Merge pull request #9459 from ethereum/fix-9458

Fuzzer: Count step by number of interpreted statements

test/libyul/EwasmTranslationTest.cpp

@@ -99,7 +99,7 @@ string EwasmTranslationTest::interpret()
 {
 	InterpreterState state;
 	state.maxTraceSize = 10000;
-	state.maxSteps = 100000;
+	state.maxSteps = 1000000;
 	try
 	{
 		Interpreter::run(state, WasmDialect{}, *m_object->code);

test/tools/ossfuzz/yulProto_diff_ossfuzz.cpp

@@ -97,15 +97,17 @@ DEFINE_PROTO_FUZZER(Program const& _input)
 		EVMDialect::strictAssemblyForEVMObjects(version)
 	);
 
-	if (termReason == yulFuzzerUtil::TerminationReason::StepLimitReached)
+	if (
+		termReason == yulFuzzerUtil::TerminationReason::StepLimitReached ||
+		termReason == yulFuzzerUtil::TerminationReason::TraceLimitReached
+	)
 		return;
 
 	stack.optimize();
-	termReason = yulFuzzerUtil::interpret(
+	yulFuzzerUtil::interpret(
 		os2,
 		stack.parserResult()->code,
-		EVMDialect::strictAssemblyForEVMObjects(version),
+		EVMDialect::strictAssemblyForEVMObjects(version)
-		(yul::test::yul_fuzzer::yulFuzzerUtil::maxSteps * 4)
 	);
 
 	bool isTraceEq = (os1.str() == os2.str());

test/tools/yulInterpreter/Interpreter.cpp

@@ -145,6 +145,11 @@ void Interpreter::operator()(ForLoop const& _forLoop)
 	}
 	while (evaluate(*_forLoop.condition) != 0)
 	{
+		// Increment step for each loop iteration for loops with
+		// an empty body and post blocks to prevent a deadlock.
+		if (_forLoop.body.statements.size() == 0 && _forLoop.post.statements.size() == 0)
+			incrementStep();
+
 		m_state.controlFlowState = ControlFlowState::Default;
 		(*this)(_forLoop.body);
 		if (m_state.controlFlowState == ControlFlowState::Break || m_state.controlFlowState == ControlFlowState::Leave)
@@ -176,12 +181,6 @@ void Interpreter::operator()(Leave const&)
 
 void Interpreter::operator()(Block const& _block)
 {
-	m_state.numSteps++;
-	if (m_state.maxSteps > 0 && m_state.numSteps >= m_state.maxSteps)
-	{
-		m_state.trace.emplace_back("Interpreter execution step limit reached.");
-		throw StepLimitReached();
-	}
 	enterScope(_block);
 	// Register functions.
 	for (auto const& statement: _block.statements)
@@ -193,6 +192,7 @@ void Interpreter::operator()(Block const& _block)
 
 	for (auto const& statement: _block.statements)
 	{
+		incrementStep();
 		visit(statement);
 		if (m_state.controlFlowState != ControlFlowState::Default)
 			break;
@@ -235,6 +235,16 @@ void Interpreter::leaveScope()
 	yulAssert(m_scope, "");
 }
 
+void Interpreter::incrementStep()
+{
+	m_state.numSteps++;
+	if (m_state.maxSteps > 0 && m_state.numSteps >= m_state.maxSteps)
+	{
+		m_state.trace.emplace_back("Interpreter execution step limit reached.");
+		throw StepLimitReached();
+	}
+}
+
 void ExpressionEvaluator::operator()(Literal const& _literal)
 {
 	static YulString const trueString("true");

test/tools/yulInterpreter/Interpreter.h

@@ -154,6 +154,10 @@ private:
 	void enterScope(Block const& _block);
 	void leaveScope();
 
+	/// Increment interpreter step count, throwing exception if step limit
+	/// is reached.
+	void incrementStep();
+
 	Dialect const& m_dialect;
 	InterpreterState& m_state;
 	/// Values of variables.