From b28723933f8cd78ae64bb36ed4cf677fa240b9bc Mon Sep 17 00:00:00 2001
From: Bhargava Shastry <bhargava.shastry@ethereum.org>
Date: Tue, 17 Sep 2019 14:18:30 +0200
Subject: [PATCH] Add solc to yul generator corpus based fuzzer

---
 .circleci/config.yml                       |  1 +
 test/tools/afl_fuzzer.cpp                  |  2 +-
 test/tools/fuzzer_common.cpp               | 12 ++++++++-
 test/tools/fuzzer_common.h                 |  7 ++++-
 test/tools/ossfuzz/CMakeLists.txt          | 11 ++++++++
 test/tools/ossfuzz/solc_noopt_ossfuzz.cpp  |  2 +-
 test/tools/ossfuzz/solc_opt_ossfuzz.cpp    |  2 +-
 test/tools/ossfuzz/solc_yulgen_ossfuzz.cpp | 30 ++++++++++++++++++++++
 8 files changed, 62 insertions(+), 5 deletions(-)
 create mode 100644 test/tools/ossfuzz/solc_yulgen_ossfuzz.cpp

diff --git a/.circleci/config.yml b/.circleci/config.yml
index d5a5f67af..d6b5d6f25 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -74,6 +74,7 @@ defaults:
         - test/tools/ossfuzz/const_opt_ossfuzz
         - test/tools/ossfuzz/solc_noopt_ossfuzz
         - test/tools/ossfuzz/solc_opt_ossfuzz
+        - test/tools/ossfuzz/solc_yulgen_ossfuzz
         - test/tools/ossfuzz/strictasm_assembly_ossfuzz
         - test/tools/ossfuzz/strictasm_diff_ossfuzz
         - test/tools/ossfuzz/strictasm_opt_ossfuzz
diff --git a/test/tools/afl_fuzzer.cpp b/test/tools/afl_fuzzer.cpp
index 2a8632899..d266ea67e 100644
--- a/test/tools/afl_fuzzer.cpp
+++ b/test/tools/afl_fuzzer.cpp
@@ -123,7 +123,7 @@ Allowed options)",
 			else if (arguments.count("standard-json"))
 				FuzzerUtil::testStandardCompiler(input, quiet);
 			else
-				FuzzerUtil::testCompiler(input, optimize, quiet);
+				FuzzerUtil::testCompiler(input, optimize, quiet, false);
 		}
 		catch (...)
 		{
diff --git a/test/tools/fuzzer_common.cpp b/test/tools/fuzzer_common.cpp
index edeb1e554..cc84a45b3 100644
--- a/test/tools/fuzzer_common.cpp
+++ b/test/tools/fuzzer_common.cpp
@@ -71,7 +71,12 @@ void FuzzerUtil::runCompiler(string const& _input, bool _quiet)
 		}
 }
 
-void FuzzerUtil::testCompiler(string const& _input, bool _optimize, bool _quiet)
+void FuzzerUtil::testCompiler(
+	string const& _input,
+	bool _optimize,
+	bool _quiet,
+	bool _yulOptimize
+)
 {
 	if (!_quiet)
 		cout << "Testing compiler " << (_optimize ? "with" : "without") << " optimizer." << endl;
@@ -86,6 +91,11 @@ void FuzzerUtil::testCompiler(string const& _input, bool _optimize, bool _quiet)
 	config["settings"]["optimizer"]["enabled"] = _optimize;
 	config["settings"]["optimizer"]["runs"] = 200;
 	config["settings"]["evmVersion"] = s_evmVersions[_input.size() % s_evmVersions.size()];
+	if (_optimize && _yulOptimize)
+	{
+		config["settings"]["optimizer"]["details"] = Json::objectValue;
+		config["settings"]["optimizer"]["details"]["yul"] = true;
+	}
 
 	// Enable all SourceUnit-level outputs.
 	config["settings"]["outputSelection"]["*"][""][0] = "*";
diff --git a/test/tools/fuzzer_common.h b/test/tools/fuzzer_common.h
index edf196c1c..2876e3e6e 100644
--- a/test/tools/fuzzer_common.h
+++ b/test/tools/fuzzer_common.h
@@ -24,7 +24,12 @@
 struct FuzzerUtil
 {
 	static void runCompiler(std::string const& _input, bool _quiet);
-	static void testCompiler(std::string const& _input, bool _optimize, bool _quiet);
+	static void testCompiler(
+		std::string const& _input,
+		bool _optimize,
+		bool _quiet,
+		bool _yulOptimize
+	);
 	static void testConstantOptimizer(std::string const& _input, bool _quiet);
 	static void testStandardCompiler(std::string const& _input, bool _quiet);
 };
diff --git a/test/tools/ossfuzz/CMakeLists.txt b/test/tools/ossfuzz/CMakeLists.txt
index 2481c63c3..eba467fe6 100644
--- a/test/tools/ossfuzz/CMakeLists.txt
+++ b/test/tools/ossfuzz/CMakeLists.txt
@@ -2,6 +2,7 @@ add_custom_target(ossfuzz)
 add_dependencies(ossfuzz
         solc_opt_ossfuzz
         solc_noopt_ossfuzz
+        solc_yulgen_ossfuzz
         const_opt_ossfuzz
         strictasm_diff_ossfuzz
         strictasm_opt_ossfuzz
@@ -25,6 +26,10 @@ if (OSSFUZZ)
     target_link_libraries(solc_noopt_ossfuzz PRIVATE libsolc evmasm)
     set_target_properties(solc_noopt_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
 
+    add_executable(solc_yulgen_ossfuzz solc_yulgen_ossfuzz.cpp ../fuzzer_common.cpp)
+    target_link_libraries(solc_yulgen_ossfuzz PRIVATE libsolc evmasm)
+    set_target_properties(solc_yulgen_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
+
     add_executable(const_opt_ossfuzz const_opt_ossfuzz.cpp ../fuzzer_common.cpp)
     target_link_libraries(const_opt_ossfuzz PRIVATE libsolc evmasm)
     set_target_properties(const_opt_ossfuzz PROPERTIES LINK_FLAGS ${LIB_FUZZING_ENGINE})
@@ -90,6 +95,12 @@ else()
             )
     target_link_libraries(solc_noopt_ossfuzz PRIVATE libsolc evmasm)
 
+    add_library(solc_yulgen_ossfuzz
+            solc_yulgen_ossfuzz.cpp
+            ../fuzzer_common.cpp
+            )
+    target_link_libraries(solc_yulgen_ossfuzz PRIVATE libsolc evmasm)
+
     add_library(const_opt_ossfuzz
             const_opt_ossfuzz.cpp
             ../fuzzer_common.cpp)
diff --git a/test/tools/ossfuzz/solc_noopt_ossfuzz.cpp b/test/tools/ossfuzz/solc_noopt_ossfuzz.cpp
index 3a2ac5f27..a27d0a0dc 100644
--- a/test/tools/ossfuzz/solc_noopt_ossfuzz.cpp
+++ b/test/tools/ossfuzz/solc_noopt_ossfuzz.cpp
@@ -24,7 +24,7 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
 	if (_size <= 600)
 	{
 		string input(reinterpret_cast<char const*>(_data), _size);
-		FuzzerUtil::testCompiler(input, /*optimize=*/false, /*quiet=*/true);
+		FuzzerUtil::testCompiler(input, /*optimize=*/false, /*quiet=*/true, /*yulOptimize=*/false);
 	}
 	return 0;
 }
diff --git a/test/tools/ossfuzz/solc_opt_ossfuzz.cpp b/test/tools/ossfuzz/solc_opt_ossfuzz.cpp
index 72a59cba4..3db9208ed 100644
--- a/test/tools/ossfuzz/solc_opt_ossfuzz.cpp
+++ b/test/tools/ossfuzz/solc_opt_ossfuzz.cpp
@@ -24,7 +24,7 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
 	if (_size <= 600)
 	{
 		string input(reinterpret_cast<char const *>(_data), _size);
-		FuzzerUtil::testCompiler(input, /*optimize=*/true, /*quiet=*/true);
+		FuzzerUtil::testCompiler(input, /*optimize=*/true, /*quiet=*/true, /*yulOptimize=*/false);
 	}
 	return 0;
 }
diff --git a/test/tools/ossfuzz/solc_yulgen_ossfuzz.cpp b/test/tools/ossfuzz/solc_yulgen_ossfuzz.cpp
new file mode 100644
index 000000000..24055e1c7
--- /dev/null
+++ b/test/tools/ossfuzz/solc_yulgen_ossfuzz.cpp
@@ -0,0 +1,30 @@
+/*
+	This file is part of solidity.
+
+	solidity is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	solidity is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with solidity.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <test/tools/fuzzer_common.h>
+
+using namespace std;
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
+{
+	if (_size <= 600)
+	{
+		string input(reinterpret_cast<char const *>(_data), _size);
+		FuzzerUtil::testCompiler(input, /*optimize=*/true, /*quiet=*/true, /*yulOptimize=*/true);
+	}
+	return 0;
+}