Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to run ossfuzz properly according to instructions #14639

Closed
Subway2023 opened this issue Oct 24, 2023 · 11 comments
Closed

Unable to run ossfuzz properly according to instructions #14639

Subway2023 opened this issue Oct 24, 2023 · 11 comments
Labels
documentation 📖

Comments

@Subway2023
Copy link

Page

https://github.com/ethereum/solidity/tree/develop/test/tools/ossfuzz

Abstract

cmake -DCMAKE_TOOLCHAIN_FILE=cmake/toolchains/libfuzzer.cmake -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE:-Release} ..

when I follow this instruction to run, there is a bug:

CMake Error at test/tools/ossfuzz/CMakeLists.txt:183 (add_executable):
Cannot find source file:

solProto.pb.cc

there is no file named solProto.pb.cc in solidity/test/tools/ossfuzz/

Pull request
@nikola-matic
Copy link
Collaborator

@bshastry can you take a look at this?

@Subway2023
Copy link
Author

"Thank you for your response. With the addition of the statement protoc --proto_path=../test/tools/ossfuzz solProto.proto --cpp_out=../test/tools/ossfuzz, I was able to run the process successfully."

@Subway2023
Copy link
Author

After compilation, the following files were obtained. May I inquire about the origin of these solidity-fuzzing-corpus files(https://github.com/ethereum/solidity-fuzzing-corpus) ? Were they generated using the binary files shown in the image?
微信图片_20231220175619

@bshastry
Copy link
Contributor

After compilation, the following files were obtained. May I inquire about the origin of these solidity-fuzzing-corpus files(https://github.com/ethereum/solidity-fuzzing-corpus) ? Were they generated using the binary files shown in the image? 微信图片_20231220175619

Correct, they were generated using the binaries you mention.

@bshastry
Copy link
Contributor

"Thank you for your response. With the addition of the statement protoc --proto_path=../test/tools/ossfuzz solProto.proto --cpp_out=../test/tools/ossfuzz, I was able to run the process successfully."

Would be grateful if you could make a PR with the documentation change that helped you compile the fuzzers 🙏

@Subway2023
Copy link
Author

"Thank you for your response. With the addition of the statement protoc --proto_path=../test/tools/ossfuzz solProto.proto --cpp_out=../test/tools/ossfuzz, I was able to run the process successfully."

Would be grateful if you could make a PR with the documentation change that helped you compile the fuzzers 🙏

Sure, there is the PR (#14746)

@Subway2023
Copy link
Author

After compilation, the following files were obtained. May I inquire about the origin of these solidity-fuzzing-corpus files(https://github.com/ethereum/solidity-fuzzing-corpus) ? Were they generated using the binary files shown in the image? 微信图片_20231220175619

Correct, they were generated using the binaries you mention.

I have a few more questions and would appreciate your assistance in addressing them.
(1) When using solc_ossfuzz to fuzz, the generated program will have syntax errors. "What is the strategy behind the generated code, and why are there syntax errors?
3BB90904-BAAC-407a-B409-91786173B1F8
(2) Why the outputs of solc_mutator_ossfuzz are not solidity(eg: ). But the files in solc_mutator_ossfuzz_seed_corpus(https://github.com/ethereum/solidity-fuzzing-corpus/tree/master) are solidity.
20D5EEB4-4269-4bd1-BF72-2022E25F26FE

@bshastry
Copy link
Contributor

"What is the strategy behind the generated code, and why are there syntax errors?

The fuzzer is randomly mutating bytes, so syntax errors are expected. One strategy is to use a fuzzing dictionary with language keywords with the hope that random mutations with these keywords eventually leads to sane code.

Why the outputs of solc_mutator_ossfuzz are not solidity(eg: ). But the files in solc_mutator_ossfuzz_seed_corpus(https://github.com/ethereum/solidity-fuzzing-corpus/tree/master) are solidity.

The outputs of solc_mutator_ossfuzz are in a test format recognised by an internal testing tool called isoltest, hence the prefix. The files in the said directory are solidity simply because I copied them from the other corpus. There is no good reason for this.

@Subway2023
Copy link
Author

What about sol_proto_ossfuzz, how does it generate the initial protobuf grammar, and what strategy is employed in its generation? What does its output signify? I am only aware that the protobuf grammar is transformed into Solidity, followed by testing.

contracts {
  i {
    bases {
      bases {
        funcdef {
          mut: NONPAYABLE
        }
      }
    }
  }
}
test {
  type: LIBRARY
}
seed: 0

@bshastry
Copy link
Contributor

Glad to discuss further. However, this issue is perhaps not the best place for it :)

Do you mind closing this issue if you are satisfied with the outcome (documentation update)?

@Subway2023
Copy link
Author

Glad to discuss further. However, this issue is perhaps not the best place for it :)

Do you mind closing this issue if you are satisfied with the outcome (documentation update)?

Sure. Thank you very much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation 📖
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bshastry @nikola-matic @Subway2023 and others