test: update fuzzing targets

Author: XuJiandong

fuzz/Cargo.toml

@@ -10,7 +10,7 @@ cargo-fuzz = true
 
 [dependencies]
 libfuzzer-sys = "0.4"
-spike-sys = "0.1.2"
+spike-sys = { version = "0.1.2", optional = true }
 ckb-vm = { path = "..", features = ["asm"] }
 ckb-vm-definitions = { path = "../definitions" }
 
@@ -41,12 +41,14 @@ name = "isa_a"
 path = "fuzz_targets/isa_a.rs"
 test = false
 doc = false
+required-features = ["spike-sys"]
 
 [[bin]]
 name = "isa_b"
 path = "fuzz_targets/isa_b.rs"
 test = false
 doc = false
+required-features = ["spike-sys"]
 
 [[bin]]
 name = "snapshot"

fuzz/fuzz_targets/asm.rs

@@ -3,15 +3,19 @@ use ckb_vm::cost_model::constant_cycles;
 use ckb_vm::machine::asm::{AsmCoreMachine, AsmDefaultMachineBuilder, AsmMachine};
 use ckb_vm::machine::trace::TraceMachine;
 use ckb_vm::machine::{
-    DefaultCoreMachine, DefaultMachineRunner, RustDefaultMachineBuilder, SupportMachine, VERSION2,
+    DefaultCoreMachine, DefaultMachineRunner, RustDefaultMachineBuilder, SupportMachine, VERSION3,
 };
 use ckb_vm::memory::sparse::SparseMemory;
 use ckb_vm::memory::wxorx::WXorXMemory;
-use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
+use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_CFI, ISA_IMC, ISA_MOP};
 use libfuzzer_sys::fuzz_target;
 
 fn run_asm(data: &[u8]) -> Result<(i8, u64), Error> {
-    let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000);
+    let asm_core = AsmCoreMachine::new(
+        ISA_IMC | ISA_A | ISA_B | ISA_MOP | ISA_CFI,
+        VERSION3,
+        200_000,
+    );
     let core = AsmDefaultMachineBuilder::new(asm_core)
         .instruction_cycle_func(Box::new(constant_cycles))
         .build();
@@ -25,8 +29,8 @@ fn run_asm(data: &[u8]) -> Result<(i8, u64), Error> {
 
 fn run_int(data: &[u8]) -> Result<(i8, u64), Error> {
     let machine_core = DefaultCoreMachine::<u64, WXorXMemory<SparseMemory<u64>>>::new(
-        ISA_IMC | ISA_A | ISA_B | ISA_MOP,
-        VERSION2,
+        ISA_IMC | ISA_A | ISA_B | ISA_MOP | ISA_CFI,
+        VERSION3,
         200_000,
     );
     let mut machine = TraceMachine::new(

fuzz/fuzz_targets/interpreter.rs

@@ -1,16 +1,16 @@
 #![no_main]
 use ckb_vm::cost_model::constant_cycles;
 use ckb_vm::machine::trace::TraceMachine;
-use ckb_vm::machine::{DefaultCoreMachine, RustDefaultMachineBuilder, SupportMachine, VERSION2};
+use ckb_vm::machine::{DefaultCoreMachine, RustDefaultMachineBuilder, SupportMachine, VERSION3};
 use ckb_vm::memory::sparse::SparseMemory;
 use ckb_vm::memory::wxorx::WXorXMemory;
-use ckb_vm::{Bytes, DefaultMachineRunner, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
+use ckb_vm::{Bytes, DefaultMachineRunner, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP, ISA_CFI};
 use libfuzzer_sys::fuzz_target;
 
 fn run(data: &[u8]) -> Result<(i8, u64), Error> {
     let machine_core = DefaultCoreMachine::<u64, WXorXMemory<SparseMemory<u64>>>::new(
-        ISA_IMC | ISA_A | ISA_B | ISA_MOP,
-        VERSION2,
+        ISA_IMC | ISA_A | ISA_B | ISA_MOP | ISA_CFI,
+        VERSION3,
         200_000,
     );
     let mut machine = TraceMachine::new(

fuzz/fuzz_targets/isa_a.rs

@@ -31,8 +31,8 @@ impl Deque {
 fuzz_target!(|data: [u8; 512]| {
     let mut deque = Deque::new(data);
     let spike = Spike::new(4 * 1024 * 1024 - 4096);
-    let ckb_vm_isa = ckb_vm::ISA_IMC | ckb_vm::ISA_A | ckb_vm::ISA_B;
-    let ckb_vm_version = ckb_vm::machine::VERSION2;
+    let ckb_vm_isa = ckb_vm::ISA_IMC | ckb_vm::ISA_A | ckb_vm::ISA_B | ckb_vm::ISA_CFI;
+    let ckb_vm_version = ckb_vm::machine::VERSION3;
     let mut ckb_vm_int =
         ckb_vm::RustDefaultMachineBuilder::new(ckb_vm::DefaultCoreMachine::<
             u64,

fuzz/fuzz_targets/isa_b.rs

@@ -37,8 +37,8 @@ impl Deque {
 fuzz_target!(|data: [u8; 512]| {
     let mut deque = Deque::new(data);
     let spike = Spike::new(4 * 1024 * 1024 - 4096);
-    let ckb_vm_isa = ckb_vm::ISA_IMC | ckb_vm::ISA_A | ckb_vm::ISA_B;
-    let ckb_vm_version = ckb_vm::machine::VERSION2;
+    let ckb_vm_isa = ckb_vm::ISA_IMC | ckb_vm::ISA_A | ckb_vm::ISA_B | ckb_vm::ISA_CFI;
+    let ckb_vm_version = ckb_vm::machine::VERSION3;
     let mut ckb_vm_int =
         ckb_vm::RustDefaultMachineBuilder::new(ckb_vm::DefaultCoreMachine::<
             u64,

fuzz/fuzz_targets/snapshot.rs

@@ -1,14 +1,20 @@
 #![no_main]
 use ckb_vm::cost_model::constant_cycles;
-use ckb_vm::machine::VERSION2;
+use ckb_vm::machine::VERSION3;
 use ckb_vm::machine::asm::{AsmCoreMachine, AsmDefaultMachineBuilder, AsmMachine};
 use ckb_vm::snapshot;
-use ckb_vm::{Bytes, DefaultMachineRunner, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP, SupportMachine};
+use ckb_vm::{
+    Bytes, DefaultMachineRunner, Error, ISA_A, ISA_B, ISA_CFI, ISA_IMC, ISA_MOP, SupportMachine,
+};
 use libfuzzer_sys::fuzz_target;
 
 fuzz_target!(|data: &[u8]| {
     let mut machine1 = {
-        let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000);
+        let asm_core = AsmCoreMachine::new(
+            ISA_IMC | ISA_A | ISA_B | ISA_MOP | ISA_CFI,
+            VERSION3,
+            200_000,
+        );
         let machine = AsmDefaultMachineBuilder::new(asm_core)
             .instruction_cycle_func(Box::new(constant_cycles))
             .build();
@@ -25,8 +31,11 @@ fuzz_target!(|data: &[u8]| {
 
     let half_cycles = machine1.machine.cycles() / 2;
     let mut machine2 = {
-        let asm_core =
-            AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, half_cycles);
+        let asm_core = AsmCoreMachine::new(
+            ISA_IMC | ISA_A | ISA_B | ISA_MOP | ISA_CFI,
+            VERSION3,
+            half_cycles,
+        );
         let machine = AsmDefaultMachineBuilder::new(asm_core)
             .instruction_cycle_func(Box::new(constant_cycles))
             .build();
@@ -38,8 +47,11 @@ fuzz_target!(|data: &[u8]| {
     let snap = snapshot::make_snapshot(&mut machine2.machine).unwrap();
 
     let mut machine3 = {
-        let asm_core =
-            AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, half_cycles);
+        let asm_core = AsmCoreMachine::new(
+            ISA_IMC | ISA_A | ISA_B | ISA_MOP | ISA_CFI,
+            VERSION3,
+            half_cycles,
+        );
         let machine = AsmDefaultMachineBuilder::new(asm_core)
             .instruction_cycle_func(Box::new(constant_cycles))
             .build();

fuzz/fuzz_targets/snapshot2.rs

@@ -1,9 +1,9 @@
 #![no_main]
 use ckb_vm::{
-    Bytes, CoreMachine, DEFAULT_MEMORY_SIZE, ISA_A, ISA_B, ISA_IMC, ISA_MOP, Memory,
+    Bytes, CoreMachine, DEFAULT_MEMORY_SIZE, ISA_A, ISA_B, ISA_CFI, ISA_IMC, ISA_MOP, Memory,
     RISCV_PAGESIZE, SupportMachine,
     elf::{LoadingAction, ProgramMetadata},
-    machine::VERSION2,
+    machine::VERSION3,
     machine::asm::{AsmDefaultMachine, AsmDefaultMachineBuilder},
     memory::{FLAG_EXECUTABLE, FLAG_FREEZED, round_page_down, round_page_up},
     snapshot2::{DataSource, Snapshot2Context},
@@ -65,8 +65,8 @@ impl DataSource<u32> for DummyData {
 }
 
 fn build_machine() -> AsmDefaultMachine {
-    let isa = ISA_IMC | ISA_A | ISA_B | ISA_MOP;
-    let core_machine = <AsmCoreMachine as SupportMachine>::new(isa.into(), VERSION2, u64::MAX);
+    let isa = ISA_IMC | ISA_A | ISA_B | ISA_MOP | ISA_CFI;
+    let core_machine = <AsmCoreMachine as SupportMachine>::new(isa.into(), VERSION3, u64::MAX);
     AsmDefaultMachineBuilder::new(core_machine).build()
 }