solc fuzzers: Use compiler stack for fuzzing

test/tools/afl_fuzzer.cpp

@@ -124,7 +124,7 @@ Allowed options)",
 			else if (arguments.count("standard-json"))
 				FuzzerUtil::testStandardCompiler(input, quiet);
 			else
-				FuzzerUtil::testCompiler(input, optimize, quiet);
+				FuzzerUtil::testCompilerJsonInterface(input, optimize, quiet);
 		}
 		catch (...)
 		{

test/tools/fuzzer_common.cpp

@@ -17,28 +17,87 @@
 
 #include <test/tools/fuzzer_common.h>
 
+#include <libsolidity/interface/CompilerStack.h>
+
 #include <libsolutil/JSON.h>
+
 #include <libevmasm/Assembly.h>
 #include <libevmasm/ConstantOptimiser.h>
+
 #include <libsolc/libsolc.h>
 
+#include <liblangutil/Exceptions.h>
+
 #include <sstream>
 
 using namespace std;
 using namespace solidity;
 using namespace solidity::util;
 using namespace solidity::evmasm;
+using namespace solidity::langutil;
 
-static vector<string> s_evmVersions = {
+static vector<EVMVersion> s_evmVersions = {
-	"homestead",
+	EVMVersion::homestead(),
-	"tangerineWhistle",
+	EVMVersion::tangerineWhistle(),
-	"spuriousDragon",
+	EVMVersion::spuriousDragon(),
-	"byzantium",
+	EVMVersion::byzantium(),
-	"constantinople",
+	EVMVersion::constantinople(),
-	"petersburg",
+	EVMVersion::petersburg(),
-	"istanbul"
+	EVMVersion::istanbul(),
+	EVMVersion::berlin()
 };
 
+void FuzzerUtil::testCompilerJsonInterface(string const& _input, bool _optimize, bool _quiet)
+{
+	if (!_quiet)
+		cout << "Testing compiler " << (_optimize ? "with" : "without") << " optimizer." << endl;
+
+	Json::Value config = Json::objectValue;
+	config["language"] = "Solidity";
+	config["sources"] = Json::objectValue;
+	config["sources"][""] = Json::objectValue;
+	config["sources"][""]["content"] = _input;
+	config["settings"] = Json::objectValue;
+	config["settings"]["optimizer"] = Json::objectValue;
+	config["settings"]["optimizer"]["enabled"] = _optimize;
+	config["settings"]["optimizer"]["runs"] = 200;
+	config["settings"]["evmVersion"] = "berlin";
+
+	// Enable all SourceUnit-level outputs.
+	config["settings"]["outputSelection"]["*"][""][0] = "*";
+	// Enable all Contract-level outputs.
+	config["settings"]["outputSelection"]["*"]["*"][0] = "*";
+
+	runCompiler(jsonCompactPrint(config), _quiet);
+}
+
+void FuzzerUtil::testCompiler(string const& _input, bool _optimize)
+{
+	frontend::CompilerStack compiler;
+	EVMVersion evmVersion = s_evmVersions[_input.size() % s_evmVersions.size()];
+	frontend::OptimiserSettings optimiserSettings;
+	if (_optimize)
+		optimiserSettings = frontend::OptimiserSettings::standard();
+	else
+		optimiserSettings = frontend::OptimiserSettings::minimal();
+	compiler.setSources({{"", _input}});
+	compiler.setEVMVersion(evmVersion);
+	compiler.setOptimiserSettings(optimiserSettings);
+	try
+	{
+		compiler.compile();
+	}
+	catch (Error const&)
+	{
+	}
+	catch (FatalError const&)
+	{
+	}
+	catch (UnimplementedFeatureError const&)
+	{
+	}
+}
+
 void FuzzerUtil::runCompiler(string const& _input, bool _quiet)
 {
 	if (!_quiet)
@@ -73,30 +132,6 @@ void FuzzerUtil::runCompiler(string const& _input, bool _quiet)
 		}
 }
 
-void FuzzerUtil::testCompiler(string const& _input, bool _optimize, bool _quiet)
-{
-	if (!_quiet)
-		cout << "Testing compiler " << (_optimize ? "with" : "without") << " optimizer." << endl;
-
-	Json::Value config = Json::objectValue;
-	config["language"] = "Solidity";
-	config["sources"] = Json::objectValue;
-	config["sources"][""] = Json::objectValue;
-	config["sources"][""]["content"] = _input;
-	config["settings"] = Json::objectValue;
-	config["settings"]["optimizer"] = Json::objectValue;
-	config["settings"]["optimizer"]["enabled"] = _optimize;
-	config["settings"]["optimizer"]["runs"] = 200;
-	config["settings"]["evmVersion"] = s_evmVersions[_input.size() % s_evmVersions.size()];
-
-	// Enable all SourceUnit-level outputs.
-	config["settings"]["outputSelection"]["*"][""][0] = "*";
-	// Enable all Contract-level outputs.
-	config["settings"]["outputSelection"]["*"]["*"][0] = "*";
-
-	runCompiler(jsonCompactPrint(config), _quiet);
-}
-
 void FuzzerUtil::testConstantOptimizer(string const& _input, bool _quiet)
 {
 	if (!_quiet)

test/tools/fuzzer_common.h

@@ -24,7 +24,8 @@
 struct FuzzerUtil
 {
 	static void runCompiler(std::string const& _input, bool _quiet);
-	static void testCompiler(std::string const& _input, bool _optimize, bool _quiet);
+	static void testCompilerJsonInterface(std::string const& _input, bool _optimize, bool _quiet);
 	static void testConstantOptimizer(std::string const& _input, bool _quiet);
 	static void testStandardCompiler(std::string const& _input, bool _quiet);
+	static void testCompiler(std::string const& _input, bool _optimize);
 };

test/tools/ossfuzz/solc_noopt_ossfuzz.cpp

@@ -24,7 +24,7 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
 	if (_size <= 600)
 	{
 		string input(reinterpret_cast<char const*>(_data), _size);
-		FuzzerUtil::testCompiler(input, /*optimize=*/false, /*quiet=*/true);
+		FuzzerUtil::testCompiler(input, /*optimize=*/false);
 	}
 	return 0;
 }

test/tools/ossfuzz/solc_opt_ossfuzz.cpp

@@ -24,7 +24,7 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
 	if (_size <= 600)
 	{
 		string input(reinterpret_cast<char const *>(_data), _size);
-		FuzzerUtil::testCompiler(input, /*optimize=*/true, /*quiet=*/true);
+		FuzzerUtil::testCompiler(input, /*optimize=*/true);
 	}
 	return 0;
 }