Merge pull request #10902 from ethereum/unified-solc-fuzzer

Unify solc fuzzers.

.circleci/config.yml

@@ -88,10 +88,8 @@ defaults:
         - test/tools/ossfuzz/abiv2_proto_ossfuzz
         - test/tools/ossfuzz/abiv2_isabelle_ossfuzz
         - test/tools/ossfuzz/const_opt_ossfuzz
-        - test/tools/ossfuzz/solc_noopt_mutator_ossfuzz
-        - test/tools/ossfuzz/solc_noopt_ossfuzz
-        - test/tools/ossfuzz/solc_opt_mutator_ossfuzz
-        - test/tools/ossfuzz/solc_opt_ossfuzz
+        - test/tools/ossfuzz/solc_mutator_ossfuzz
+        - test/tools/ossfuzz/solc_ossfuzz
         - test/tools/ossfuzz/strictasm_assembly_ossfuzz
         - test/tools/ossfuzz/strictasm_diff_ossfuzz
         - test/tools/ossfuzz/strictasm_opt_ossfuzz

test/tools/fuzzer_common.cpp

@@ -81,7 +81,13 @@ void FuzzerUtil::forceSMT(StringMap& _input)
 			sourceUnit.second += smtPragma;
 }
 
-void FuzzerUtil::testCompiler(StringMap& _input, bool _optimize, unsigned _rand, bool _forceSMT)
+void FuzzerUtil::testCompiler(
+	StringMap& _input,
+	bool _optimize,
+	unsigned _rand,
+	bool _forceSMT,
+	bool _compileViaYul
+)
 {
 	frontend::CompilerStack compiler;
 	EVMVersion evmVersion = s_evmVersions[_rand % s_evmVersions.size()];
@@ -98,6 +104,7 @@ void FuzzerUtil::testCompiler(StringMap& _input, bool _optimize, unsigned _rand,
 	compiler.setSources(_input);
 	compiler.setEVMVersion(evmVersion);
 	compiler.setOptimiserSettings(optimiserSettings);
+	compiler.enableIRGeneration(_compileViaYul);
 	try
 	{
 		compiler.compile();

test/tools/fuzzer_common.h

@@ -41,7 +41,8 @@ struct FuzzerUtil
 		solidity::StringMap& _input,
 		bool _optimize,
 		unsigned _rand,
-		bool _forceSMT
+		bool _forceSMT,
+		bool _compileViaYul
 	);
 	/// Adds the experimental SMTChecker pragma to each source file in the
 	/// source map.

test/tools/ossfuzz/CMakeLists.txt

@@ -1,9 +1,7 @@
 add_custom_target(ossfuzz)
 add_dependencies(ossfuzz
-        solc_opt_ossfuzz
-        solc_opt_mutator_ossfuzz
-        solc_noopt_ossfuzz
-        solc_noopt_mutator_ossfuzz
+        solc_ossfuzz
+        solc_mutator_ossfuzz
         const_opt_ossfuzz
         strictasm_diff_ossfuzz
         strictasm_opt_ossfuzz
@@ -24,41 +22,23 @@ if (OSSFUZZ)
 endif()
 
 if (OSSFUZZ)
-    add_executable(solc_opt_ossfuzz
-            solc_opt_ossfuzz.cpp
+    add_executable(solc_ossfuzz
+            solc_ossfuzz.cpp
             ../fuzzer_common.cpp
             ../../TestCaseReader.cpp
     )
-    target_link_libraries(solc_opt_ossfuzz PRIVATE libsolc evmasm)
-    set_target_properties(solc_opt_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
+    target_link_libraries(solc_ossfuzz PRIVATE libsolc evmasm)
+    set_target_properties(solc_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
 
-    add_executable(solc_opt_mutator_ossfuzz
-            solc_opt_ossfuzz.cpp
+    add_executable(solc_mutator_ossfuzz
+            solc_ossfuzz.cpp
             ../fuzzer_common.cpp
             ../../TestCaseReader.cpp
             SolidityGenerator.cpp
             SolidityCustomMutatorInterface.cpp
     )
-    target_link_libraries(solc_opt_mutator_ossfuzz PRIVATE libsolc evmasm)
-    set_target_properties(solc_opt_mutator_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
-
-    add_executable(solc_noopt_ossfuzz
-            solc_noopt_ossfuzz.cpp
-            ../fuzzer_common.cpp
-            ../../TestCaseReader.cpp
-    )
-    target_link_libraries(solc_noopt_ossfuzz PRIVATE libsolc evmasm)
-    set_target_properties(solc_noopt_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
-
-    add_executable(solc_noopt_mutator_ossfuzz
-            solc_noopt_ossfuzz.cpp
-            ../fuzzer_common.cpp
-            ../../TestCaseReader.cpp
-            SolidityGenerator.cpp
-            SolidityCustomMutatorInterface.cpp
-    )
-    target_link_libraries(solc_noopt_mutator_ossfuzz PRIVATE libsolc evmasm)
-    set_target_properties(solc_noopt_mutator_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
+    target_link_libraries(solc_mutator_ossfuzz PRIVATE libsolc evmasm)
+    set_target_properties(solc_mutator_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
 
     add_executable(const_opt_ossfuzz const_opt_ossfuzz.cpp ../fuzzer_common.cpp)
     target_link_libraries(const_opt_ossfuzz PRIVATE libsolc evmasm)
@@ -189,29 +169,17 @@ if (OSSFUZZ)
     set_target_properties(sol_proto_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
     target_compile_options(sol_proto_ossfuzz PUBLIC ${COMPILE_OPTIONS} -Wno-sign-conversion -Wno-suggest-destructor-override -Wno-inconsistent-missing-destructor-override)
 else()
-    add_library(solc_opt_ossfuzz
-            solc_opt_ossfuzz.cpp
+    add_library(solc_ossfuzz
+            solc_ossfuzz.cpp
             ../fuzzer_common.cpp
             )
-    target_link_libraries(solc_opt_ossfuzz PRIVATE libsolc evmasm)
+    target_link_libraries(solc_ossfuzz PRIVATE libsolc evmasm)
 
-    add_library(solc_opt_mutator_ossfuzz
-            solc_opt_ossfuzz.cpp
+    add_library(solc_mutator_ossfuzz
+            solc_ossfuzz.cpp
             ../fuzzer_common.cpp
             )
-    target_link_libraries(solc_opt_mutator_ossfuzz PRIVATE libsolc evmasm)
-
-    add_library(solc_noopt_ossfuzz
-            solc_noopt_ossfuzz.cpp
-            ../fuzzer_common.cpp
-            )
-    target_link_libraries(solc_noopt_ossfuzz PRIVATE libsolc evmasm)
-
-    add_library(solc_noopt_mutator_ossfuzz
-            solc_noopt_ossfuzz.cpp
-            ../fuzzer_common.cpp
-            )
-    target_link_libraries(solc_noopt_mutator_ossfuzz PRIVATE libsolc evmasm)
+    target_link_libraries(solc_mutator_ossfuzz PRIVATE libsolc evmasm)
 
     add_library(const_opt_ossfuzz
             const_opt_ossfuzz.cpp

test/tools/ossfuzz/config/solidity.dict

@@ -9,6 +9,7 @@
 " gasleft() "
 " gwei "
 " hours "
+" is "
 " minutes "
 " msg.data "
 " msg.gas "
@@ -40,16 +41,20 @@
 ".delegatecall("
 ".gas("
 ".kill("
-".shutdown("
 ".length"
 ".pop();"
 ".push("
 ".runtimeCode"
 ".send("
+".shutdown("
 ".staticcall("
 ".transfer("
 ".value"
 "/"
+"// compileViaYul: false"
+"// compileViaYul: true"
+"// optimize: false"
+"// optimize: true"
 "//"
 "0**0"
 "1.1"
@@ -60,6 +65,8 @@
 "<<"
 "<="
 "=="
+"===="
+"====Source:"
 ">"
 ">="
 ">>"
@@ -67,6 +74,7 @@
 "\\udead"
 "\\xff"
 "^"
+"a[1:2]"
 "abi.encode("
 "abi.encodePacked("
 "abi.encodeWithSelector("
@@ -117,6 +125,8 @@
 "bytes7 "
 "bytes8 "
 "bytes9 "
+"catch (bytes memory ) {}"
+"catch Error() {}"
 "constant "
 "constructor() "
 "continue;"
@@ -129,6 +139,7 @@
 "enum B { "
 "event e("
 "external "
+"fallback() "
 "false "
 "fixed "
 "fixed128x128 "
@@ -146,6 +157,7 @@
 "keccak256("
 "keccak256.gas("
 "keccak256.value("
+"leave"
 "let x := "
 "library l { "
 "log0("
@@ -158,6 +170,7 @@
 "modifier onlySeller() { "
 "mulmod("
 "new "
+"override"
 "payable "
 "pragma experimental ABIEncoderV2;"
 "pragma experimental SMTChecker;"
@@ -165,6 +178,7 @@
 "pragma solidity ^90.90.0"
 "public "
 "pure "
+"receive() "
 "require("
 "require(msg.sender == 0,\"\""
 "return "
@@ -201,6 +215,7 @@
 "using "
 "var "
 "view "
+"virtual"
 "while "
 "x % y"
 "x * 2**y"
@@ -208,17 +223,8 @@
 "x << y"
 "{ uint x; }"
 "{"
+"{salt: "salt", value: 10}"
+"{value: 1, gas: 2}"
 "|"
 "}"
 "~"
-"override"
-"virtual"
-" is "
-"receive() "
-"fallback() "
-"catch Error() {}"
-"catch (bytes memory ) {}"
-"{value: 1, gas: 2}"
-"{salt: "salt", value: 10}"
-"leave"
-"a[1:2]"

test/tools/ossfuzz/solc_opt_ossfuzz.cpp

@@ -1,54 +0,0 @@
-/*
-	This file is part of solidity.
-
-	solidity is free software: you can redistribute it and/or modify
-	it under the terms of the GNU General Public License as published by
-	the Free Software Foundation, either version 3 of the License, or
-	(at your option) any later version.
-
-	solidity is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-	GNU General Public License for more details.
-
-	You should have received a copy of the GNU General Public License
-	along with solidity.  If not, see <http://www.gnu.org/licenses/>.
-*/
-// SPDX-License-Identifier: GPL-3.0
-
-#include <test/tools/fuzzer_common.h>
-
-#include <test/TestCaseReader.h>
-
-#include <sstream>
-
-using namespace solidity::frontend::test;
-using namespace std;
-
-// Prototype as we can't use the FuzzerInterface.h header.
-extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size);
-
-extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
-{
-	if (_size <= 600)
-	{
-		string input(reinterpret_cast<char const*>(_data), _size);
-		map<string, string> sourceCode;
-		try
-		{
-			TestCaseReader t = TestCaseReader(std::istringstream(input));
-			sourceCode = t.sources().sources;
-		}
-		catch (runtime_error const&)
-		{
-			return 0;
-		}
-		FuzzerUtil::testCompiler(
-			sourceCode,
-			/*optimize=*/true,
-			/*rand=*/static_cast<unsigned>(_size),
-			/*forceSMT=*/true
-		);
-	}
-	return 0;
-}

test/tools/ossfuzz/solc_ossfuzz.cpp

@@ -38,17 +38,23 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
 		{
 			TestCaseReader t = TestCaseReader(std::istringstream(input));
 			sourceCode = t.sources().sources;
+			map<string, string> settings = t.settings();
+			bool compileViaYul =
+				settings.count("compileViaYul") &&
+				(settings.at("compileViaYul") == "also" || settings.at("compileViaYul") == "true");
+			bool optimize = settings.count("optimize") && settings.at("optimize") == "true";
+			FuzzerUtil::testCompiler(
+				sourceCode,
+				optimize,
+				/*_rand=*/static_cast<unsigned>(_size),
+				/*forceSMT=*/true,
+				compileViaYul
+			);
 		}
 		catch (runtime_error const&)
 		{
 			return 0;
 		}
-		FuzzerUtil::testCompiler(
-			sourceCode,
-			/*optimize=*/false,
-			/*_rand=*/static_cast<unsigned>(_size),
-			/*forceSMT=*/true
-		);
 	}
 	return 0;
 }