fuzz(instr): copy mock_compile_message semantics for instruction harness#10174
fuzz(instr): copy mock_compile_message semantics for instruction harness#10174mjain-jump wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
Aligns the instruction fuzz harness with Agave/Solana runtime semantics so fixtures execute under message-compilation and sysvar behaviors that better match real validator execution.
Changes:
- OR duplicate instruction-account
is_writable/is_signerflags during harness setup to match Agave message compilation. - Demote the invoked program account to read-only unless the upgradeable loader is present (Agave-compatible behavior).
- Attempt to restore the instructions sysvar account when it is not referenced (Agave only mutates it when referenced).
| if( index >= test_ctx->accounts_count ) { | ||
| FD_LOG_ERR(( "invariant violation: instruction account index out of range (%u > %u)", | ||
| index, test_ctx->instr_accounts_count )); | ||
| } |
| if( !referenced && input->accounts[j].data ) { | ||
| fd_memcpy( ctx->txn_out->accounts.account[j]->data, input->accounts[j].data->bytes, input->accounts[j].data->size ); | ||
| } |
Greptile SummaryThis PR aligns the instruction fuzz harness (
All three changes address mismatches between Firedancer's harness setup and Agave's actual behavior during message compilation and execution, which would have caused false-positive fuzz divergences. Confidence Score: 4/5This PR is safe to merge — it corrects fuzz harness behavior to match Agave semantics with sound bounds checking and no production code changes. Score of 4 reflects that the changes are limited to fuzz test harness code (no production impact), the logic is well-commented with Agave references, and all array accesses are bounded by prior invariant checks (accounts_count <= MAX_TX_ACCOUNT_LOCKS = FD_TXN_ACCT_ADDR_MAX = 128). No critical issues found. Minor deduction for the restoration code not explicitly restoring data_len (though analysis confirms it's unchanged by the execution path). No files require special attention. Important Files Changed
Sequence DiagramsequenceDiagram
participant Fuzzer
participant Harness as fd_instr_harness
participant Executor as fd_execute_instr
participant SysvarInstr as Instructions Sysvar
Fuzzer->>Harness: fd_solfuzz_pb_instr_ctx_create(input)
Note over Harness: Load accounts from protobuf
Note over Harness: [NEW] OR writable/signer flags<br/>across duplicate account refs
Note over Harness: [NEW] Demote program account<br/>to read-only if no upgradeable loader
Harness->>Harness: fd_instr_info_setup_instr_account()<br/>with merged flags
Fuzzer->>Harness: fd_solfuzz_pb_instr_run(input)
Harness->>Executor: fd_execute_instr()
Executor->>SysvarInstr: update_current_instr_idx()<br/>(modifies last 2 bytes)
Executor-->>Harness: exec_result
Note over Harness: [NEW] Check if instructions sysvar<br/>is a referenced instruction account
alt Not referenced
Harness->>SysvarInstr: Restore original data bytes
end
Harness-->>Fuzzer: effects (output)
Reviews (1): Last reviewed commit: "fuzz(instr): copy mock_compile_message s..." | Re-trigger Greptile |
Performance Measurements ⏳
|
No description provided.