flamenco, fuzz: support CPI syscalls

.github/workflows/clusterfuzz.yml

@@ -83,9 +83,16 @@ jobs:
           ls ${{ env.OBJ_DIR }}/fuzz-test
           ls ${{ env.OBJ_DIR }}/lib
 
-      - name: upload lib artifact
+      - name: upload so artifact
         uses: actions/upload-artifact@v4
         with:
           path: ${{ env.OBJ_DIR }}/lib/libfd_exec_sol_compat.so
           name: libfd_exec_sol_compat
           retention-days: 14
+
+      - name: upload stubbed so artifact
+        uses: actions/upload-artifact@v4
+        with:
+          path: ${{ env.OBJ_DIR }}/lib/libfd_exec_sol_compat_stubbed.so
+          name: libfd_exec_sol_compat_stubbed
+          retention-days: 14

src/flamenco/runtime/fd_executor.c

@@ -484,7 +484,7 @@ dump_sorted_features( const fd_features_t * features, fd_exec_test_feature_set_t
 }
 
 static void
-dump_account_state( fd_borrowed_account_t * borrowed_account,
+dump_account_state( fd_borrowed_account_t const * borrowed_account,
                       fd_exec_test_acct_state_t * output_account ) {
     // Address
     fd_memcpy(output_account->address, borrowed_account->pubkey, sizeof(fd_pubkey_t));
@@ -510,10 +510,10 @@ dump_account_state( fd_borrowed_account_t * borrowed_account,
     output_account->has_seed_addr = false;
 }
 
-static void
-create_instr_context_protobuf_from_instructions( fd_exec_test_instr_context_t * instr_context,
-                                                 fd_exec_txn_ctx_t *txn_ctx,
-                                                 fd_instr_info_t *instr ) {
+void
+fd_create_instr_context_protobuf_from_instructions( fd_exec_test_instr_context_t * instr_context,
+                                                 fd_exec_txn_ctx_t const *txn_ctx,
+                                                 fd_instr_info_t const *instr ) {
   /*
   NOTE: Calling this function requires the caller to have a scratch frame ready (see dump_instr_to_protobuf)
   */
@@ -541,7 +541,7 @@ create_instr_context_protobuf_from_instructions( fd_exec_test_instr_context_t *
   instr_context->accounts = fd_scratch_alloc(alignof(fd_exec_test_acct_state_t), (instr_context->accounts_count + num_sysvar_entries + txn_ctx->executable_cnt) * sizeof(fd_exec_test_acct_state_t));
   for( ulong i = 0; i < txn_ctx->accounts_cnt; i++ ) {
     // Copy account information over
-    fd_borrowed_account_t * borrowed_account = &txn_ctx->borrowed_accounts[i];
+    fd_borrowed_account_t const * borrowed_account = &txn_ctx->borrowed_accounts[i];
     fd_exec_test_acct_state_t * output_account = &instr_context->accounts[i];
     dump_account_state( borrowed_account, output_account );
   }
@@ -665,7 +665,7 @@ dump_instr_to_protobuf( fd_exec_txn_ctx_t *txn_ctx,
     }
 
     fd_exec_test_instr_context_t instr_context = FD_EXEC_TEST_INSTR_CONTEXT_INIT_DEFAULT;
-    create_instr_context_protobuf_from_instructions( &instr_context, txn_ctx, instr );
+    fd_create_instr_context_protobuf_from_instructions( &instr_context, txn_ctx, instr );
 
     /* Output to file */
     ulong out_buf_size = 100 * 1024 * 1024;

src/flamenco/runtime/fd_executor.h

@@ -13,6 +13,11 @@
 
 FD_PROTOTYPES_BEGIN
 
+void
+fd_create_instr_context_protobuf_from_instructions( fd_exec_test_instr_context_t * instr_context,
+                                                 fd_exec_txn_ctx_t const *txn_ctx,
+                                                 fd_instr_info_t const *instr );
+
 /* fd_exec_instr_fn_t processes an instruction.  Returns an error code
    in FD_EXECUTOR_INSTR_{ERR_{...},SUCCESS}. */
 

src/flamenco/runtime/tests/Local.mk

@@ -1,6 +1,7 @@
 $(call add-hdrs,generated/context.pb.h,generated/elf.pb.h,generated/invoke.pb.h,generated/txn.pb.h,generated/vm.pb.h)
 $(call add-objs,generated/context.pb generated/elf.pb generated/invoke.pb generated/txn.pb generated/vm.pb,fd_flamenco)
 
+WRAP_FLAGS += -Xlinker --wrap=fd_execute_instr
 ifdef FD_HAS_INT128
 ifdef FD_HAS_SECP256K1
 $(call add-hdrs,fd_exec_instr_test.h fd_vm_validate_test.h)
@@ -10,6 +11,7 @@ $(call add-objs,fd_exec_sol_compat,fd_flamenco)
 $(call make-unit-test,test_exec_instr,test_exec_instr,fd_flamenco fd_funk fd_ballet fd_util fd_disco,$(SECP256K1_LIBS))
 $(call make-unit-test,test_exec_sol_compat,test_exec_sol_compat,fd_flamenco fd_funk fd_ballet fd_util fd_disco,$(SECP256K1_LIBS))
 $(call make-shared,libfd_exec_sol_compat.so,fd_exec_sol_compat,fd_flamenco fd_funk fd_ballet fd_util fd_disco,$(SECP256K1_LIBS))
+$(call make-shared,libfd_exec_sol_compat_stubbed.so,fd_exec_sol_compat,fd_flamenco fd_funk fd_ballet fd_util fd_disco,$(SECP256K1_LIBS) $(WRAP_FLAGS))
 endif
 endif
 

src/flamenco/runtime/tests/fd_exec_instr_test.c

@@ -237,7 +237,7 @@ _instr_context_create( fd_exec_instr_test_runner_t *        runner,
 
   /* Initial variables */
   txn_ctx->loaded_accounts_data_size_limit = FD_VM_LOADED_ACCOUNTS_DATA_SIZE_LIMIT;
-  txn_ctx->heap_size = FD_VM_HEAP_SIZE;
+  txn_ctx->heap_size                       = fd_ulong_max( txn_ctx->heap_size, FD_VM_HEAP_SIZE ); /* FIXME: bound this to FD_VM_HEAP_MAX?*/
 
   /* Set up epoch context */
   fd_epoch_bank_t * epoch_bank = fd_exec_epoch_ctx_epoch_bank( epoch_ctx );
@@ -512,6 +512,9 @@ _instr_context_create( fd_exec_instr_test_runner_t *        runner,
   }
   info->acct_cnt = (uchar)test_ctx->instr_accounts_count;
 
+  //  FIXME: Specifically for CPI syscalls, flag guard this?
+  fd_instr_info_sum_account_lamports( info, &info->starting_lamports_h, &info->starting_lamports_l );
+
   /* This function is used to create context both for instructions and for syscalls,
      however some of the remaining checks are only relevant for program instructions. */
   if( !is_syscall ) {
@@ -1620,7 +1623,10 @@ fd_exec_vm_syscall_test_run( fd_exec_instr_test_runner_t *          runner,
   /* Create execution context */
   const fd_exec_test_instr_context_t * input_instr_ctx = &input->instr_ctx;
   fd_exec_instr_ctx_t ctx[1];
-  if( !_instr_context_create( runner, ctx, input_instr_ctx, alloc, true ) )
+  // Skip extra checks for non-CPI syscalls
+  bool skip_extra_checks = strncmp( (const char *)input->syscall_invocation.function_name.bytes, "sol_invoke_signed", 17 );
+
+  if( !_instr_context_create( runner, ctx, input_instr_ctx, alloc, skip_extra_checks ) )
     goto error;
   fd_valloc_t valloc = fd_scratch_virtual();
 
@@ -1744,7 +1750,7 @@ fd_exec_vm_syscall_test_run( fd_exec_instr_test_runner_t *          runner,
 
   /* Capture the effects */
   effects->error = -syscall_err;
-  effects->r0 = vm->reg[0];
+  effects->r0 = syscall_err ? 0 : vm->reg[0]; // Save only on success
   effects->cu_avail = (ulong)vm->cu;
 
   effects->heap = FD_SCRATCH_ALLOC_APPEND(
@@ -1788,3 +1794,15 @@ fd_exec_vm_syscall_test_run( fd_exec_instr_test_runner_t *          runner,
   _instr_context_destroy( runner, ctx, wksp, alloc );
   return 0;
 }
+
+/* Stubs fd_execute_instr for binaries compiled with 
+   `-Xlinker --wrap=fd_execute_instr` */
+int
+__wrap_fd_execute_instr( fd_exec_txn_ctx_t * txn_ctx,
+                         fd_instr_info_t *   instr_info )
+{
+    (void)(txn_ctx);
+    (void)(instr_info);
+    FD_LOG_WARNING(( "fd_execute_instr is disabled" ));
+    return FD_EXECUTOR_INSTR_SUCCESS;
+}

src/flamenco/runtime/tests/fd_exec_sol_compat.c

@@ -24,6 +24,11 @@ typedef struct {
   ulong   supported_feature_cnt;
 } sol_compat_features_t;
 
+typedef struct {
+  uint16_t validator_type;
+} sol_compat_metadata_t;
+
+static sol_compat_metadata_t metadata = { .validator_type = 1 /* Firedancer */ };
 static sol_compat_features_t features;
 static ulong cleaned_up_features[] =
   { 0xd924059c5749c4c1,  // secp256k1_program_enabled
@@ -106,6 +111,16 @@ sol_compat_check_wksp_usage( void ) {
   }
 }
 
+sol_compat_features_t const *
+sol_compat_get_features_v1( void ) {
+  return &features;
+}
+
+sol_compat_metadata_t const *
+sol_compat_get_metadata_v1( void ) {
+  return &metadata;
+}
+
 fd_exec_instr_test_runner_t *
 sol_compat_setup_scratch_and_runner( void * fmem ) {
   // Setup scratch
@@ -499,10 +514,6 @@ sol_compat_elf_loader_v1( uchar *       out,
   return ok;
 }
 
-sol_compat_features_t const *
-sol_compat_get_features_v1( void ) {
-  return &features;
-}
 
 int
 sol_compat_vm_syscall_execute_v1( uchar *       out,
@@ -545,7 +556,7 @@ int
 sol_compat_vm_validate_v1(  uchar *       out,
                             ulong *       out_sz,
                             uchar const * in,
-                            ulong         in_sz) {
+                            ulong         in_sz ) {
   // Setup
   ulong fmem[ 64 ];
   fd_exec_instr_test_runner_t * runner = sol_compat_setup_scratch_and_runner( fmem );
@@ -577,3 +588,12 @@ sol_compat_vm_validate_v1(  uchar *       out,
 
   return ok;
 }
+
+int
+sol_compat_vm_cpi_syscall_v1( uchar *       out,
+                              ulong *       out_sz,
+                              uchar const * in,
+                              ulong         in_sz ) {
+  /* Just a wrapper to vm_syscall_execute_v1 */
+  return sol_compat_vm_syscall_execute_v1( out, out_sz, in, in_sz );
+}

src/flamenco/vm/fd_vm_base.h

@@ -79,6 +79,16 @@
 #define FD_VM_SH_OVERFLOW           (-37) /* detected a shift overflow, equivalent to VeriferError::ShiftWithOverflow */
 #define FD_VM_TEXT_SZ_UNALIGNED     (-38) /* detected a text section that is not a multiple of 8 */
 
+/* Error codes related to CPI syscall.
+   FIXME: Should this be in fd_executor_err.h instead?
+          Or a separate file for syscall errors? */
+
+#define FD_VM_CPI_ERR_TOO_MANY_SIGNERS (-39) /* detected too many signers */
+#define FD_VM_CPI_ERR_TOO_MANY_ACC_INFOS (-40) /* detected too many account infos */
+#define FD_VM_CPI_ERR_INSTR_TOO_LARGE (-41) /* detected too many account infos meta */
+#define FD_VM_CPI_ERR_INSTR_DATA_TOO_LARGE (-42) /* detected instruction data too large */
+#define FD_VM_CPI_ERR_TOO_MANY_ACC_METAS (-43) /* detected too many account metas */
+
 FD_PROTOTYPES_BEGIN
 
 /* fd_vm_strerror converts an FD_VM_SUCCESS / FD_VM_ERR_* code into