Skip to content

Commit

Permalink
Make sure x0 is not modified in mops (#403)
Browse files Browse the repository at this point in the history 
* Make sure x0 is not modified in mops

* Ensure aarch64 behavior is consistent with x86

* Refactor

* Quick fix previous commit
  • Loading branch information
@mohanson
mohanson committed Feb 23, 2024
1 parent a7b9f54 commit b7da390
Show file tree
Hide file tree
Showing 3 changed files with 66 additions and 31 deletions.
34 changes: 29 additions & 5 deletions fuzz/fuzz_targets/asm.rs
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
#![no_main]
use ckb_vm::cost_model::constant_cycles;
use ckb_vm::machine::asm::{AsmCoreMachine, AsmMachine};
use ckb_vm::machine::{DefaultMachineBuilder, VERSION2};
use ckb_vm::machine::{DefaultCoreMachine, DefaultMachineBuilder, VERSION2};
use ckb_vm::memory::sparse::SparseMemory;
use ckb_vm::memory::wxorx::WXorXMemory;
use ckb_vm::{Bytes, Error, ISA_A, ISA_B, ISA_IMC, ISA_MOP};
use libfuzzer_sys::fuzz_target;

fn run(data: &[u8]) -> Result<i8, Error> {
fn run_asm(data: &[u8]) -> Result<i8, Error> {
let asm_core = AsmCoreMachine::new(ISA_IMC | ISA_A | ISA_B | ISA_MOP, VERSION2, 200_000);
let core = DefaultMachineBuilder::<Box<AsmCoreMachine>>::new(asm_core)
.instruction_cycle_func(Box::new(constant_cycles))
Expand All @@ -16,10 +18,32 @@ fn run(data: &[u8]) -> Result<i8, Error> {
machine.run()
}

fn run_int(data: &[u8]) -> Result<i8, Error> {
let machine_memory = WXorXMemory::new(SparseMemory::<u64>::default());
let machine_core = DefaultCoreMachine::new_with_memory(
ISA_IMC | ISA_A | ISA_B | ISA_MOP,
VERSION2,
200_000,
machine_memory,
);
let mut machine = DefaultMachineBuilder::new(machine_core)
.instruction_cycle_func(Box::new(constant_cycles))
.build();
let program = Bytes::copy_from_slice(data);
machine.load_program(&program, &[])?;
machine.run()
}

fuzz_target!(|data: &[u8]| {
let r0 = run(data);
let r1 = run(data);
let r2 = run(data);
let r0 = run_asm(data);
let r1 = run_asm(data);
let r2 = run_asm(data);
let r3 = run_int(data);
assert_eq!(r0, r1);
assert_eq!(r1, r2);
if r2.is_ok() {
assert_eq!(r2.unwrap(), r3.unwrap());
} else {
assert!(r3.is_err())
}
});
36 changes: 20 additions & 16 deletions src/machine/asm/execute_aarch64.S
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,17 +75,17 @@
str v, REGISTER_ADDRESS(RD) SEP \
str ZERO_VALUE, ZERO_ADDRESS

#define WRITE_RD_V2(v) \
str v, REGISTER_ADDRESS(RD)

#define WRITE_RS1(v) \
str v, REGISTER_ADDRESS(RS1) SEP \
str ZERO_VALUE, ZERO_ADDRESS
str v, REGISTER_ADDRESS(RS1)

#define WRITE_RS2(v) \
str v, REGISTER_ADDRESS(RS2) SEP \
str ZERO_VALUE, ZERO_ADDRESS
str v, REGISTER_ADDRESS(RS2)

#define WRITE_RS3(v) \
str v, REGISTER_ADDRESS(RS3) SEP \
str ZERO_VALUE, ZERO_ADDRESS
str v, REGISTER_ADDRESS(RS3)

#define NEXT_INST \
ldr TEMP1, [INST_ARGS] SEP \
Expand All @@ -96,6 +96,10 @@
add INST_PC, INST_PC, 16 SEP \
br TEMP2

#define NEXT_INST_V2 \
str ZERO_VALUE, ZERO_ADDRESS SEP \
NEXT_INST

#define DECODE_R \
ubfx RS1, TEMP1, 0, 8 SEP \
ubfx RS2, TEMP1, 8, 8
Expand Down Expand Up @@ -1873,9 +1877,9 @@ ckb_vm_x64_execute:
ldr TEMP4, REGISTER_ADDRESS(RS2)
adds TEMP3, TEMP3, TEMP4
adc TEMP1, TEMP1, TEMP1
WRITE_RD(TEMP3)
WRITE_RD_V2(TEMP3)
WRITE_RS3(TEMP1)
NEXT_INST
NEXT_INST_V2
.CKB_VM_ASM_LABEL_OP_SBBS:
DECODE_R4
mov TEMP1, 0
Expand All @@ -1884,9 +1888,9 @@ ckb_vm_x64_execute:
subs TEMP3, TEMP3, TEMP4
adc TEMP1, TEMP1, TEMP1
eor TEMP1, TEMP1, 1
WRITE_RD(TEMP3)
WRITE_RD_V2(TEMP3)
WRITE_RS3(TEMP1)
NEXT_INST
NEXT_INST_V2
.CKB_VM_ASM_LABEL_OP_ADD3A:
DECODE_R5
mov TEMP2, 0
Expand All @@ -1897,10 +1901,10 @@ ckb_vm_x64_execute:
mov TEMP3, TEMP2
ldr TEMP1, REGISTER_ADDRESS(RS4_TEMP5)
add TEMP3, TEMP3, TEMP1
WRITE_RD(TEMP4)
WRITE_RD_V2(TEMP4)
WRITE_RS2(TEMP2)
WRITE_RS3(TEMP3)
NEXT_INST
NEXT_INST_V2
.CKB_VM_ASM_LABEL_OP_ADD3B:
DECODE_R5
mov TEMP2, 0
Expand All @@ -1911,10 +1915,10 @@ ckb_vm_x64_execute:
mov TEMP3, TEMP2
ldr TEMP1, REGISTER_ADDRESS(RS4_TEMP5)
add TEMP3, TEMP3, TEMP1
WRITE_RD(TEMP4)
WRITE_RD_V2(TEMP4)
WRITE_RS1(TEMP2)
WRITE_RS3(TEMP3)
NEXT_INST
NEXT_INST_V2
.CKB_VM_ASM_LABEL_OP_ADD3C:
DECODE_R5
mov TEMP3, 0
Expand All @@ -1923,9 +1927,9 @@ ckb_vm_x64_execute:
ldr TEMP4, REGISTER_ADDRESS(RS4_TEMP5)
adds TEMP1, TEMP1, TEMP2
adc TEMP3, TEMP3, TEMP4
WRITE_RD(TEMP1)
WRITE_RD_V2(TEMP1)
WRITE_RS3(TEMP3)
NEXT_INST
NEXT_INST_V2
.exit_max_cycles_exceeded:
mov x0, CKB_VM_ASM_RET_MAX_CYCLES_EXCEEDED
b .exit
Expand Down
27 changes: 17 additions & 10 deletions src/machine/asm/execute_x64.S
View file
Original file line number Diff line number Diff line change
Expand Up @@ -338,6 +338,9 @@
movq v, REGISTER_ADDRESS(RD); \
movq $0, ZERO_ADDRESS

#define WRITE_RD_V2(v) \
movq v, REGISTER_ADDRESS(RD); \

#define WRITE_RS1(v) \
movq v, REGISTER_ADDRESS(RS1); \

Expand Down Expand Up @@ -365,6 +368,10 @@
addq $16, INST_PC; \
jmp *TEMP1

#define NEXT_INST_V2 \
movq $0, ZERO_ADDRESS; \
NEXT_INST

#define DECODE_R \
movzbl %cl, RS1d; \
movzbl %ch, RS2rd
Expand Down Expand Up @@ -2346,19 +2353,19 @@ ckb_vm_x64_execute:
movq REGISTER_ADDRESS(RS1), %rcx
addq REGISTER_ADDRESS(RS2r), %rcx
adc $0, TEMP1
WRITE_RD(%rcx)
WRITE_RD_V2(%rcx)
WRITE_RS3(TEMP1)
NEXT_INST
NEXT_INST_V2
.p2align 3
.CKB_VM_ASM_LABEL_OP_SBBS:
DECODE_R4
xor TEMP1, TEMP1
movq REGISTER_ADDRESS(RS1), %rcx
subq REGISTER_ADDRESS(RS2r), %rcx
adc $0, TEMP1
WRITE_RD(%rcx)
WRITE_RD_V2(%rcx)
WRITE_RS3(TEMP1)
NEXT_INST
NEXT_INST_V2
.p2align 3
.CKB_VM_ASM_LABEL_OP_ADD3A:
DECODE_R5
Expand All @@ -2368,10 +2375,10 @@ ckb_vm_x64_execute:
adc $0, TEMP2
movq TEMP2, TEMP3
addq REGISTER_ADDRESS(RS4_TEMP1), TEMP3
WRITE_RD(%rcx)
WRITE_RD_V2(%rcx)
WRITE_RS2r(TEMP2)
WRITE_RS3(TEMP3)
NEXT_INST
NEXT_INST_V2
.p2align 3
.CKB_VM_ASM_LABEL_OP_ADD3B:
DECODE_R5
Expand All @@ -2381,20 +2388,20 @@ ckb_vm_x64_execute:
adc $0, TEMP2
movq TEMP2, TEMP3
addq REGISTER_ADDRESS(RS4_TEMP1), TEMP3
WRITE_RD(%rcx)
WRITE_RD_V2(%rcx)
WRITE_RS1(TEMP2)
WRITE_RS3(TEMP3)
NEXT_INST
NEXT_INST_V2
.p2align 3
.CKB_VM_ASM_LABEL_OP_ADD3C:
DECODE_R5
xor TEMP3, TEMP3
movq REGISTER_ADDRESS(RS1), %rcx
addq REGISTER_ADDRESS(RS2r), %rcx
adcq REGISTER_ADDRESS(RS4_TEMP1), TEMP3
WRITE_RD(%rcx)
WRITE_RD_V2(%rcx)
WRITE_RS3(TEMP3)
NEXT_INST
NEXT_INST_V2
.p2align 3
.exit_out_of_bound:
mov TEMP3, CKB_VM_ASM_ASM_CORE_MACHINE_OFFSET_ERROR_ARG0(MACHINE)
Expand Down

0 comments on commit b7da390

Please sign in to comment.