Adds oss-fuzz harnesses to fuzz AssemblyStack API calls for parsing/optimizing StrictAssembly and generating EVM bytecode.

2023-10-03 13:03:40 +00:00 · 2019-02-06 11:18:44 +01:00 · 2019-02-06 11:18:44 +01:00 · 6c1d0b62b5
commit 6c1d0b62b5
parent e3c3b9e542
6 changed files with 187 additions and 0 deletions
--- a/test/tools/ossfuzz/CMakeLists.txt
+++ b/test/tools/ossfuzz/CMakeLists.txt
@ -5,6 +5,8 @@ add_dependencies(ossfuzz
        solc_noopt_ossfuzz
        const_opt_ossfuzz
        strictasm_diff_ossfuzz
+        strictasm_opt_ossfuzz
+        strictasm_assembly_ossfuzz
        )

 add_custom_target(ossfuzz_proto)
@ -23,6 +25,12 @@ target_link_libraries(const_opt_ossfuzz PRIVATE libsolc evmasm FuzzingEngine.a)
 add_executable(strictasm_diff_ossfuzz strictasm_diff_ossfuzz.cpp yulFuzzerCommon.cpp)
 target_link_libraries(strictasm_diff_ossfuzz PRIVATE libsolc evmasm yulInterpreter FuzzingEngine.a)

+add_executable(strictasm_opt_ossfuzz strictasm_opt_ossfuzz.cpp)
+target_link_libraries(strictasm_opt_ossfuzz PRIVATE yul FuzzingEngine.a)
+
+add_executable(strictasm_assembly_ossfuzz strictasm_assembly_ossfuzz.cpp)
+target_link_libraries(strictasm_assembly_ossfuzz PRIVATE yul FuzzingEngine.a)
+
 add_executable(yul_proto_ossfuzz yulProtoFuzzer.cpp protoToYul.cpp yulProto.pb.cc)
 target_include_directories(yul_proto_ossfuzz PRIVATE /src/libprotobuf-mutator /src/LPM/external.protobuf/include)
 target_link_libraries(yul_proto_ossfuzz PRIVATE yul evmasm
--- a/test/tools/ossfuzz/config/strict_assembly.dict
+++ b/test/tools/ossfuzz/config/strict_assembly.dict
@ -0,0 +1,91 @@
+" -> "
+" := "
+" address() "
+" calldatasize() "
+" caller() "
+" callvalue() "
+" codesize() "
+" coinbase() "
+" difficulty() "
+" gas() "
+" gaslimit() "
+" gasprice() "
+" invalid() "
+" number() "
+" origin() "
+" pc() "
+" returndatasize() "
+" stop() "
+" timestamp() "
+"("
+")"
+", "
+"0x42"
+"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+":"
+"add("
+"addmod("
+"and("
+"balance("
+"blockhash("
+"byte("
+"call("
+"callcode("
+"calldatacopy("
+"calldataload("
+"case "
+"codecopy("
+"create("
+"create2("
+"default "
+"delegatecall("
+"div("
+"eq("
+"exp("
+"extcodecopy("
+"extcodehash("
+"extcodesize("
+"for "
+"function "
+"gt("
+"hello"
+"if "
+"iszero("
+"keccak256("
+"let "
+"log0("
+"log1("
+"log2("
+"log3("
+"log4("
+"lt("
+"mload("
+"mod("
+"msize"
+"mstore("
+"mstore8("
+"mul("
+"mulmod("
+"not("
+"or("
+"pop("
+"return("
+"returndatacopy("
+"revert("
+"sar("
+"sdiv("
+"selfdestruct("
+"sgt("
+"shl("
+"shr("
+"signextend("
+"sload("
+"slt("
+"smod("
+"sstore("
+"staticcall("
+"sub("
+"switch "
+"xor("
+"{"
+"}"
--- a/test/tools/ossfuzz/config/strictasm_assembly_ossfuzz.options
+++ b/test/tools/ossfuzz/config/strictasm_assembly_ossfuzz.options
@ -0,0 +1,2 @@
+[libfuzzer]
+dict = strict_assembly.dict
--- a/test/tools/ossfuzz/config/strictasm_opt_ossfuzz.options
+++ b/test/tools/ossfuzz/config/strictasm_opt_ossfuzz.options
@ -0,0 +1,2 @@
+[libfuzzer]
+dict = strict_assembly.dict
--- a/test/tools/ossfuzz/strictasm_assembly_ossfuzz.cpp
+++ b/test/tools/ossfuzz/strictasm_assembly_ossfuzz.cpp
@ -0,0 +1,47 @@
+/*
+	This file is part of solidity.
+
+	solidity is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	solidity is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with solidity.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <libyul/AssemblyStack.h>
+#include <liblangutil/EVMVersion.h>
+#include <libyul/backends/evm/EVMCodeTransform.h>
+
+using namespace yul;
+using namespace std;
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
+{
+	if (_size > 600)
+		return 0;
+
+	string input(reinterpret_cast<char const*>(_data), _size);
+	AssemblyStack stack(langutil::EVMVersion(), AssemblyStack::Language::StrictAssembly);
+
+	if (!stack.parseAndAnalyze("source", input))
+		return 0;
+
+	try
+	{
+		MachineAssemblyObject obj = stack.assemble(AssemblyStack::Machine::EVM);
+		solAssert(obj.bytecode, "");
+	}
+	catch (StackTooDeepError const&)
+	{
+
+	}
+
+	return 0;
+}
--- a/test/tools/ossfuzz/strictasm_opt_ossfuzz.cpp
+++ b/test/tools/ossfuzz/strictasm_opt_ossfuzz.cpp
@ -0,0 +1,37 @@
+/*
+	This file is part of solidity.
+
+	solidity is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	solidity is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with solidity.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <libyul/AssemblyStack.h>
+#include <liblangutil/EVMVersion.h>
+
+using namespace yul;
+using namespace std;
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
+{
+	if (_size > 600)
+		return 0;
+
+	string input(reinterpret_cast<char const*>(_data), _size);
+	AssemblyStack stack(langutil::EVMVersion(), AssemblyStack::Language::StrictAssembly);
+
+	if (!stack.parseAndAnalyze("source", input))
+		return 0;
+
+	stack.optimize();
+	return 0;
+}