Hacks to disable instructions that may lead to false positives across interpreter and evmone.

test/tools/ossfuzz/YulToEvmDifferentialFuzzer.cpp

@@ -63,10 +63,12 @@ DEFINE_PROTO_FUZZER(Program const& _input)
 	bool filterStatefulInstructions = true;
 	bool filterUnboundedLoops = true;
 	bool filterMemoryWrites = true;
+	bool filterLogs = true;
 	ProtoConverter converter(
 		filterStatefulInstructions,
 		filterUnboundedLoops,
-		filterMemoryWrites
+		filterMemoryWrites,
+		filterLogs
 	);
 	string yulSubObject = converter.programToString(_input);
 	// Fuzzer also fuzzes the EVM version field.
@@ -104,7 +106,7 @@ DEFINE_PROTO_FUZZER(Program const& _input)
 	}
 
 	solidity::frontend::OptimiserSettings settings = solidity::frontend::OptimiserSettings::none();
-	AssemblyStack stackUnoptimized;
+	AssemblyStack stackUnoptimized(version, AssemblyStack::Language::StrictAssembly, settings);
 	solAssert(
 		stackUnoptimized.parseAndAnalyze("source", yulSubObject),
 		"Parsing fuzzer generated input failed."

test/tools/ossfuzz/protoToYul.cpp

@@ -652,7 +652,17 @@ void ProtoConverter::visit(NullaryOp const& _x)
 			op == NullaryOp::ADDRESS ||
 			op == NullaryOp::TIMESTAMP ||
 			op == NullaryOp::NUMBER ||
-			op == NullaryOp::DIFFICULTY
+			op == NullaryOp::DIFFICULTY ||
+			op == NullaryOp::ORIGIN ||
+			op == NullaryOp::CALLER ||
+			op == NullaryOp::CALLVALUE ||
+			op == NullaryOp::GASPRICE ||
+			op == NullaryOp::GASLIMIT ||
+			op == NullaryOp::COINBASE ||
+			op == NullaryOp::TIMESTAMP ||
+			op == NullaryOp::NUMBER ||
+			op == NullaryOp::CHAINID ||
+			op == NullaryOp::SELFBALANCE
 		)
 	)
 	{
@@ -1344,7 +1354,8 @@ void ProtoConverter::visit(Statement const& _x)
 			m_output << "continue\n";
 		break;
 	case Statement::kLogFunc:
-		visit(_x.log_func());
+		if (!m_filterLogs)
+			visit(_x.log_func());
 		break;
 	case Statement::kCopyFunc:
 		visit(_x.copy_func());

test/tools/ossfuzz/protoToYul.h

@@ -42,7 +42,8 @@ public:
 	ProtoConverter(
 		bool _filterStatefulInstructions = false,
 		bool _filterUnboundedLoops = false,
-		bool _filterMemoryWrites = false
+		bool _filterMemoryWrites = false,
+		bool _filterLogs = false
 	)
 	{
 		m_funcVars = std::vector<std::vector<std::vector<std::string>>>{};
@@ -61,6 +62,7 @@ public:
 		m_filterStatefulInstructions = _filterStatefulInstructions;
 		m_filterUnboundedLoops = _filterUnboundedLoops;
 		m_filterMemoryWrites = _filterMemoryWrites;
+		m_filterLogs = _filterLogs;
 	}
 	ProtoConverter(ProtoConverter const&) = delete;
 	ProtoConverter(ProtoConverter&&) = delete;
@@ -386,5 +388,8 @@ private:
 	/// Flag that, if set, stops the converter from generating memory
 	/// writes i.e., mstore/mstore8.
 	bool m_filterMemoryWrites;
+	/// Flag that, if set, stops the converter from generating log
+	/// records.
+	bool m_filterLogs;
 };
 }

test/tools/yulInterpreter/EVMInstructionInterpreter.cpp

@@ -41,6 +41,7 @@ using solidity::util::keccak256;
 namespace
 {
 
+#if 0
 /// Reads 32 bytes from @a _data at position @a _offset bytes while
 /// interpreting @a _data to be padded with an infinite number of zero
 /// bytes beyond its end.
@@ -63,6 +64,7 @@ u256 readZeroExtended(bytes const& _data, u256 const& _offset)
 		return val;
 	}
 }
+#endif
 
 /// Copy @a _size bytes of @a _source at offset @a _sourceOffset to
 /// @a _target at offset @a _targetOffset. Behaves as if @a _source would
@@ -196,9 +198,11 @@ u256 EVMInstructionInterpreter::eval(
 	case Instruction::CALLVALUE:
 		return m_state.callvalue;
 	case Instruction::CALLDATALOAD:
-		return readZeroExtended(m_state.calldata, arg[0]);
+//		return readZeroExtended(m_state.calldata, arg[0]);
+		return u256{};
 	case Instruction::CALLDATASIZE:
-		return m_state.calldata.size();
+		//return m_state.calldata.size();
+		return 0;
 	case Instruction::CALLDATACOPY:
 		if (accessMemory(arg[0], arg[2]))
 			copyZeroExtended(
@@ -458,6 +462,10 @@ u256 EVMInstructionInterpreter::evalBuiltin(
 			);
 		return 0;
 	}
+	else if (fun == "memoryguard")
+	{
+		return _evaluatedArguments.at(0);
+	}
 	else
 		yulAssert(false, "Unknown builtin: " + fun);
 	return 0;