Revert "tests/fuzzers: update fuzzers to be based on go-native fuzzing (

ethereum#28352)"

This reverts commit e88c671.

crypto/blake2b/blake2b_f_fuzz.go

@@ -0,0 +1,58 @@
+//go:build gofuzz
+// +build gofuzz
+
+package blake2b
+
+import (
+	"encoding/binary"
+)
+
+func Fuzz(data []byte) int {
+	// Make sure the data confirms to the input model
+	if len(data) != 211 {
+		return 0
+	}
+	// Parse everything and call all the implementations
+	var (
+		rounds = binary.BigEndian.Uint16(data[0:2])
+
+		h [8]uint64
+		m [16]uint64
+		t [2]uint64
+		f uint64
+	)
+	for i := 0; i < 8; i++ {
+		offset := 2 + i*8
+		h[i] = binary.LittleEndian.Uint64(data[offset : offset+8])
+	}
+	for i := 0; i < 16; i++ {
+		offset := 66 + i*8
+		m[i] = binary.LittleEndian.Uint64(data[offset : offset+8])
+	}
+	t[0] = binary.LittleEndian.Uint64(data[194:202])
+	t[1] = binary.LittleEndian.Uint64(data[202:210])
+
+	if data[210]%2 == 1 { // Avoid spinning the fuzzer to hit 0/1
+		f = 0xFFFFFFFFFFFFFFFF
+	}
+	// Run the blake2b compression on all instruction sets and cross reference
+	want := h
+	fGeneric(&want, &m, t[0], t[1], f, uint64(rounds))
+
+	have := h
+	fSSE4(&have, &m, t[0], t[1], f, uint64(rounds))
+	if have != want {
+		panic("SSE4 mismatches generic algo")
+	}
+	have = h
+	fAVX(&have, &m, t[0], t[1], f, uint64(rounds))
+	if have != want {
+		panic("AVX mismatches generic algo")
+	}
+	have = h
+	fAVX2(&have, &m, t[0], t[1], f, uint64(rounds))
+	if have != want {
+		panic("AVX2 mismatches generic algo")
+	}
+	return 1
+}

crypto/blake2b/blake2b_f_test.go

@@ -1,7 +1,6 @@
 package blake2b
 
 import (
-	"encoding/binary"
 	"fmt"
 	"reflect"
 	"testing"
@@ -58,60 +57,3 @@ var testVectorsF = []testVector{
 		},
 	},
 }
-
-func Fuzz(f *testing.F) {
-	f.Fuzz(func(t *testing.T, data []byte) {
-		fuzz(data)
-	})
-}
-
-func fuzz(data []byte) {
-	// Make sure the data confirms to the input model
-	if len(data) != 211 {
-		return
-	}
-	// Parse everything and call all the implementations
-	var (
-		rounds = binary.BigEndian.Uint16(data[0:2])
-
-		h [8]uint64
-		m [16]uint64
-		t [2]uint64
-		f uint64
-	)
-
-	for i := 0; i < 8; i++ {
-		offset := 2 + i*8
-		h[i] = binary.LittleEndian.Uint64(data[offset : offset+8])
-	}
-	for i := 0; i < 16; i++ {
-		offset := 66 + i*8
-		m[i] = binary.LittleEndian.Uint64(data[offset : offset+8])
-	}
-	t[0] = binary.LittleEndian.Uint64(data[194:202])
-	t[1] = binary.LittleEndian.Uint64(data[202:210])
-
-	if data[210]%2 == 1 { // Avoid spinning the fuzzer to hit 0/1
-		f = 0xFFFFFFFFFFFFFFFF
-	}
-
-	// Run the blake2b compression on all instruction sets and cross reference
-	want := h
-	fGeneric(&want, &m, t[0], t[1], f, uint64(rounds))
-
-	have := h
-	fSSE4(&have, &m, t[0], t[1], f, uint64(rounds))
-	if have != want {
-		panic("SSE4 mismatches generic algo")
-	}
-	have = h
-	fAVX(&have, &m, t[0], t[1], f, uint64(rounds))
-	if have != want {
-		panic("AVX mismatches generic algo")
-	}
-	have = h
-	fAVX2(&have, &m, t[0], t[1], f, uint64(rounds))
-	if have != want {
-		panic("AVX2 mismatches generic algo")
-	}
-}

oss-fuzz.sh

@@ -1,5 +1,5 @@
-#!/bin/bash -eu
-# Copyright 2022 Google LLC
+#/bin/bash -eu
+# Copyright 2020 Google Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +15,17 @@
 #
 ################################################################################
 
+# This file is for integration with Google OSS-Fuzz.
+# The following ENV variables are available when executing on OSS-fuzz:
+#
+# /out/         $OUT    Directory to store build artifacts (fuzz targets, dictionaries, options files, seed corpus archives).
+# /src/         $SRC    Directory to checkout source files.
+# /work/        $WORK   Directory to store intermediate files.
+#
+# $CC, $CXX, $CCC       The C and C++ compiler binaries.
+# $CFLAGS, $CXXFLAGS    C and C++ compiler flags.
+# $LIB_FUZZING_ENGINE   C++ compiler argument to link fuzz target against the prebuilt engine library (e.g. libFuzzer).
+
 # This sets the -coverpgk for the coverage report when the corpus is executed through go test
 coverpkg="github.com/ethereum/go-ethereum/..."
 
@@ -48,38 +59,25 @@ DOG
   cd -
 }
 
-function build_native_go_fuzzer() {
-	fuzzer=$1
-	function=$2
-	path=$3
-	tags="-tags gofuzz"
-
-	if [[ $SANITIZER == *coverage* ]]; then
-		coverbuild $path $function $fuzzer $coverpkg
-	else
-		go-118-fuzz-build $tags -o $fuzzer.a -func $function $path
-		$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $fuzzer.a -o $OUT/$fuzzer
-	fi
-}
+function compile_fuzzer {
+  # Inputs:
+  # $1: The package to fuzz, within go-ethereum
+  # $2: The name of the fuzzing function
+  # $3: The name to give to the final fuzzing-binary
 
-function compile_fuzzer() {
   path=$GOPATH/src/github.com/ethereum/go-ethereum/$1
-  function=$2
+  func=$2
   fuzzer=$3
 
   echo "Building $fuzzer"
-  cd $path
-
-  # Install build dependencies
-  go install github.com/AdamKorcz/go-118-fuzz-build@latest
-  go get github.com/AdamKorcz/go-118-fuzz-build/testing
 
-  # Test if file contains a line with "func $function(" and "testing.F".
-  if [ $(grep -r "func $function(" $path | grep "testing.F" | wc -l) -eq 1 ]
-  then
-    build_native_go_fuzzer $fuzzer $function $path
+  # Do a coverage-build or a regular build
+  if [[ $SANITIZER = *coverage* ]]; then
+    coverbuild $path $func $fuzzer $coverpkg
   else
-    echo "Could not find the function: func ${function}(f *testing.F)"
+    (cd $path && \
+        go-fuzz -func $func -o $WORK/$fuzzer.a . && \
+        $CXX $CXXFLAGS $LIB_FUZZING_ENGINE $WORK/$fuzzer.a -o $OUT/$fuzzer)
   fi
 
   ## Check if there exists a seed corpus file
@@ -89,11 +87,9 @@ function compile_fuzzer() {
     cp $corpusfile $OUT/
     echo "Found seed corpus: $corpusfile"
   fi
-  cd -
 }
 
-compile_fuzzer tests/fuzzers/bitutil  FuzzEncoder      fuzzBitutilEncoder
-compile_fuzzer tests/fuzzers/bitutil  FuzzDecoder      fuzzBitutilDecoder
+compile_fuzzer tests/fuzzers/bitutil  Fuzz      fuzzBitutilCompress
 compile_fuzzer tests/fuzzers/bn256    FuzzAdd   fuzzBn256Add
 compile_fuzzer tests/fuzzers/bn256    FuzzMul   fuzzBn256Mul
 compile_fuzzer tests/fuzzers/bn256    FuzzPair  fuzzBn256Pair

tests/fuzzers/abi/abifuzzer.go

@@ -0,0 +1,170 @@
+// Copyright 2020 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package abi
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/ethereum/go-ethereum/accounts/abi"
+	fuzz "github.com/google/gofuzz"
+)
+
+var (
+	names            = []string{"_name", "name", "NAME", "name_", "__", "_name_", "n"}
+	stateMut         = []string{"", "pure", "view", "payable"}
+	stateMutabilites = []*string{&stateMut[0], &stateMut[1], &stateMut[2], &stateMut[3]}
+	pays             = []string{"", "true", "false"}
+	payables         = []*string{&pays[0], &pays[1]}
+	vNames           = []string{"a", "b", "c", "d", "e", "f", "g"}
+	varNames         = append(vNames, names...)
+	varTypes         = []string{"bool", "address", "bytes", "string",
+		"uint8", "int8", "uint8", "int8", "uint16", "int16",
+		"uint24", "int24", "uint32", "int32", "uint40", "int40", "uint48", "int48", "uint56", "int56",
+		"uint64", "int64", "uint72", "int72", "uint80", "int80", "uint88", "int88", "uint96", "int96",
+		"uint104", "int104", "uint112", "int112", "uint120", "int120", "uint128", "int128", "uint136", "int136",
+		"uint144", "int144", "uint152", "int152", "uint160", "int160", "uint168", "int168", "uint176", "int176",
+		"uint184", "int184", "uint192", "int192", "uint200", "int200", "uint208", "int208", "uint216", "int216",
+		"uint224", "int224", "uint232", "int232", "uint240", "int240", "uint248", "int248", "uint256", "int256",
+		"bytes1", "bytes2", "bytes3", "bytes4", "bytes5", "bytes6", "bytes7", "bytes8", "bytes9", "bytes10", "bytes11",
+		"bytes12", "bytes13", "bytes14", "bytes15", "bytes16", "bytes17", "bytes18", "bytes19", "bytes20", "bytes21",
+		"bytes22", "bytes23", "bytes24", "bytes25", "bytes26", "bytes27", "bytes28", "bytes29", "bytes30", "bytes31",
+		"bytes32", "bytes"}
+)
+
+func unpackPack(abi abi.ABI, method string, input []byte) ([]interface{}, bool) {
+	if out, err := abi.Unpack(method, input); err == nil {
+		_, err := abi.Pack(method, out...)
+		if err != nil {
+			// We have some false positives as we can unpack these type successfully, but not pack them
+			if err.Error() == "abi: cannot use []uint8 as type [0]int8 as argument" ||
+				err.Error() == "abi: cannot use uint8 as type int8 as argument" {
+				return out, false
+			}
+			panic(err)
+		}
+		return out, true
+	}
+	return nil, false
+}
+
+func packUnpack(abi abi.ABI, method string, input *[]interface{}) bool {
+	if packed, err := abi.Pack(method, input); err == nil {
+		outptr := reflect.New(reflect.TypeOf(input))
+		err := abi.UnpackIntoInterface(outptr.Interface(), method, packed)
+		if err != nil {
+			panic(err)
+		}
+		out := outptr.Elem().Interface()
+		if !reflect.DeepEqual(input, out) {
+			panic(fmt.Sprintf("unpackPack is not equal, \ninput : %x\noutput: %x", input, out))
+		}
+		return true
+	}
+	return false
+}
+
+type args struct {
+	name string
+	typ  string
+}
+
+func createABI(name string, stateMutability, payable *string, inputs []args) (abi.ABI, error) {
+	sig := fmt.Sprintf(`[{ "type" : "function", "name" : "%v" `, name)
+	if stateMutability != nil {
+		sig += fmt.Sprintf(`, "stateMutability": "%v" `, *stateMutability)
+	}
+	if payable != nil {
+		sig += fmt.Sprintf(`, "payable": %v `, *payable)
+	}
+	if len(inputs) > 0 {
+		sig += `, "inputs" : [ {`
+		for i, inp := range inputs {
+			sig += fmt.Sprintf(`"name" : "%v", "type" : "%v" `, inp.name, inp.typ)
+			if i+1 < len(inputs) {
+				sig += ","
+			}
+		}
+		sig += "} ]"
+		sig += `, "outputs" : [ {`
+		for i, inp := range inputs {
+			sig += fmt.Sprintf(`"name" : "%v", "type" : "%v" `, inp.name, inp.typ)
+			if i+1 < len(inputs) {
+				sig += ","
+			}
+		}
+		sig += "} ]"
+	}
+	sig += `}]`
+
+	return abi.JSON(strings.NewReader(sig))
+}
+
+func runFuzzer(input []byte) int {
+	good := false
+	fuzzer := fuzz.NewFromGoFuzz(input)
+
+	name := names[getUInt(fuzzer)%len(names)]
+	stateM := stateMutabilites[getUInt(fuzzer)%len(stateMutabilites)]
+	payable := payables[getUInt(fuzzer)%len(payables)]
+	maxLen := 5
+	for k := 1; k < maxLen; k++ {
+		var arg []args
+		for i := k; i > 0; i-- {
+			argName := varNames[i]
+			argTyp := varTypes[getUInt(fuzzer)%len(varTypes)]
+			if getUInt(fuzzer)%10 == 0 {
+				argTyp += "[]"
+			} else if getUInt(fuzzer)%10 == 0 {
+				arrayArgs := getUInt(fuzzer)%30 + 1
+				argTyp += fmt.Sprintf("[%d]", arrayArgs)
+			}
+			arg = append(arg, args{
+				name: argName,
+				typ:  argTyp,
+			})
+		}
+		abi, err := createABI(name, stateM, payable, arg)
+		if err != nil {
+			continue
+		}
+		structs, b := unpackPack(abi, name, input)
+		c := packUnpack(abi, name, &structs)
+		good = good || b || c
+	}
+	if good {
+		return 1
+	}
+	return 0
+}
+
+func Fuzz(input []byte) int {
+	return runFuzzer(input)
+}
+
+func getUInt(fuzzer *fuzz.Fuzzer) int {
+	var i int
+	fuzzer.Fuzz(&i)
+	if i < 0 {
+		i = -i
+		if i < 0 {
+			return 0
+		}
+	}
+	return i
+}