vyper icon indicating copy to clipboard operation
vyper copied to clipboard

Published 20 hours ago verified publisher icon vyperlang

Add atheris fuzzer

Open AdamKorcz opened this issue 2 years ago • 5 comments

Signed-off-by: AdamKorcz [email protected]

What I did

  1. Added a fuzzer
  2. Added ClusterfuzzLite

How I did it

  1. Added the fuzzer in tests/ast.
  2. Added the ClusterfuzzLite in .clusterfuzzlite.
  3. Added a .yml workflow file.

How to verify it

  1. By observing the CI jobs.

Commit message

This PR adds a fuzzer for parse_to_ast(). The fuzzer passes a pseudo-random string, to parse_to_ast() to find possible crashes and catches a few exceptions. The PR also sets up the fuzzer to run in the CI via ClusterfuzzLite.

Description for the changelog

Cute Animal Picture

AdamKorcz avatar Jul 28 '22 09:07 AdamKorcz

interesting! @AdamKorcz looks like this run is reporting an AST bug https://github.com/vyperlang/vyper/runs/7560168466?check_suite_focus=true, but looking through the logs I am not able to find the actual repro. Is there some way to interpret the logs that I am missing?

charles-cooper avatar Jul 28 '22 12:07 charles-cooper

Codecov Report

Merging #2999 (b096dbd) into master (f31f0ec) will decrease coverage by 0.07%. The diff coverage is 90.47%.

:exclamation: Current head b096dbd differs from pull request most recent head 97d16b0. Consider uploading reports for the commit 97d16b0 to get more accurate results

@@            Coverage Diff             @@
##           master    #2999      +/-   ##
==========================================
- Coverage   88.29%   88.22%   -0.08%     
==========================================
  Files          97       97              
  Lines       10919    10935      +16     
  Branches     2583     2585       +2     
==========================================
+ Hits         9641     9647       +6     
- Misses        830      839       +9     
- Partials      448      449       +1
Impacted Files Coverage Δ
vyper/cli/vyper_compile.py 68.14% <ø> (ø)
vyper/compiler/__init__.py 88.09% <ø> (ø)
vyper/builtin_functions/functions.py 89.61% <81.81%> (-0.79%) :arrow_down:
vyper/compiler/output.py 89.00% <100.00%> (+0.11%) :arrow_up:
vyper/compiler/phases.py 90.99% <100.00%> (+0.60%) :arrow_up:
vyper/ir/compile_ir.py 93.71% <100.00%> (+0.01%) :arrow_up:

Help us with your feedback. Take ten seconds to tell us how you rate us.

codecov-commenter avatar Jul 28 '22 13:07 codecov-commenter

interesting! @AdamKorcz looks like this run is reporting an AST bug https://github.com/vyperlang/vyper/runs/7560168466?check_suite_focus=true, but looking through the logs I am not able to find the actual repro. Is there some way to interpret the logs that I am missing?

I believe the reproducer is available in the log here: MS: 3 ChangeBinInt-ShuffleBytes-InsertRepeatedBytes-; base unit: fbd8263f043a8dbf8fe53c5cc7ab4cefb2978e9a

and the raw bytes below it:

0x65,0x61,0x6e,0x5f,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0x6c,0x2c,0x69

These bytes are the data argument in the fuzz harness.

AdamKorcz avatar Jul 29 '22 10:07 AdamKorcz

ah, decoding for future reference

>>> bytes([0x65,0x61,0x6e,0x5f,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0xd,0x6c,0x2c,0x69])
b'ean_\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\rl,i'

charles-cooper avatar Jul 29 '22 14:07 charles-cooper

@AdamKorcz i think all inputs have to be passed through a filtering step before testing them. see https://github.com/vyperlang/vyper/blob/b096dbdc9d1d61e7d34d7ed2e4107234951b982b/tests/grammar/test_grammar.py#L109

i mean now that i think about it, parse_to_ast should probably do this (add the trailing newline) automatically, there is not really any case where we want to call parse_to_ast without doing that first

charles-cooper avatar Jul 29 '22 14:07 charles-cooper