cerc-io/solidity
10
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #10902 from ethereum/unified-solc-fuzzer

Browse Source 
Unify solc fuzzers.
This commit is contained in:
Bhargava Shastry 2021-02-08 13:25:52 +01:00 committed by GitHub
commit 8843890785
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 58 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.circleci/config.yml
View File

@ -88,10 +88,8 @@ defaults:
- test/tools/ossfuzz/abiv2_proto_ossfuzz - test/tools/ossfuzz/abiv2_proto_ossfuzz
- test/tools/ossfuzz/abiv2_isabelle_ossfuzz - test/tools/ossfuzz/abiv2_isabelle_ossfuzz
- test/tools/ossfuzz/const_opt_ossfuzz - test/tools/ossfuzz/const_opt_ossfuzz
- test/tools/ossfuzz/solc_noopt_mutator_ossfuzz - test/tools/ossfuzz/solc_mutator_ossfuzz
- test/tools/ossfuzz/solc_noopt_ossfuzz - test/tools/ossfuzz/solc_ossfuzz
- test/tools/ossfuzz/solc_opt_mutator_ossfuzz
- test/tools/ossfuzz/solc_opt_ossfuzz
- test/tools/ossfuzz/strictasm_assembly_ossfuzz - test/tools/ossfuzz/strictasm_assembly_ossfuzz
- test/tools/ossfuzz/strictasm_diff_ossfuzz - test/tools/ossfuzz/strictasm_diff_ossfuzz
- test/tools/ossfuzz/strictasm_opt_ossfuzz - test/tools/ossfuzz/strictasm_opt_ossfuzz

9
test/tools/fuzzer_common.cpp
View File

@ -81,7 +81,13 @@ void FuzzerUtil::forceSMT(StringMap& _input)
sourceUnit.second += smtPragma; sourceUnit.second += smtPragma;
} }
void FuzzerUtil::testCompiler(StringMap& _input, bool _optimize, unsigned _rand, bool _forceSMT) void FuzzerUtil::testCompiler(
StringMap& _input,
bool _optimize,
unsigned _rand,
bool _forceSMT,
bool _compileViaYul
)
{ {
frontend::CompilerStack compiler; frontend::CompilerStack compiler;
EVMVersion evmVersion = s_evmVersions[_rand % s_evmVersions.size()]; EVMVersion evmVersion = s_evmVersions[_rand % s_evmVersions.size()];
@ -98,6 +104,7 @@ void FuzzerUtil::testCompiler(StringMap& _input, bool _optimize, unsigned _rand,
compiler.setSources(_input); compiler.setSources(_input);
compiler.setEVMVersion(evmVersion); compiler.setEVMVersion(evmVersion);
compiler.setOptimiserSettings(optimiserSettings); compiler.setOptimiserSettings(optimiserSettings);
compiler.enableIRGeneration(_compileViaYul);
try try
{ {
compiler.compile(); compiler.compile();

3
test/tools/fuzzer_common.h
View File

@ -41,7 +41,8 @@ struct FuzzerUtil
solidity::StringMap& _input, solidity::StringMap& _input,
bool _optimize, bool _optimize,
unsigned _rand, unsigned _rand,
bool _forceSMT bool _forceSMT,
bool _compileViaYul
); );
/// Adds the experimental SMTChecker pragma to each source file in the /// Adds the experimental SMTChecker pragma to each source file in the
/// source map. /// source map.

64
test/tools/ossfuzz/CMakeLists.txt
View File

@ -1,9 +1,7 @@
add_custom_target(ossfuzz) add_custom_target(ossfuzz)
add_dependencies(ossfuzz add_dependencies(ossfuzz
solc_opt_ossfuzz solc_ossfuzz
solc_opt_mutator_ossfuzz solc_mutator_ossfuzz
solc_noopt_ossfuzz
solc_noopt_mutator_ossfuzz
const_opt_ossfuzz const_opt_ossfuzz
strictasm_diff_ossfuzz strictasm_diff_ossfuzz
strictasm_opt_ossfuzz strictasm_opt_ossfuzz
@ -24,41 +22,23 @@ if (OSSFUZZ)
endif() endif()
if (OSSFUZZ) if (OSSFUZZ)
add_executable(solc_opt_ossfuzz add_executable(solc_ossfuzz
solc_opt_ossfuzz.cpp solc_ossfuzz.cpp
../fuzzer_common.cpp ../fuzzer_common.cpp
../../TestCaseReader.cpp ../../TestCaseReader.cpp
) )
target_link_libraries(solc_opt_ossfuzz PRIVATE libsolc evmasm) target_link_libraries(solc_ossfuzz PRIVATE libsolc evmasm)
set_target_properties(solc_opt_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE}) set_target_properties(solc_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
add_executable(solc_opt_mutator_ossfuzz add_executable(solc_mutator_ossfuzz
solc_opt_ossfuzz.cpp solc_ossfuzz.cpp
../fuzzer_common.cpp ../fuzzer_common.cpp
../../TestCaseReader.cpp ../../TestCaseReader.cpp
SolidityGenerator.cpp SolidityGenerator.cpp
SolidityCustomMutatorInterface.cpp SolidityCustomMutatorInterface.cpp
) )
target_link_libraries(solc_opt_mutator_ossfuzz PRIVATE libsolc evmasm) target_link_libraries(solc_mutator_ossfuzz PRIVATE libsolc evmasm)
set_target_properties(solc_opt_mutator_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE}) set_target_properties(solc_mutator_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
add_executable(solc_noopt_ossfuzz
solc_noopt_ossfuzz.cpp
../fuzzer_common.cpp
../../TestCaseReader.cpp
)
target_link_libraries(solc_noopt_ossfuzz PRIVATE libsolc evmasm)
set_target_properties(solc_noopt_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
add_executable(solc_noopt_mutator_ossfuzz
solc_noopt_ossfuzz.cpp
../fuzzer_common.cpp
../../TestCaseReader.cpp
SolidityGenerator.cpp
SolidityCustomMutatorInterface.cpp
)
target_link_libraries(solc_noopt_mutator_ossfuzz PRIVATE libsolc evmasm)
set_target_properties(solc_noopt_mutator_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
add_executable(const_opt_ossfuzz const_opt_ossfuzz.cpp ../fuzzer_common.cpp) add_executable(const_opt_ossfuzz const_opt_ossfuzz.cpp ../fuzzer_common.cpp)
target_link_libraries(const_opt_ossfuzz PRIVATE libsolc evmasm) target_link_libraries(const_opt_ossfuzz PRIVATE libsolc evmasm)
@ -189,29 +169,17 @@ if (OSSFUZZ)
set_target_properties(sol_proto_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE}) set_target_properties(sol_proto_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
target_compile_options(sol_proto_ossfuzz PUBLIC ${COMPILE_OPTIONS} -Wno-sign-conversion -Wno-suggest-destructor-override -Wno-inconsistent-missing-destructor-override) target_compile_options(sol_proto_ossfuzz PUBLIC ${COMPILE_OPTIONS} -Wno-sign-conversion -Wno-suggest-destructor-override -Wno-inconsistent-missing-destructor-override)
else() else()
add_library(solc_opt_ossfuzz add_library(solc_ossfuzz
solc_opt_ossfuzz.cpp solc_ossfuzz.cpp
../fuzzer_common.cpp ../fuzzer_common.cpp
) )
target_link_libraries(solc_opt_ossfuzz PRIVATE libsolc evmasm) target_link_libraries(solc_ossfuzz PRIVATE libsolc evmasm)
add_library(solc_opt_mutator_ossfuzz add_library(solc_mutator_ossfuzz
solc_opt_ossfuzz.cpp solc_ossfuzz.cpp
../fuzzer_common.cpp ../fuzzer_common.cpp
) )
target_link_libraries(solc_opt_mutator_ossfuzz PRIVATE libsolc evmasm) target_link_libraries(solc_mutator_ossfuzz PRIVATE libsolc evmasm)
add_library(solc_noopt_ossfuzz
solc_noopt_ossfuzz.cpp
../fuzzer_common.cpp
)
target_link_libraries(solc_noopt_ossfuzz PRIVATE libsolc evmasm)
add_library(solc_noopt_mutator_ossfuzz
solc_noopt_ossfuzz.cpp
../fuzzer_common.cpp
)
target_link_libraries(solc_noopt_mutator_ossfuzz PRIVATE libsolc evmasm)
add_library(const_opt_ossfuzz add_library(const_opt_ossfuzz
const_opt_ossfuzz.cpp const_opt_ossfuzz.cpp

30
test/tools/ossfuzz/config/solidity.dict
View File

@ -9,6 +9,7 @@
" gasleft() " " gasleft() "
" gwei " " gwei "
" hours " " hours "
" is "
" minutes " " minutes "
" msg.data " " msg.data "
" msg.gas " " msg.gas "
@ -40,16 +41,20 @@
".delegatecall(" ".delegatecall("
".gas(" ".gas("
".kill(" ".kill("
".shutdown("
".length" ".length"
".pop();" ".pop();"
".push(" ".push("
".runtimeCode" ".runtimeCode"
".send(" ".send("
".shutdown("
".staticcall(" ".staticcall("
".transfer(" ".transfer("
".value" ".value"
"/" "/"
"// compileViaYul: false"
"// compileViaYul: true"
"// optimize: false"
"// optimize: true"
"//" "//"
"0**0" "0**0"
"1.1" "1.1"
@ -60,6 +65,8 @@
"<<" "<<"
"<=" "<="
"==" "=="
"===="
"====Source:"
">" ">"
">=" ">="
">>" ">>"
@ -67,6 +74,7 @@
"\\udead" "\\udead"
"\\xff" "\\xff"
"^" "^"
"a[1:2]"
"abi.encode(" "abi.encode("
"abi.encodePacked(" "abi.encodePacked("
"abi.encodeWithSelector(" "abi.encodeWithSelector("
@ -117,6 +125,8 @@
"bytes7 " "bytes7 "
"bytes8 " "bytes8 "
"bytes9 " "bytes9 "
"catch (bytes memory ) {}"
"catch Error() {}"
"constant " "constant "
"constructor() " "constructor() "
"continue;" "continue;"
@ -129,6 +139,7 @@
"enum B { " "enum B { "
"event e(" "event e("
"external " "external "
"fallback() "
"false " "false "
"fixed " "fixed "
"fixed128x128 " "fixed128x128 "
@ -146,6 +157,7 @@
"keccak256(" "keccak256("
"keccak256.gas(" "keccak256.gas("
"keccak256.value(" "keccak256.value("
"leave"
"let x := " "let x := "
"library l { " "library l { "
"log0(" "log0("
@ -158,6 +170,7 @@
"modifier onlySeller() { " "modifier onlySeller() { "
"mulmod(" "mulmod("
"new " "new "
"override"
"payable " "payable "
"pragma experimental ABIEncoderV2;" "pragma experimental ABIEncoderV2;"
"pragma experimental SMTChecker;" "pragma experimental SMTChecker;"
@ -165,6 +178,7 @@
"pragma solidity ^90.90.0" "pragma solidity ^90.90.0"
"public " "public "
"pure " "pure "
"receive() "
"require(" "require("
"require(msg.sender == 0,\"\"" "require(msg.sender == 0,\"\""
"return " "return "
@ -201,6 +215,7 @@
"using " "using "
"var " "var "
"view " "view "
"virtual"
"while " "while "
"x % y" "x % y"
"x * 2**y" "x * 2**y"
@ -208,17 +223,8 @@
"x << y" "x << y"
"{ uint x; }" "{ uint x; }"
"{" "{"
"{salt: "salt", value: 10}"
"{value: 1, gas: 2}"
"|" "|"
"}" "}"
"~" "~"
"override"
"virtual"
" is "
"receive() "
"fallback() "
"catch Error() {}"
"catch (bytes memory ) {}"
"{value: 1, gas: 2}"
"{salt: "salt", value: 10}"
"leave"
"a[1:2]"

54
test/tools/ossfuzz/solc_opt_ossfuzz.cpp
View File

@ -1,54 +0,0 @@
/*
This file is part of solidity.
solidity is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
solidity is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with solidity. If not, see <http://www.gnu.org/licenses/>.
*/
// SPDX-License-Identifier: GPL-3.0
#include <test/tools/fuzzer_common.h>
#include <test/TestCaseReader.h>
#include <sstream>
using namespace solidity::frontend::test;
using namespace std;
// Prototype as we can't use the FuzzerInterface.h header.
extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size);
extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
{
if (_size <= 600)
{
string input(reinterpret_cast<char const*>(_data), _size);
map<string, string> sourceCode;
try
{
TestCaseReader t = TestCaseReader(std::istringstream(input));
sourceCode = t.sources().sources;
}
catch (runtime_error const&)
{
return 0;
}
FuzzerUtil::testCompiler(
sourceCode,
/*optimize=*/true,
/*rand=*/static_cast<unsigned>(_size),
/*forceSMT=*/true
);
}
return 0;
}

18
test/tools/ossfuzz/solc_noopt_ossfuzz.cpp → test/tools/ossfuzz/solc_ossfuzz.cpp
View File

@ -38,17 +38,23 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
{ {
TestCaseReader t = TestCaseReader(std::istringstream(input)); TestCaseReader t = TestCaseReader(std::istringstream(input));
sourceCode = t.sources().sources; sourceCode = t.sources().sources;
map<string, string> settings = t.settings();
bool compileViaYul =
settings.count("compileViaYul") &&
(settings.at("compileViaYul") == "also" || settings.at("compileViaYul") == "true");
bool optimize = settings.count("optimize") && settings.at("optimize") == "true";
FuzzerUtil::testCompiler(
sourceCode,
optimize,
/*_rand=*/static_cast<unsigned>(_size),
/*forceSMT=*/true,
compileViaYul
);
} }
catch (runtime_error const&) catch (runtime_error const&)
{ {
return 0; return 0;
} }
FuzzerUtil::testCompiler(
sourceCode,
/*optimize=*/false,
/*_rand=*/static_cast<unsigned>(_size),
/*forceSMT=*/true
);
} }
return 0; return 0;
} }