Merge pull request #10668 from ethereum/fuzzer-always-add-smt-pragma

ossfuzz: Add option to force SMT pragma and set it in solc fuzzers
2023-10-03 13:03:40 +00:00 · 2020-12-21 12:38:44 +01:00 · 2020-12-21 12:38:44 +01:00 · beed9de7d5
commit beed9de7d5
parent a9a62e86df a6a2b58e57
4 changed files with 40 additions and 6 deletions
--- a/test/tools/fuzzer_common.cpp
+++ b/test/tools/fuzzer_common.cpp
@ -72,7 +72,16 @@ void FuzzerUtil::testCompilerJsonInterface(string const& _input, bool _optimize,
 	runCompiler(jsonCompactPrint(config), _quiet);
 }

-void FuzzerUtil::testCompiler(StringMap const& _input, bool _optimize, unsigned _rand)
+void FuzzerUtil::forceSMT(StringMap& _input)
+{
+	// Add SMT checker pragma if not already present in source
+	static const char* smtPragma = "pragma experimental SMTChecker;";
+	for (auto &sourceUnit: _input)
+		if (sourceUnit.second.find(smtPragma) == string::npos)
+			sourceUnit.second += smtPragma;
+}
+
+void FuzzerUtil::testCompiler(StringMap& _input, bool _optimize, unsigned _rand, bool _forceSMT)
 {
 	frontend::CompilerStack compiler;
 	EVMVersion evmVersion = s_evmVersions[_rand % s_evmVersions.size()];
@ -81,6 +90,11 @@ void FuzzerUtil::testCompiler(StringMap const& _input, bool _optimize, unsigned
 		optimiserSettings = frontend::OptimiserSettings::standard();
 	else
 		optimiserSettings = frontend::OptimiserSettings::minimal();
+	if (_forceSMT)
+	{
+		forceSMT(_input);
+		compiler.setModelCheckerSettings({frontend::ModelCheckerEngine::All(), /*timeout=*/1});
+	}
 	compiler.setSources(_input);
 	compiler.setEVMVersion(evmVersion);
 	compiler.setOptimiserSettings(optimiserSettings);
--- a/test/tools/fuzzer_common.h
+++ b/test/tools/fuzzer_common.h
@ -33,7 +33,17 @@ struct FuzzerUtil
 	static void testStandardCompiler(std::string const& _input, bool _quiet);
 	/// Compiles @param _input which is a map of input file name to source code
 	/// string with optimisation turned on if @param _optimize is true
-	/// (off otherwise) and a pseudo-random @param _rand that selects the EVM
-	/// version to be compiled for.
-	static void testCompiler(solidity::StringMap const& _input, bool _optimize, unsigned _rand);
+	/// (off otherwise), a pseudo-random @param _rand that selects the EVM
+	/// version to be compiled for, and bool @param _forceSMT that, if true,
+	/// adds the experimental SMTChecker pragma to each source file in the
+	/// source map.
+	static void testCompiler(
+		solidity::StringMap& _input,
+		bool _optimize,
+		unsigned _rand,
+		bool _forceSMT
+	);
+	/// Adds the experimental SMTChecker pragma to each source file in the
+	/// source map.
+	static void forceSMT(solidity::StringMap& _input);
 };
--- a/test/tools/ossfuzz/solc_noopt_ossfuzz.cpp
+++ b/test/tools/ossfuzz/solc_noopt_ossfuzz.cpp
@ -43,7 +43,12 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
 		{
 			return 0;
 		}
-		FuzzerUtil::testCompiler(sourceCode, /*optimize=*/false, /*_rand=*/static_cast<unsigned>(_size));
+		FuzzerUtil::testCompiler(
+			sourceCode,
+			/*optimize=*/false,
+			/*_rand=*/static_cast<unsigned>(_size),
+			/*forceSMT=*/true
+		);
 	}
 	return 0;
 }
--- a/test/tools/ossfuzz/solc_opt_ossfuzz.cpp
+++ b/test/tools/ossfuzz/solc_opt_ossfuzz.cpp
@ -43,7 +43,12 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* _data, size_t _size)
 		{
 			return 0;
 		}
-		FuzzerUtil::testCompiler(sourceCode, /*optimize=*/true, /*rand=*/static_cast<unsigned>(_size));
+		FuzzerUtil::testCompiler(
+			sourceCode,
+			/*optimize=*/true,
+			/*rand=*/static_cast<unsigned>(_size),
+			/*forceSMT=*/true
+		);
 	}
 	return 0;
 }