = svm-fuzz-harness/protosol
+	url = https://github.com/firedancer-io/protosol.git

Cargo.lock

@@ -104,6 +104,7 @@ members = [
     "svm",
     "svm-callback",
     "svm-feature-set",
+    "svm-fuzz-harness",
     "svm-log-collector",
     "svm-measure",
     "svm-timings",
@@ -529,6 +530,7 @@ solana-streamer = { path = "streamer", version = "=3.1.0" }
 solana-svm = { path = "svm", version = "=3.1.0" }
 solana-svm-callback = { path = "svm-callback", version = "=3.1.0" }
 solana-svm-feature-set = { path = "svm-feature-set", version = "=3.1.0" }
+solana-svm-fuzz-harness = { path = "svm-fuzz-harness", version = "=3.1.0" }
 solana-svm-log-collector = { path = "svm-log-collector", version = "=3.1.0" }
 solana-svm-measure = { path = "svm-measure", version = "=3.1.0" }
 solana-svm-timings = { path = "svm-timings", version = "=3.1.0" }

Cargo.toml

@@ -1550,7 +1550,14 @@ fn execute<'a, 'b: 'a>(
                 Err(Box::new(error) as Box<dyn std::error::Error>)
             }
             ProgramResult::Err(mut error) => {
-                if !matches!(error, EbpfError::SyscallError(_)) {
+                // Don't clean me up!!
+                // This feature is active on all networks, but we still toggle
+                // it off during fuzzing.
+                if invoke_context
+                    .get_feature_set()
+                    .deplete_cu_meter_on_vm_failure
+                    && !matches!(error, EbpfError::SyscallError(_))
+                {
                     // when an exception is thrown during the execution of a
                     // Basic Block (e.g., a null memory dereference or other
                     // faults), determining the exact number of CUs consumed

programs/bpf_loader/src/lib.rs

@@ -0,0 +1 @@
+dump

svm-fuzz-harness/.gitignore

@@ -0,0 +1,55 @@
+[package]
+name = "solana-svm-fuzz-harness"
+description = "Solana SVM fuzzing harnesses."
+documentation = "https://docs.rs/solana-svm-fuzz-harness"
+version = { workspace = true }
+authors = { workspace = true }
+repository = { workspace = true }
+homepage = { workspace = true }
+license = { workspace = true }
+edition = { workspace = true }
+publish = false
+
+[lib]
+crate-type = ["cdylib", "rlib"]
+
+[[bin]]
+name = "test_exec_instr"
+path = "bin/test_exec_instr.rs"
+
+[dependencies]
+agave-feature-set = { workspace = true }
+agave-precompiles = { workspace = true }
+agave-syscalls = { workspace = true }
+bincode = { workspace = true }
+clap = { version = "4.5.2", features = ["derive"] }
+prost = { workspace = true }
+solana-account = { workspace = true }
+solana-builtins = { workspace = true }
+solana-clock = { workspace = true, features = ["sysvar"] }
+solana-compute-budget = { workspace = true }
+solana-epoch-schedule = { workspace = true, features = ["sysvar"] }
+solana-hash = { workspace = true }
+solana-instruction = { workspace = true }
+solana-instruction-error = { workspace = true, features = ["serde"] }
+solana-last-restart-slot = { workspace = true, features = ["sysvar"] }
+solana-logger = { workspace = true }
+solana-precompile-error = { workspace = true }
+solana-program-runtime = { workspace = true }
+solana-pubkey = { workspace = true }
+solana-rent = { workspace = true, features = ["sysvar"] }
+solana-sdk-ids = { workspace = true }
+solana-stable-layout = { workspace = true }
+solana-svm = { workspace = true }
+solana-svm-callback = { workspace = true }
+solana-svm-log-collector = { workspace = true }
+solana-svm-timings = { workspace = true }
+solana-sysvar-id = { workspace = true }
+solana-transaction-context = { workspace = true }
+thiserror = { workspace = true }
+
+[build-dependencies]
+prost-build = { workspace = true }
+
+[lints]
+workspace = true

svm-fuzz-harness/Cargo.toml

@@ -0,0 +1,10 @@
+
+CARGO?=cargo
+
+test: | binaries tests/run_test_vectors
+
+binaries:
+	$(CARGO) build --manifest-path ./Cargo.toml --bins --release
+
+tests/run_test_vectors:
+	scripts/run_test_vectors.sh

svm-fuzz-harness/Makefile

@@ -0,0 +1,52 @@
+use {
+    clap::Parser,
+    prost::Message,
+    solana_svm_fuzz_harness::{
+        fixture::proto::InstrFixture as ProtoInstrFixture, instr::execute_instr_proto,
+    },
+    std::path::PathBuf,
+};
+
+#[derive(Parser)]
+#[command(version, about, long_about = None)]
+struct Cli {
+    inputs: Vec<PathBuf>,
+}
+
+fn exec(input: &PathBuf) -> bool {
+    let blob = std::fs::read(input).unwrap();
+    let fixture = ProtoInstrFixture::decode(&blob[..]).unwrap();
+    let Some(context) = fixture.input else {
+        println!("No context found.");
+        return false;
+    };
+
+    let Some(expected) = fixture.output else {
+        println!("No fixture found.");
+        return false;
+    };
+    let Some(effects) = execute_instr_proto(context) else {
+        println!("FAIL: No instruction effects returned for input: {input:?}",);
+        return false;
+    };
+
+    let ok = effects == expected;
+
+    if ok {
+        println!("OK: {input:?}");
+    } else {
+        println!("FAIL: {input:?}");
+    }
+    ok
+}
+
+fn main() {
+    let cli = Cli::parse();
+    let mut fail_cnt: i32 = 0;
+    for input in cli.inputs {
+        if !exec(&input) {
+            fail_cnt = fail_cnt.saturating_add(1);
+        }
+    }
+    std::process::exit(fail_cnt);
+}

svm-fuzz-harness/bin/test_exec_instr.rs

@@ -0,0 +1,18 @@
+use std::io::Result;
+
+fn main() -> Result<()> {
+    let proto_base_path = std::path::PathBuf::from("protosol/proto");
+
+    let protos = &[
+        proto_base_path.join("context.proto"),
+        proto_base_path.join("invoke.proto"),
+    ];
+
+    protos
+        .iter()
+        .for_each(|proto| println!("cargo:rerun-if-changed={}", proto.display()));
+
+    prost_build::Config::new().compile_protos(protos, &[proto_base_path])?;
+
+    Ok(())
+}