feat(ssa_fuzzer): pushing generated program and witness to redis queue

tooling/ssa_executor/src/lib.rs

@@ -8,15 +8,15 @@ pub mod runner;
 use crate::compiler::compile_from_ssa;
 use crate::runner::{SsaExecutionError, execute_single};
 use acvm::FieldElement;
-use acvm::acir::native_types::WitnessMap;
+use acvm::acir::native_types::{WitnessMap, WitnessStack};
 use noirc_driver::CompileOptions;
 use noirc_evaluator::ssa::ssa_gen::{Ssa, validate_ssa};
 
 pub fn execute_ssa(
     ssa: String,
     initial_witness: WitnessMap<FieldElement>,
     compile_options: CompileOptions,
-) -> Result<WitnessMap<FieldElement>, SsaExecutionError> {
+) -> Result<WitnessStack<FieldElement>, SsaExecutionError> {
     let ssa = Ssa::from_str(&ssa);
     match ssa {
         Ok(ssa) => {
@@ -54,7 +54,7 @@ mod tests {
         witness_map.insert(Witness(1), FieldElement::from(2_u32));
         let result = execute_ssa(ssa.to_string(), witness_map, CompileOptions::default());
         // 1 + 2 == 3
-        assert_eq!(result.unwrap()[&Witness(2)], FieldElement::from(3_u32));
+        assert_eq!(result.unwrap().peek().unwrap().witness[&Witness(2)], FieldElement::from(3_u32));
     }
 
     #[test]
@@ -70,7 +70,10 @@ mod tests {
         witness_map.insert(Witness(1), FieldElement::from(10_u32));
         let result = execute_ssa(ssa.to_string(), witness_map, CompileOptions::default());
         // 20 * 10 == 200
-        assert_eq!(result.unwrap()[&Witness(2)], FieldElement::from(200_u32));
+        assert_eq!(
+            result.unwrap().peek().unwrap().witness[&Witness(2)],
+            FieldElement::from(200_u32)
+        );
     }
 
     #[test]

tooling/ssa_executor/src/runner.rs

@@ -44,17 +44,13 @@ fn execute<B: BlackBoxFunctionSolver<FieldElement> + Default>(
 pub fn execute_single(
     program: &Program<FieldElement>,
     initial_witness: WitnessMap<FieldElement>,
-) -> Result<WitnessMap<FieldElement>, SsaExecutionError> {
+) -> Result<WitnessStack<FieldElement>, SsaExecutionError> {
     let result =
         std::panic::catch_unwind(|| execute::<Bn254BlackBoxSolver>(program, initial_witness));
 
     match result {
         Ok(result) => match result {
-            Ok(result) => Ok(result
-                .peek()
-                .expect("Should have at least one witness on the stack")
-                .witness
-                .clone()),
+            Ok(result) => Ok(result),
             Err(e) => Err(SsaExecutionError::ExecutionFailed(e)),
         },
         Err(e) => {

tooling/ssa_fuzzer/README.md

@@ -20,6 +20,7 @@
 1) Constrain idempotent morphing mode. There are several idempotent morphing commands defined (e.g `c = a + b - b`). In this mode fuzzer will create two more ACIR and Brillig builders, that will constrain the result of idempotent morphed variable. Then will compare result of execution in normal mode and in Constrain idempotent morphing mode. This was done in order to catch bugs described [here](https://github.com/noir-lang/noir/issues/8095). To enable it set `constrain_idempotent_morphing_enabled` to true in [fuzz target](fuzzer/src/fuzz_target.rs).
 2) Constant execution mode. In this mode fuzzer will create two more ACIR and Brillig builders, that will execute all instructions in constant mode (instead of variables with insert constants into builders). Then will compare result of execution in normal mode and in Constant execution mode. This was done in order to catch bugs in constant_folding SSA pass. To enable it set `constant_execution_enabled` to true in [fuzz target](fuzzer/src/fuzz_target.rs).
 
+Also, there is an ability to add programs for which a witness was generated to the redis queue. This is used [here](https://github.com/AztecProtocol/aztec-packages/tree/next/barretenberg/security/ssa_fuzzer_programs_proving) to verify that all programs generated by Noir are provable and verifiable with barretenberg, but you can write an adapter for your backend. To enable this, set `REDIS_URL`, all programs with witnesses will be stored in "fuzzer_output" queue.
 
 ## Usage
 
@@ -46,7 +47,7 @@
 
 4. Minimize crashes:
 ```
 cargo +nightly fuzz tmin base_target --fuzz-dir ./fuzzer PATH_TO_CRASH -runs=1000
 ```
 
 
@@ -97,7 +98,7 @@
   b1 b2
 ```
 Inserts chosen instruction blocks into b1 and b2.
 Then terminates b0 with jmp_if_else and switch context to b1. Condtion for jmp_if_else is the last defined boolean variable in the block.
 ```
        b0
  then ↙  ↘  else

tooling/ssa_fuzzer/fuzzer/Cargo.toml

@@ -22,6 +22,11 @@ env_logger.workspace = true
 bincode.workspace = true
 rand.workspace = true
 serde.workspace = true
+serde_json.workspace = true
+base64.workspace = true
+sha1 = "0.10.6"
+redis = "0.23"
+lazy_static = "1.4"
 
 [dependencies.noir_ssa_fuzzer]
 path = "../"

tooling/ssa_fuzzer/fuzzer/src/fuzz_lib/fuzz_target_lib.rs

@@ -1,7 +1,7 @@
 use super::NUMBER_OF_PREDEFINED_VARIABLES;
 use super::NUMBER_OF_VARIABLES_INITIAL;
 use super::function_context::WitnessValue;
-use super::fuzzer::{Fuzzer, FuzzerData};
+use super::fuzzer::{Fuzzer, FuzzerData, FuzzerOutput};
 use super::options::FuzzerOptions;
 use acvm::FieldElement;
 use acvm::acir::native_types::{Witness, WitnessMap};
@@ -43,7 +43,7 @@ fn initialize_witness_map(
 }
 
 /// Creates ACIR and Brillig programs from the data, runs and compares them
-pub(crate) fn fuzz_target(data: FuzzerData, options: FuzzerOptions) -> Option<FieldElement> {
+pub(crate) fn fuzz_target(data: FuzzerData, options: FuzzerOptions) -> Option<FuzzerOutput> {
     // to triage
     if data.instruction_blocks.is_empty() {
         return None;
@@ -116,7 +116,7 @@ mod tests {
         let result = fuzz_target(data, FuzzerOptions::default());
         // we expect that this program executed successfully
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(1_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(1_u32)),
             None => panic!("Program failed to execute"),
         }
 
@@ -141,7 +141,7 @@ mod tests {
         let result = fuzz_target(data, FuzzerOptions::default());
         // we expect that this program failed to execute
         if let Some(result) = result {
-            panic!("Program executed successfully with result: {result:?}");
+            panic!("Program executed successfully with result: {:?}", result.get_return_value());
         }
     }
 
@@ -208,7 +208,7 @@ mod tests {
         };
         let result = fuzz_target(data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(4_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(4_u32)),
             None => panic!("Program failed to execute"),
         }
     }
@@ -258,7 +258,7 @@ mod tests {
         };
         let result = fuzz_target(data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(1024_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(1024_u32)),
             None => panic!("Program failed to execute"),
         }
     }
@@ -326,7 +326,7 @@ mod tests {
         };
         let result = fuzz_target(data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(131072_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(131072_u32)),
             None => panic!("Program failed to execute"),
         }
     }
@@ -396,7 +396,7 @@ mod tests {
         };
         let result = fuzz_target(data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(4096_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(4096_u32)),
             None => panic!("Program failed to execute"),
         }
     }
@@ -466,7 +466,7 @@ mod tests {
         };
         let result = fuzz_target(data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(22_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(22_u32)),
             None => panic!("Program failed to execute"),
         }
 
@@ -501,7 +501,7 @@ mod tests {
         };
         let result = fuzz_target(data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(2048_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(2048_u32)),
             None => panic!("Program failed to execute"),
         }
     }
@@ -547,7 +547,7 @@ mod tests {
         };
         let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(4_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(4_u32)),
             None => panic!("Program failed to execute"),
         }
     }
@@ -625,7 +625,7 @@ mod tests {
         };
         let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(12_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(12_u32)),
             None => panic!("Program failed to execute"),
         }
     }
@@ -729,7 +729,7 @@ mod tests {
             FuzzerOptions::default(),
         );
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(4_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(4_u32)),
             None => panic!("Program failed to execute"),
         }
 
@@ -760,7 +760,7 @@ mod tests {
         };
         let result = fuzz_target(fuzzer_data, FuzzerOptions::default());
         match result {
-            Some(result) => assert_eq!(result, FieldElement::from(6_u32)),
+            Some(result) => assert_eq!(result.get_return_value(), FieldElement::from(6_u32)),
             None => panic!("Program failed to execute"),
         }
     }