diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/abi-spec.rst | 2 | ||||
| -rw-r--r-- | docs/contributing.rst | 44 | ||||
| -rw-r--r-- | docs/miscellaneous.rst | 1 |
3 files changed, 45 insertions, 2 deletions
diff --git a/docs/abi-spec.rst b/docs/abi-spec.rst index 67159952..e4f8ed4f 100644 --- a/docs/abi-spec.rst +++ b/docs/abi-spec.rst @@ -443,7 +443,7 @@ For example, function Test() public { b = 0x12345678901234567890123456789012; } event Event(uint indexed a, bytes32 b); event Event2(uint indexed a, bytes32 b); - function foo(uint a) public { Event(a, b); } + function foo(uint a) public { emit Event(a, b); } bytes32 b; } diff --git a/docs/contributing.rst b/docs/contributing.rst index eabf40b7..481aab1e 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -184,7 +184,8 @@ does not fail if e.g. the code contains an error. This way, internal problems in can be found by fuzzing tools. We mainly use `AFL <http://lcamtuf.coredump.cx/afl/>`_ for fuzzing. You need to download and -build AFL manually. Next, build Solidity (or just the ``solfuzzer`` binary) with AFL as your compiler: +install AFL packages from your repos (afl, afl-clang) or build them manually. +Next, build Solidity (or just the ``solfuzzer`` binary) with AFL as your compiler: :: @@ -194,6 +195,47 @@ build AFL manually. Next, build Solidity (or just the ``solfuzzer`` binary) with cmake .. -DCMAKE_C_COMPILER=path/to/afl-gcc -DCMAKE_CXX_COMPILER=path/to/afl-g++ make solfuzzer +At this stage you should be able to see a message similar to the following: + +:: + + Scanning dependencies of target solfuzzer + [ 98%] Building CXX object test/tools/CMakeFiles/solfuzzer.dir/fuzzer.cpp.o + afl-cc 2.52b by <lcamtuf@google.com> + afl-as 2.52b by <lcamtuf@google.com> + [+] Instrumented 1949 locations (64-bit, non-hardened mode, ratio 100%). + [100%] Linking CXX executable solfuzzer + +If the instrumentation messages did not appear, try switching the cmake flags pointing to AFL's clang binaries: + +:: + # if previously failed + make clean + cmake .. -DCMAKE_C_COMPILER=path/to/afl-clang -DCMAKE_CXX_COMPILER=path/to/afl-clang++ + make solfuzzer + +Othwerise, upon execution the fuzzer will halt with an error saying binary is not instrumented: + +:: + + afl-fuzz 2.52b by <lcamtuf@google.com> + ... (truncated messages) + [*] Validating target binary... + + [-] Looks like the target binary is not instrumented! The fuzzer depends on + compile-time instrumentation to isolate interesting test cases while + mutating the input data. For more information, and for tips on how to + instrument binaries, please see /usr/share/doc/afl-doc/docs/README. + + When source code is not available, you may be able to leverage QEMU + mode support. Consult the README for tips on how to enable this. + (It is also possible to use afl-fuzz as a traditional, "dumb" fuzzer. + For that, you can use the -n option - but expect much worse results.) + + [-] PROGRAM ABORT : No instrumentation detected + Location : check_binary(), afl-fuzz.c:6920 + + Next, you need some example source files. This will make it much easer for the fuzzer to find errors. You can either copy some files from the syntax tests or extract test files from the documentation or the other tests: diff --git a/docs/miscellaneous.rst b/docs/miscellaneous.rst index f13585fa..30ece7e1 100644 --- a/docs/miscellaneous.rst +++ b/docs/miscellaneous.rst @@ -79,6 +79,7 @@ Solidity always places new objects at the free memory pointer and memory is neve .. warning:: There are some operations in Solidity that need a temporary memory area larger than 64 bytes and therefore will not fit into the scratch space. They will be placed where the free memory points to, but given their short lifecycle, the pointer is not updated. The memory may or may not be zeroed out. Because of this, one shouldn't expect the free memory to be zeroed out. + While it may seem like a good idea to use ``msize`` to arrive at a definitely zeroed out memory area, using such a pointer non-temporarily without updating the free memory pointer can have adverse results. .. index: calldata layout |