multi_field.fuzzer.cpp File Reference

Multi-field fuzzer for testing field arithmetic operations across different elliptic curve fields. More...

#include "barretenberg/ecc/curves/bn254/fq.hpp"
#include "barretenberg/ecc/curves/bn254/fr.hpp"
#include "barretenberg/ecc/curves/secp256k1/secp256k1.hpp"
#include "barretenberg/ecc/curves/secp256r1/secp256r1.hpp"
#include "barretenberg/ecc/fields/field.fuzzer.hpp"
#include <cassert>
#include <cstddef>
#include <cstring>
#include <vector>

Go to the source code of this file.

Classes
struct	VMPhaseHeader
	Header structure for each VM execution phase. More...

Enumerations
enum class	FieldType : uint8_t {   BN254_FQ = 0 , BN254_FR = 1 , SECP256K1_FQ = 2 , SECP256K1_FR = 3 ,   SECP256R1_FQ = 4 , SECP256R1_FR = 5 }
	Enumeration of supported field types for the multi-field fuzzer. More...

Functions
template<typename Field >
numeric::uint256_t	reduce_to_modulus (const numeric::uint256_t &value)
	Reduces a uint256_t value to be less than the field's modulus.
template<typename Field >
FieldVM< Field >	create_field_vm (size_t max_steps)
	Creates a field VM with specified maximum steps.
template<typename Field >
void	import_state_with_reduction (FieldVM< Field > &vm, const std::vector< numeric::uint256_t > &state)
	Imports state into a field VM with automatic modulus reduction.
template<typename Field >
int	run_vm_phase (FieldVM< Field > &vm, const unsigned char *data, size_t size, const VMPhaseHeader &header, size_t &data_offset)
	Runs a single VM phase with error handling and state management.
template<typename Field >
int	run_field_vm (const VMPhaseHeader &header, const unsigned char *Data, size_t Size, size_t &data_offset, std::vector< numeric::uint256_t > &current_state)
	Creates and runs a VM for a specific field type with state management.
template<typename Field >
void	run_debug_vm (const VMPhaseHeader &header, const unsigned char *Data, size_t Size, size_t original_data_offset, const std::vector< numeric::uint256_t > &current_state)
	Runs a debug VM to analyze failed phases.
int	LLVMFuzzerTestOneInput (const unsigned char *Data, size_t Size)
	Main fuzzer entry point for multi-field testing.

Variables
constexpr size_t	NUM_FIELD_TYPES = 6
	Total number of supported field types.
constexpr size_t	MAX_STEPS = 64
	Maximum number of VM steps per phase.
const size_t	PHASE_HEADER_SIZE = sizeof(VMPhaseHeader)

Detailed Description

Multi-field fuzzer for testing field arithmetic operations across different elliptic curve fields.

This fuzzer implements a multi-phase virtual machine that can execute field arithmetic operations across different elliptic curve fields. The algorithm works as follows:

1. Input Format: The fuzzer expects input data structured as a sequence of phase headers followed by instruction data. Each phase header is exactly 2 bytes containing:
   • Field type (0-5): Specifies which field to use (BN254_FQ, BN254_FR, SECP256K1_FQ, etc.)
   • Step count (0-63): Number of VM steps to execute in this phase
2. Multi-Phase Execution: The fuzzer processes input data in phases:
   • Each phase uses a different field type and step count
   • State is carried forward between phases using modulus reduction
   • VM execution continues until insufficient data remains
3. Field Types Supported:
   • BN254_FQ: BN254 curve base field
   • BN254_FR: BN254 curve scalar field
   • SECP256K1_FQ: Secp256k1 curve base field
   • SECP256K1_FR: Secp256k1 curve scalar field
   • SECP256R1_FQ: Secp256r1 curve base field
   • SECP256R1_FR: Secp256r1 curve scalar field
4. State Management: Each phase can import state from the previous phase, with automatic modulus reduction to ensure values fit within the target field's modulus.
5. Error Handling: The fuzzer includes comprehensive error detection and debug capabilities:
   • Internal state consistency checks after each phase
   • Debug VM execution for failed phases
   • Detailed error reporting with instruction stream analysis

Author

Barretenberg Team

Date

2024

Definition in file multi_field.fuzzer.cpp.

Enumeration Type Documentation

FieldType

enum class FieldType : uint8_t

strong

Enumeration of supported field types for the multi-field fuzzer.

Enumerator
BN254_FQ	BN254 curve base field.
BN254_FR	BN254 curve scalar field.
SECP256K1_FQ	Secp256k1 curve base field.
SECP256K1_FR	Secp256k1 curve scalar field.
SECP256R1_FQ	Secp256r1 curve base field.
SECP256R1_FR	Secp256r1 curve scalar field.

Definition at line 52 of file multi_field.fuzzer.cpp.

Function Documentation

create_field_vm()

template<typename Field >

FieldVM< Field > create_field_vm

(

size_t

max_steps

)

Creates a field VM with specified maximum steps.

Template Parameters

Field

The field type for the VM

Parameters

max_steps

Maximum number of steps the VM can execute

Returns

FieldVM<Field> The created field VM

Definition at line 101 of file multi_field.fuzzer.cpp.

import_state_with_reduction()

template<typename Field >

void import_state_with_reduction	(	FieldVM< Field > &	vm,
		const std::vector< numeric::uint256_t > &	state
	)

Imports state into a field VM with automatic modulus reduction.

Template Parameters

Field

The field type for the VM

Parameters

vm	The VM to import state into
state	The state values to import

Definition at line 114 of file multi_field.fuzzer.cpp.

LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput	(	const unsigned char *	Data,
		size_t	Size
	)

Main fuzzer entry point for multi-field testing.

Parameters

Data	Input data from the fuzzer
Size	Size of the input data

Returns

int 0 for normal execution, 1 for detected issues

This is the main entry point for the multi-field fuzzer. It processes input data as a sequence of phases, each with its own field type and step count. The fuzzer supports state transfer between phases and includes comprehensive error detection and debugging capabilities.

Definition at line 257 of file multi_field.fuzzer.cpp.

reduce_to_modulus()

template<typename Field >

numeric::uint256_t reduce_to_modulus

(

const numeric::uint256_t &

value

)

Reduces a uint256_t value to be less than the field's modulus.

Template Parameters

Field

The field type to reduce the value for

Parameters

value

The value to reduce

Returns

numeric::uint256_t The reduced value

Definition at line 86 of file multi_field.fuzzer.cpp.

run_debug_vm()

template<typename Field >

void run_debug_vm	(	const VMPhaseHeader &	header,
		const unsigned char *	Data,
		size_t	Size,
		size_t	original_data_offset,
		const std::vector< numeric::uint256_t > &	current_state
	)

Runs a debug VM to analyze failed phases.

Template Parameters

Field

The field type for the debug VM

Parameters

header	Phase header containing field type and step count
Data	Input data for the VM
Size	Size of the input data
original_data_offset	Original data offset before phase execution
current_state	Current state to import

This function creates a debug VM to analyze phases that failed during normal execution. It provides detailed logging and state verification to help identify the root cause of failures.

Definition at line 215 of file multi_field.fuzzer.cpp.

run_field_vm()

template<typename Field >

int run_field_vm	(	const VMPhaseHeader &	header,
		const unsigned char *	Data,
		size_t	Size,
		size_t &	data_offset,
		std::vector< numeric::uint256_t > &	current_state
	)

Creates and runs a VM for a specific field type with state management.

Template Parameters

Field

The field type for the VM

Parameters

header	Phase header containing field type and step count
Data	Input data for the VM
Size	Size of the input data
data_offset	Current offset in the input data (updated on success)
current_state	Current state to import (updated on success)

Returns

int 0 if not enough data, >0 if success, -1 if internal state error

This function creates a new VM for the specified field type, imports the current state (if any), runs the phase, and updates the current state on successful execution.

Definition at line 183 of file multi_field.fuzzer.cpp.

run_vm_phase()

template<typename Field >

int run_vm_phase	(	FieldVM< Field > &	vm,
		const unsigned char *	data,
		size_t	size,
		const VMPhaseHeader &	header,
		size_t &	data_offset
	)

Runs a single VM phase with error handling and state management.

Template Parameters

Field

The field type for the VM

Parameters

vm	The VM to execute
data	Input data for the VM
size	Size of the input data
header	Phase header containing field type and step count
data_offset	Current offset in the input data (updated on success)

Returns

int 0 if not enough data, >0 if success, -1 if internal state error

This function executes a single phase of VM execution. It sets the step limit, runs the VM, checks internal state consistency, and exports state for potential use in subsequent phases. The data_offset is only advanced on successful execution.

Definition at line 138 of file multi_field.fuzzer.cpp.

Variable Documentation

MAX_STEPS

constexpr size_t MAX_STEPS = 64

constexpr

Maximum number of VM steps per phase.

Definition at line 62 of file multi_field.fuzzer.cpp.

NUM_FIELD_TYPES

constexpr size_t NUM_FIELD_TYPES = 6

constexpr

Total number of supported field types.

Definition at line 61 of file multi_field.fuzzer.cpp.

PHASE_HEADER_SIZE

const size_t PHASE_HEADER_SIZE = sizeof(VMPhaseHeader)

Definition at line 77 of file multi_field.fuzzer.cpp.