cerc-io/solidity
10
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #5904 from bshastry/ossfuzz-dict

Browse Source 
Add fuzzer config files for oss-fuzz and a solidity fuzzing dictionary
This commit is contained in:
chriseth 2019-02-04 19:17:39 +01:00 committed by GitHub
commit d7e2838702
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 225 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
test/tools/ossfuzz/README.md
View File

@ -8,6 +8,14 @@ To help oss-fuzz do this, we (as project maintainers) need to provide the follow
- test harnesses: C/C++ tests that define the `LLVMFuzzerTestOneInput` API. This determines what is to be fuzz tested.
- build infrastructure: (c)make targets per fuzzing binary. Fuzzing requires coverage and memory instrumentation of the code to be fuzzed.
- configuration files: These are files with the `.options` extension that are parsed by oss-fuzz. The only option that we use currently is the `dictionary` option that asks the fuzzing engines behind oss-fuzz to use the specified dictionary. The specified dictionary happens to be `solidity.dict.`
`solidity.dict` contains Solidity-specific syntactical tokens that are more likely to guide the fuzzer towards generating parseable and varied Solidity input.
To be consistent and aid better evaluation of the utility of the fuzzing dictionary, we stick to the following rules-of-thumb:
- Full tokens such as `block.number` are preceded and followed by a whitespace
- Incomplete tokens including function calls such as `msg.sender.send()` are abbreviated `.send(` to provide some leeway to the fuzzer to sythesize variants such as `address(this).send()`
- Language keywords are suffixed by a whitespace with the exception of those that end a line of code such as `break;` and `continue;`
## What is libFuzzingEngine.a?

2
test/tools/ossfuzz/config/solc_noopt_ossfuzz.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
dict = solidity.dict

2
test/tools/ossfuzz/config/solc_opt_ossfuzz.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
dict = solidity.dict

213
test/tools/ossfuzz/config/solidity.dict Normal file
View File

@ -0,0 +1,213 @@
" address(this).balance "
" block.coinbase "
" block.difficulty "
" block.gaslimit "
" block.number "
" block.timestamp "
" days "
" ether "
" finney "
" gasleft() "
" hours "
" minutes "
" msg.data "
" msg.gas "
" msg.sender "
" msg.sig "
" msg.value "
" now "
" seconds "
" szabo "
" tx.gasprice "
" tx.origin "
" weeks "
" wei "
" years "
"!="
"%"
"&"
"("
")"
"*"
"**"
"+"
"++"
"-"
"--"
".balance"
".call("
".callcode("
".creationCode"
".delegatecall("
".gas("
".kill("
".length"
".pop();"
".push("
".runtimeCode"
".send("
".staticcall("
".transfer("
".value"
"/"
"//"
"0**0"
"1.1"
"2e10"
":="
";"
"<"
"<<"
"<="
"=="
">"
">="
">>"
"[a, b, c]"
"\\udead"
"\\xff"
"^"
"abi.encode("
"abi.encodePacked("
"abi.encodeWithSelector("
"abi.encodeWithSignature("
"add("
"addmod("
"address(this).call("
"address(this).callcode("
"address(this).delegatecall("
"address(this).send("
"address(this).transfer("
"anonymous"
"assembly { "
"assert("
"block.blockhash("
"bool "
"break;"
"byte "
"bytes("
"bytes1 "
"bytes10 "
"bytes11 "
"bytes12 "
"bytes13 "
"bytes14 "
"bytes15 "
"bytes16 "
"bytes17 "
"bytes18 "
"bytes19 "
"bytes2 "
"bytes20 "
"bytes21 "
"bytes22 "
"bytes23 "
"bytes24 "
"bytes25 "
"bytes26 "
"bytes27 "
"bytes28 "
"bytes29 "
"bytes3 "
"bytes30 "
"bytes32 "
"bytes4 "
"bytes5 "
"bytes6 "
"bytes7 "
"bytes8 "
"bytes9 "
"constant "
"constructor "
"continue;"
"contract "
"delete "
"do "
"ecrecover("
"else "
"emit a("
"enum B { "
"event e("
"external "
"false "
"fixed "
"fixed128x128 "
"for (a=0;a<2;a++) "
"function bid() public payable { "
"hex\"001122FF\""
"if "
"int "
"int x = -2**255;"
"int256 "
"int8 "
"interface i { "
"internal "
"is "
"keccak256("
"keccak256.gas("
"keccak256.value("
"let x := "
"library l { "
"log0("
"log1("
"log2("
"log3("
"log4("
"mapping("
"memory m = "
"modifier onlySeller() { "
"mulmod("
"new "
"payable "
"pragma experimental ABIEncoderV2;"
"pragma experimental SMTChecker;"
"pragma solidity >=0.4.0;"
"pragma solidity ^90.90.0"
"public "
"pure "
"require("
"require(msg.sender == 0,\"\""
"return "
"returns ("
"revert("
"ripemd160("
"ripemd160.gas("
"ripemd160.value("
"self"
"selfdestruct("
"sha256("
"sha256.gas("
"sha256.value("
"sha3("
"storage sto = "
"string memory str = "
"string storage str = "
"struct V { "
"suicide("
"super "
"switch "
"this"
"throw "
"true "
"try "
"type("
"ufixed "
"ufixed128x128 "
"uint "
"uint256 "
"uint8 "
"uint[] "
"uint[][5] "
"using "
"var "
"view "
"while "
"x % y"
"x * 2**y"
"x / 2**y"
"x << y"
"{ uint x; }"
"{"
"|"
"}"
"~"