fuzzer: Fix build and remove Aleth support

CHANGELOG.md

@@ -6,6 +6,14 @@ The format is based on [Keep a Changelog],
 and this project adheres to [Semantic Versioning].
 
 
+## [0.9.0] — unreleased
+
+### Removed
+
+- `evmone-fuzzer` has removed [aleth-interpreter][Aleth] as it is not maintained and lacks the latest EVM features.
+  [#453](https://github.com/ethereum/evmone/pull/453)
+
+
 ## [0.8.2] — 2021-08-26
 
 ### Fixed
@@ -282,6 +290,7 @@ It delivers fully-compatible and high-speed EVM implementation.
 - The [intx 0.2.0](https://github.com/chfast/intx/releases/tag/v0.2.0) library is used for 256-bit precision arithmetic. 
 
 
+[0.9.0]: https://github.com/ethereum/evmone/compare/v0.8.2..master
 [0.8.2]: https://github.com/ethereum/evmone/releases/tag/v0.8.2
 [0.8.1]: https://github.com/ethereum/evmone/releases/tag/v0.8.1
 [0.8.0]: https://github.com/ethereum/evmone/releases/tag/v0.8.0

CMakeLists.txt

@@ -88,7 +88,8 @@ if(EVMONE_FUZZING)
         # Add fuzzing instrumentation only for non-coverage builds.
         # The coverage builds should be without fuzzing instrumentation to allow
         # running fuzzing corpus once and getting code coverage.
-        set(fuzzing_flags -fsanitize=fuzzer-no-link,undefined,address)
+        set(fuzzing_flags -fsanitize=fuzzer-no-link,address,undefined,shift-exponent,implicit-conversion,nullability)
+#        set(fuzzing_flags -fsanitize=fuzzer-no-link)
         add_compile_options(${fuzzing_flags})
         set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${fuzzing_flags}")
     endif()

test/fuzzer/CMakeLists.txt

@@ -1,5 +1,5 @@
 # evmone-fuzzer: LibFuzzer based testing tool for EVMC-compatible EVM implementations.
-# Copyright 2019-2020 The evmone Authors.
+# Copyright 2019 The evmone Authors.
 # SPDX-License-Identifier: Apache-2.0
 include(ExternalProject)
 
@@ -16,54 +16,3 @@ endif()
 
 add_executable(evmone-fuzzer fuzzer.cpp)
 target_link_libraries(evmone-fuzzer PRIVATE evmone testutils evmc::mocked_host)
-
-if(NOT fuzzing_coverage)
-    # TODO: Aleth reports undefined behaviors, disable it for fuzzing.
-    string(REPLACE undefined "" aleth_fuzzing_flags ${fuzzing_flags})
-
-    set(aleth_git_tag v1.8.0)
-    if(NOT aleth_git_tag STREQUAL "${aleth_current_git_tag}")
-        message(STATUS "Aleth git tag has changed: ${aleth_current_git_tag} -> ${aleth_git_tag}")
-        set(aleth_current_git_tag ${aleth_git_tag} CACHE INTERNAL "Current Aleth git tag" FORCE)
-    else()
-        message(STATUS "Aleth git tag: ${aleth_git_tag}; updates disabled")
-        set(aleth_disable_git_update UPDATE_COMMAND "")
-    endif()
-
-
-    ExternalProject_Add(
-        aleth-interpreter
-        PREFIX external
-        EXCLUDE_FROM_ALL TRUE
-
-        GIT_REPOSITORY https://github.com/ethereum/aleth
-        GIT_TAG ${aleth_git_tag}
-        GIT_SUBMODULES evmc cmake/cable
-        GIT_SHALLOW TRUE
-        "${aleth_disable_git_update}"
-
-        CMAKE_ARGS
-        -DCMAKE_BUILD_TYPE=Release
-        -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
-        -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
-        -DCMAKE_CXX_FLAGS=${aleth_fuzzing_flags}
-        -DCMAKE_C_FLAGS=${aleth_fuzzing_flags}
-        -DTOOLS=OFF
-        -DTESTS=OFF
-
-        BUILD_COMMAND ${CMAKE_COMMAND} --build <BINARY_DIR> --target aleth-interpreter
-        INSTALL_COMMAND ""
-    )
-
-    set(build_dir ${CMAKE_CURRENT_BINARY_DIR}/external/src/aleth-interpreter-build)
-
-    add_library(aleth::interpreter IMPORTED STATIC)
-    add_dependencies(aleth::interpreter aleth-interpreter)
-    set_target_properties(aleth::interpreter PROPERTIES
-        IMPORTED_CONFIGURATIONS Release
-        IMPORTED_LOCATION_RELEASE ${build_dir}/libaleth-interpreter/libaleth-interpreter.a
-        INTERFACE_LINK_LIBRARIES ${build_dir}/aleth/libaleth-buildinfo.a)
-
-    target_link_libraries(evmone-fuzzer PRIVATE aleth::interpreter)
-    target_compile_definitions(evmone-fuzzer PRIVATE ALETH)
-endif()

test/fuzzer/README.md

@@ -6,16 +6,7 @@
 
 The evmone-fuzzer source code is licensed under the [Apache License, Version 2.0].
 
-### Exceptions
 
-Depending on build system options selected, 
-the [aleth-interpreter][Aleth] is statically _linked to_ the evmone-fuzzer executable.
-The [Aleth] project is licensed under [GNU General Public License, Version 3] therefore 
-the final evmone-fuzzer binary is also licensed under [GNU General Public License, Version 3].
-
-[Aleth]: https://github.com/ethereum/aleth
 [Apache License, Version 2.0]: https://www.apache.org/licenses/LICENSE-2.0.txt
 [EVMC]: https://github.com/ethereum/evmc
-[evmone]: https://github.com/ethereum/evmone
-[GNU General Public License, Version 3]: LICENSE
 [LibFuzzer]: https://llvm.org/docs/LibFuzzer.html

test/fuzzer/fuzzer.cpp

@@ -9,9 +9,7 @@
 
 #include <cstring>
 #include <iostream>
-
-constexpr auto latest_rev = EVMC_ISTANBUL;
-
+#include <limits>
 
 inline std::ostream& operator<<(std::ostream& os, const evmc_address& addr)
 {
@@ -56,16 +54,11 @@ template <typename T1, typename T2>
 
 static auto print_input = std::getenv("PRINT");
 
-extern "C" evmc_vm* evmc_create_aleth_interpreter() noexcept;
-
-/// The reference VM.
-static auto ref_vm = evmc::VM{evmc_create_evmone()};
+/// The reference VM: evmone Baseline
+static auto ref_vm = evmc::VM{evmc_create_evmone(), {{"O", "0"}}};
 
 static evmc::VM external_vms[] = {
-    evmc::VM{evmc_create_evmone(), {{"O", "0"}}},
-#if ALETH
-    evmc::VM{evmc_create_aleth_interpreter()},
-#endif
+    evmc::VM{evmc_create_evmone(), {{"O", "2"}}},
 };
 
 
@@ -216,7 +209,7 @@ fuzz_input populate_input(const uint8_t* data, size_t data_size) noexcept
     const auto block_number_8bits = data[13];
     const auto block_timestamp_8bits = data[14];
     const auto block_gas_limit_8bits = data[15];
-    const auto block_difficulty_8bits = data[16];
+    const auto block_prev_randao_8bits = data[16];
     const auto chainid_8bits = data[17];
 
     const auto account_balance_8bits = data[18];
@@ -234,7 +227,8 @@ fuzz_input populate_input(const uint8_t* data, size_t data_size) noexcept
     if (data_size < input_size_16bits)  // Not enough data for input.
         return in;
 
-    in.rev = rev_4bits > latest_rev ? latest_rev : static_cast<evmc_revision>(rev_4bits);
+    in.rev = (rev_4bits > EVMC_LATEST_STABLE_REVISION) ? EVMC_LATEST_STABLE_REVISION :
+                                                         static_cast<evmc_revision>(rev_4bits);
 
     // The message king should not matter but this 1 bit was free.
     in.msg.kind = kind_1bit ? EVMC_CREATE : EVMC_CALL;
@@ -247,7 +241,7 @@ fuzz_input populate_input(const uint8_t* data, size_t data_size) noexcept
     // - pre Tangerine Whistle calls are extremely cheap and it is easy to find slow running units.
     in.msg.gas = in.rev <= old_rev ? std::min(gas_24bits, old_rev_max_gas) : gas_24bits;
 
-    in.msg.destination = generate_interesting_address(destination_8bits);
+    in.msg.recipient = generate_interesting_address(destination_8bits);
     in.msg.sender = generate_interesting_address(sender_8bits);
     in.msg.input_size = input_size_16bits;
     in.msg.input_data = data;
@@ -265,10 +259,10 @@ fuzz_input populate_input(const uint8_t* data, size_t data_size) noexcept
     in.host.tx_context.block_number = expand_block_number(block_number_8bits);
     in.host.tx_context.block_timestamp = expand_block_timestamp(block_timestamp_8bits);
     in.host.tx_context.block_gas_limit = expand_block_gas_limit(block_gas_limit_8bits);
-    in.host.tx_context.block_difficulty = generate_interesting_value(block_difficulty_8bits);
+    in.host.tx_context.block_prev_randao = generate_interesting_value(block_prev_randao_8bits);
     in.host.tx_context.chain_id = generate_interesting_value(chainid_8bits);
 
-    auto& account = in.host.accounts[in.msg.destination];
+    auto& account = in.host.accounts[in.msg.recipient];
     account.balance = generate_interesting_value(account_balance_8bits);
     const auto storage_key1 = generate_interesting_value(account_storage_key1_8bits);
     const auto storage_key2 = generate_interesting_value(account_storage_key2_8bits);
@@ -310,7 +304,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) noe
         return 0;
 
     auto ref_host = in.host;  // Copy Host.
-    const auto& code = ref_host.accounts[in.msg.destination].code;
+    const auto& code = ref_host.accounts[in.msg.recipient].code;
 
     if (print_input)
     {
@@ -319,13 +313,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) noe
         std::cout << "code: " << hex(code) << "\n";
         std::cout << "decoded: " << decode(code, in.rev) << "\n";
         std::cout << "input: " << hex({in.msg.input_data, in.msg.input_size}) << "\n";
-        std::cout << "account: " << hex(in.msg.destination) << "\n";
+        std::cout << "account: " << hex(in.msg.recipient) << "\n";
         std::cout << "caller: " << hex(in.msg.sender) << "\n";
         std::cout << "value: " << in.msg.value << "\n";
         std::cout << "gas: " << in.msg.gas << "\n";
-        std::cout << "balance: " << in.host.accounts[in.msg.destination].balance << "\n";
+        std::cout << "balance: " << in.host.accounts[in.msg.recipient].balance << "\n";
         std::cout << "coinbase: " << in.host.tx_context.block_coinbase << "\n";
-        std::cout << "difficulty: " << in.host.tx_context.block_difficulty << "\n";
+        std::cout << "prevrandao: " << in.host.tx_context.block_prev_randao << "\n";
         std::cout << "timestamp: " << in.host.tx_context.block_timestamp << "\n";
         std::cout << "chainid: " << in.host.tx_context.chain_id << "\n";
     }
@@ -359,7 +353,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) noe
                 ASSERT_EQ(m1.flags, m2.flags);
                 ASSERT_EQ(m1.depth, m2.depth);
                 ASSERT_EQ(m1.gas, m2.gas);
-                ASSERT_EQ(evmc::address{m1.destination}, evmc::address{m2.destination});
+                ASSERT_EQ(evmc::address{m1.recipient}, evmc::address{m2.recipient});
                 ASSERT_EQ(evmc::address{m1.sender}, evmc::address{m2.sender});
                 ASSERT_EQ(bytes_view(m1.input_data, m1.input_size),
                     bytes_view(m2.input_data, m2.input_size));