Fix fuzz (#476)

mohanson · web-flow · commit d97e88e523e7 · 2025-04-17T09:38:43.000+08:00
* Fix fuzz

* Build fuzz in ci
diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml
@@ -172,3 +172,13 @@ jobs:
         shell: pwsh
         run: |
           make ci-asm
+
+  linux-fuzz:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build fuzz
+        run: |
+          sudo apt install device-tree-compiler
+          cargo install cargo-fuzz
+          cargo +nightly fuzz build
diff --git a/fuzz/fuzz_targets/asm.rs b/fuzz/fuzz_targets/asm.rs
@@ -4,11 +4,15 @@ use ckb_vm::machine::asm::{AsmCoreMachine, AsmMachine};
 use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, VERSION2};
 use ckb_vm::memory::sparse::SparseMemory;
 use ckb_vm::memory::wxorx::WXorXMemory;
-use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
+use ckb_vm::{Bytes, DefaultMachineRunner, Error, SupportMachine, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
 use libfuzzer_sys::fuzz_target;
 
 fn run_asm(data: &[u8]) -> Result<i8, Error> {
-    let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000);
+    let asm_core = <Box<AsmCoreMachine> as SupportMachine>::new(
+        ISA_IMC | ISA_A | ISA_B | ISA_MOP,
+        VERSION2,
+        200_000,
+    );
     let core = DefaultMachineBuilder::<Box<AsmCoreMachine>>::new(asm_core)
         .instruction_cycle_func(Box::new(constant_cycles))
         .build();
diff --git a/fuzz/fuzz_targets/interpreter.rs b/fuzz/fuzz_targets/interpreter.rs
@@ -3,7 +3,7 @@ use ckb_vm::cost_model::constant_cycles;
 use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, VERSION2};
 use ckb_vm::memory::sparse::SparseMemory;
 use ckb_vm::memory::wxorx::WXorXMemory;
-use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
+use ckb_vm::{Bytes, Error, SupportMachine, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
 use libfuzzer_sys::fuzz_target;
 
 fn run(data: &[u8]) -> Result<i8, Error> {
diff --git a/fuzz/fuzz_targets/isa_a.rs b/fuzz/fuzz_targets/isa_a.rs
@@ -1,5 +1,5 @@
 #![no_main]
-use ckb_vm::{CoreMachine, Memory};
+use ckb_vm::{CoreMachine, Memory, SupportMachine};
 use libfuzzer_sys::fuzz_target;
 use spike_sys::Spike;
 use std::collections::VecDeque;
@@ -39,9 +39,11 @@ fuzz_target!(|data: [u8; 512]| {
             ckb_vm::SparseMemory<u64>,
         >::new(ckb_vm_isa, ckb_vm_version, u64::MAX))
         .build();
-    let mut ckb_vm_asm = ckb_vm::DefaultMachineBuilder::new(
-        ckb_vm::machine::asm::AsmCoreMachine::new(ckb_vm_isa, ckb_vm_version, u64::MAX),
-    )
+    let mut ckb_vm_asm = ckb_vm::DefaultMachineBuilder::new(<Box<
+        ckb_vm::machine::asm::AsmCoreMachine,
+    > as SupportMachine>::new(
+        ckb_vm_isa, ckb_vm_version, u64::MAX
+    ))
     .build();
 
     let insts: [u32; 18] = [
diff --git a/fuzz/fuzz_targets/isa_b.rs b/fuzz/fuzz_targets/isa_b.rs
@@ -1,5 +1,5 @@
 #![no_main]
-use ckb_vm::CoreMachine;
+use ckb_vm::{CoreMachine, SupportMachine};
 use libfuzzer_sys::fuzz_target;
 use spike_sys::Spike;
 use std::collections::VecDeque;
@@ -45,9 +45,11 @@ fuzz_target!(|data: [u8; 512]| {
             ckb_vm::SparseMemory<u64>,
         >::new(ckb_vm_isa, ckb_vm_version, u64::MAX))
         .build();
-    let mut ckb_vm_asm = ckb_vm::DefaultMachineBuilder::new(
-        ckb_vm::machine::asm::AsmCoreMachine::new(ckb_vm_isa, ckb_vm_version, u64::MAX),
-    )
+    let mut ckb_vm_asm = ckb_vm::DefaultMachineBuilder::new(<Box<
+        ckb_vm::machine::asm::AsmCoreMachine,
+    > as SupportMachine>::new(
+        ckb_vm_isa, ckb_vm_version, u64::MAX
+    ))
     .build();
 
     #[rustfmt::skip]
diff --git a/fuzz/fuzz_targets/snapshot.rs b/fuzz/fuzz_targets/snapshot.rs
@@ -3,12 +3,16 @@ use ckb_vm::cost_model::constant_cycles;
 use ckb_vm::machine::asm::{AsmCoreMachine, AsmMachine};
 use ckb_vm::machine::{DefaultMachineBuilder, VERSION2};
 use ckb_vm::snapshot;
-use ckb_vm::{Bytes, Error, SupportMachine, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
+use ckb_vm::{Bytes, DefaultMachineRunner, Error, SupportMachine, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
 use libfuzzer_sys::fuzz_target;
 
 fuzz_target!(|data: &[u8]| {
     let mut machine1 = {
-        let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000);
+        let asm_core = <Box<AsmCoreMachine> as SupportMachine>::new(
+            ISA_IMC | ISA_A | ISA_B | ISA_MOP,
+            VERSION2,
+            200_000,
+        );
         let machine = DefaultMachineBuilder::<Box<AsmCoreMachine>>::new(asm_core)
             .instruction_cycle_func(Box::new(constant_cycles))
             .build();
@@ -25,8 +29,11 @@ fuzz_target!(|data: &[u8]| {
 
     let half_cycles = machine1.machine.cycles() / 2;
     let mut machine2 = {
-        let asm_core =
-            AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, half_cycles);
+        let asm_core = <Box<AsmCoreMachine> as SupportMachine>::new(
+            ISA_IMC | ISA_A | ISA_B | ISA_MOP,
+            VERSION2,
+            half_cycles,
+        );
         let machine = DefaultMachineBuilder::<Box<AsmCoreMachine>>::new(asm_core)
             .instruction_cycle_func(Box::new(constant_cycles))
             .build();
@@ -38,8 +45,11 @@ fuzz_target!(|data: &[u8]| {
     let snap = snapshot::make_snapshot(&mut machine2.machine).unwrap();
 
     let mut machine3 = {
-        let asm_core =
-            AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, half_cycles);
+        let asm_core = <Box<AsmCoreMachine> as SupportMachine>::new(
+            ISA_IMC | ISA_A | ISA_B | ISA_MOP,
+            VERSION2,
+            half_cycles,
+        );
         let machine = DefaultMachineBuilder::<Box<AsmCoreMachine>>::new(asm_core)
             .instruction_cycle_func(Box::new(constant_cycles))
             .build();
diff --git a/fuzz/fuzz_targets/snapshot2.rs b/fuzz/fuzz_targets/snapshot2.rs
@@ -4,8 +4,8 @@ use ckb_vm::{
     machine::VERSION2,
     memory::{round_page_down, round_page_up, FLAG_EXECUTABLE, FLAG_FREEZED},
     snapshot2::{DataSource, Snapshot2Context},
-    Bytes, CoreMachine, DefaultMachine, DefaultMachineBuilder, Memory, ISA_A, ISA_B, ISA_IMC,
-    ISA_MOP, RISCV_MAX_MEMORY, RISCV_PAGESIZE,
+    Bytes, CoreMachine, DefaultMachine, DefaultMachineBuilder, Memory, SupportMachine, ISA_A,
+    ISA_B, ISA_IMC, ISA_MOP, RISCV_MAX_MEMORY, RISCV_PAGESIZE,
 };
 use ckb_vm_definitions::asm::AsmCoreMachine;
 use libfuzzer_sys::fuzz_target;
@@ -65,7 +65,7 @@ impl DataSource<u32> for DummyData {
 
 fn build_machine() -> DefaultMachine<Box<AsmCoreMachine>> {
     let isa = ISA_IMC | ISA_A | ISA_B | ISA_MOP;
-    let core_machine = AsmCoreMachine::new(isa, VERSION2, u64::MAX);
+    let core_machine = <Box<AsmCoreMachine> as SupportMachine>::new(isa, VERSION2, u64::MAX);
     DefaultMachineBuilder::new(core_machine).build()
 }
 
