Unable to run ossfuzz properly according to instructions

[Subway2023]

Page

https://github.com/ethereum/solidity/tree/develop/test/tools/ossfuzz

Abstract

cmake -DCMAKE_TOOLCHAIN_FILE=cmake/toolchains/libfuzzer.cmake -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE:-Release} ..

when I follow this instruction to run, there is a bug:

CMake Error at test/tools/ossfuzz/CMakeLists.txt:183 (add_executable):
Cannot find source file:

solProto.pb.cc

there is no file named solProto.pb.cc in solidity/test/tools/ossfuzz/

Pull request

[nikola-matic]

@bshastry can you take a look at this?

[Subway2023]

"Thank you for your response. With the addition of the statement protoc --proto_path=../test/tools/ossfuzz solProto.proto --cpp_out=../test/tools/ossfuzz, I was able to run the process successfully."

[Subway2023]

After compilation, the following files were obtained. May I inquire about the origin of these solidity-fuzzing-corpus files(https://github.com/ethereum/solidity-fuzzing-corpus) ? Were they generated using the binary files shown in the image?

[bshastry]

After compilation, the following files were obtained. May I inquire about the origin of these solidity-fuzzing-corpus files(https://github.com/ethereum/solidity-fuzzing-corpus) ? Were they generated using the binary files shown in the image?

Correct, they were generated using the binaries you mention.

[bshastry]

"Thank you for your response. With the addition of the statement protoc --proto_path=../test/tools/ossfuzz solProto.proto --cpp_out=../test/tools/ossfuzz, I was able to run the process successfully."

Would be grateful if you could make a PR with the documentation change that helped you compile the fuzzers 🙏

[Subway2023]

"Thank you for your response. With the addition of the statement protoc --proto_path=../test/tools/ossfuzz solProto.proto --cpp_out=../test/tools/ossfuzz, I was able to run the process successfully."

Would be grateful if you could make a PR with the documentation change that helped you compile the fuzzers 🙏

Sure, there is the PR (#14746)

[Subway2023]

After compilation, the following files were obtained. May I inquire about the origin of these solidity-fuzzing-corpus files(https://github.com/ethereum/solidity-fuzzing-corpus) ? Were they generated using the binary files shown in the image?

Correct, they were generated using the binaries you mention.

I have a few more questions and would appreciate your assistance in addressing them.
(1) When using solc_ossfuzz to fuzz, the generated program will have syntax errors. "What is the strategy behind the generated code, and why are there syntax errors?

(2) Why the outputs of solc_mutator_ossfuzz are not solidity(eg: ). But the files in solc_mutator_ossfuzz_seed_corpus(https://github.com/ethereum/solidity-fuzzing-corpus/tree/master) are solidity.

[bshastry]

"What is the strategy behind the generated code, and why are there syntax errors?

The fuzzer is randomly mutating bytes, so syntax errors are expected. One strategy is to use a fuzzing dictionary with language keywords with the hope that random mutations with these keywords eventually leads to sane code.

Why the outputs of solc_mutator_ossfuzz are not solidity(eg: ). But the files in solc_mutator_ossfuzz_seed_corpus(https://github.com/ethereum/solidity-fuzzing-corpus/tree/master) are solidity.

The outputs of solc_mutator_ossfuzz are in a test format recognised by an internal testing tool called isoltest, hence the prefix. The files in the said directory are solidity simply because I copied them from the other corpus. There is no good reason for this.

[Subway2023]

What about sol_proto_ossfuzz, how does it generate the initial protobuf grammar, and what strategy is employed in its generation? What does its output signify? I am only aware that the protobuf grammar is transformed into Solidity, followed by testing.

contracts {
  i {
    bases {
      bases {
        funcdef {
          mut: NONPAYABLE
        }
      }
    }
  }
}
test {
  type: LIBRARY
}
seed: 0

[bshastry]

Glad to discuss further. However, this issue is perhaps not the best place for it :)

Do you mind closing this issue if you are satisfied with the outcome (documentation update)?

[Subway2023]

Glad to discuss further. However, this issue is perhaps not the best place for it :)

Do you mind closing this issue if you are satisfied with the outcome (documentation update)?

Sure. Thank you very much.