import stew/ptrops, stew/ranges/ptr_arith, ../beacon_chain/[ssz, state_transition], ../beacon_chain/spec/[datatypes, digest, validator, beaconstate, state_transition_block], # Required for deserialisation of ValidatorSig in Attestation due to # https://github.com/nim-lang/Nim/issues/11225 ../beacon_chain/spec/crypto, ../beacon_chain/extras type AttestationInput = object state: BeaconStateRef attestation: Attestation AttesterSlashingInput = object state: BeaconStateRef attesterSlashing: AttesterSlashing BlockInput = object state: BeaconStateRef beaconBlock: SignedBeaconBlock BlockHeaderInput = BlockInput DepositInput = object state: BeaconStateRef deposit: Deposit ProposerSlashingInput = object state: BeaconStateRef proposerSlashing: ProposerSlashing VoluntaryExitInput = object state: BeaconStateRef exit: SignedVoluntaryExit # This and AssertionError are raised to indicate programming bugs # A wrapper to allow exception tracking to identify unexpected exceptions FuzzCrashError = object of CatchableError # TODO: change ptr uint to ptr csize_t when available in newer Nim version. proc copyState(state: BeaconState, output: ptr byte, output_size: ptr uint): bool {.raises: [FuzzCrashError, Defect].} = var resultState = try: SSZ.encode(state) except IOError as e: # Shouldn't occur as the writer isn't a file raise newException(FuzzCrashError, "Unexpected failure to serialize.", e) if unlikely(resultState.len.uint > output_size[]): let msg = ( "Not enough output buffer provided to nimbus harness. Provided: " & $(output_size[]) & "Required: " & $resultState.len.uint ) raise newException(FuzzCrashError, msg) output_size[] = resultState.len.uint # TODO: improvement might be to write directly to buffer with OutputStream # and SszWriter (but then need to ensure length doesn't overflow) copyMem(output, unsafeAddr resultState[0], output_size[]) result = true template decodeAndProcess(typ, process: untyped): bool = let flags {.inject.} = if disable_bls: {skipBlsValidation} else: {} var cache {.used, inject.} = get_empty_per_epoch_cache() data {.inject.} = try: SSZ.decode(input, typ) except MalformedSszError as e: raise newException( FuzzCrashError, "Malformed SSZ, likely bug in preprocessing.", e) except SszSizeMismatchError as e: raise newException( FuzzCrashError, "SSZ size mismatch, likely bug in preprocessing.", e) let processOk = try: process except IOError as e: raise newException( FuzzCrashError, "Unexpected (logging?) IOError in state transition", e, ) except ValueError as e: raise newException( FuzzCrashError, "Unexpected (logging?) IOError in state transition", e) except Exception as e: # TODO why an Exception? # Lots of vendor code looks like it might raise a bare exception type raise newException(FuzzCrashError, "Unexpected Exception in state transition", e) if processOk: copyState(data.state[], output, output_size) else: false proc nfuzz_attestation(input: openArray[byte], output: ptr byte, output_size: ptr uint, disable_bls: bool): bool {.exportc, raises: [FuzzCrashError, Defect].} = decodeAndProcess(AttestationInput): process_attestation(data.state[], data.attestation, flags, cache) proc nfuzz_attester_slashing(input: openArray[byte], output: ptr byte, output_size: ptr uint, disable_bls: bool): bool {.exportc, raises: [FuzzCrashError, Defect].} = decodeAndProcess(AttesterSlashingInput): process_attester_slashing(data.state[], data.attesterSlashing, flags, cache) proc nfuzz_block(input: openArray[byte], output: ptr byte, output_size: ptr uint, disable_bls: bool): bool {.exportc, raises: [FuzzCrashError, Defect].} = decodeAndProcess(BlockInput): state_transition(data.state[], data.beaconBlock, flags, noRollback) proc nfuzz_block_header(input: openArray[byte], output: ptr byte, output_size: ptr uint, disable_bls: bool): bool {.exportc, raises: [FuzzCrashError, Defect].} = decodeAndProcess(BlockHeaderInput): process_block_header(data.state[], data.beaconBlock.message, flags, cache) proc nfuzz_deposit(input: openArray[byte], output: ptr byte, output_size: ptr uint, disable_bls: bool): bool {.exportc, raises: [FuzzCrashError, Defect].} = decodeAndProcess(DepositInput): process_deposit(data.state[], data.deposit, flags) proc nfuzz_proposer_slashing(input: openArray[byte], output: ptr byte, output_size: ptr uint, disable_bls: bool): bool {.exportc, raises: [FuzzCrashError, Defect].} = decodeAndProcess(ProposerSlashingInput): process_proposer_slashing(data.state[], data.proposerSlashing, flags, cache) proc nfuzz_voluntary_exit(input: openArray[byte], output: ptr byte, output_size: ptr uint, disable_bls: bool): bool {.exportc, raises: [FuzzCrashError, Defect].} = decodeAndProcess(VoluntaryExitInput): process_voluntary_exit(data.state[], data.exit, flags) # Note: Could also accept raw input pointer and access list_size + seed here. # However, list_size needs to be known also outside this proc to allocate output. # TODO: rework to copy immediatly in an uint8 openArray, considering we have to # go over the list anyhow? proc nfuzz_shuffle(input_seed: ptr byte, output: var openArray[uint64]): bool {.exportc, raises: [Defect].} = var seed: Eth2Digest # Should be OK as max 2 bytes are passed by the framework. let list_size = output.len.uint64 copyMem(addr(seed.data), input_seed, sizeof(seed.data)) var shuffled_seq: seq[ValidatorIndex] shuffled_seq = get_shuffled_seq(seed, list_size) doAssert( list_size == shuffled_seq.len.uint64, "Shuffled list should be of requested size." ) for i in 0..