cerc-io/solidity
11
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

yul proto fuzzer: Place an upper bound on number of function calls generated

Browse Source
This commit is contained in:
Bhargava Shastry 2019-11-11 11:35:16 +01:00
parent 1a7bd4681a
commit b6b0a99afc
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
test/tools/ossfuzz/protoToYul.cpp
View File

@ -1410,14 +1410,27 @@ void ProtoConverter::createFunctionDefAndCall(
!m_inForInitScope,
"Proto fuzzer: Trying to create function call inside for-init block"
);
createFunctionCall(funcName, _numInParams, _numOutParams);
// Create a function call pseudo randomly. The heuristic for this is
// - We have not exceeded the maximum function call limit
// - Function to be called qualifies as non trivial
// - A function is non trivial if it contains at least "s_minStatements"
// statements
if (m_numFunctionCalls < s_maxFunctionCalls)
if (static_cast<unsigned>(_x.block().statements_size()) >= s_minStatements)
{
createFunctionCall(funcName, _numInParams, _numOutParams);
m_numFunctionCalls++;
}
}
void ProtoConverter::visit(FunctionDef const& _x)
{
unsigned numInParams = _x.num_input_params() % s_modInputParams;
unsigned numOutParams = _x.num_output_params() % s_modOutputParams;
createFunctionDefAndCall(_x, numInParams, numOutParams);
createFunctionDefAndCall(
_x,
_x.num_input_params() % s_modInputParams,
_x.num_output_params() % s_modOutputParams
);
}
void ProtoConverter::visit(PopStmt const& _x)

9
test/tools/ossfuzz/protoToYul.h
View File

@ -47,6 +47,7 @@ public:
m_inForBodyScope = false;
m_inForInitScope = false;
m_numNestedForLoops = 0;
m_numFunctionCalls = 0;
m_counter = 0;
m_inputSize = 0;
m_inFunctionDef = false;
@ -329,9 +330,13 @@ private:
std::map<std::string, std::pair<unsigned, unsigned>> m_functionSigMap;
/// Tree of objects and their scopes
std::vector<std::vector<std::string>> m_objectScopeTree;
// mod input/output parameters impose an upper bound on the number of input/output parameters a function may have.
/// mod input/output parameters impose an upper bound on the number of input/output parameters a function may have.
static unsigned constexpr s_modInputParams = 5;
static unsigned constexpr s_modOutputParams = 5;
/// Maximum number of function calls permissible to keep a check on program size.
static unsigned constexpr s_maxFunctionCalls = 3;
/// Lower bound for function statement count to be considered non-trivial
static unsigned constexpr s_minStatements = 5;
/// Hard-coded identifier for a Yul object's data block
static auto constexpr s_dataIdentifier = "datablock";
/// Predicate to keep track of for body scope. If true, break/continue
@ -339,6 +344,8 @@ private:
bool m_inForBodyScope;
// Index used for naming loop variable of bounded for loops
unsigned m_numNestedForLoops;
/// Counter to keep track of number of function calls
unsigned m_numFunctionCalls;
/// Predicate to keep track of for loop init scope. If true, variable
/// or function declarations can not be created.
bool m_inForInitScope;