Watch / Fuzzing the Solidity Compiler

Fuzzing the Solidity Compiler

  • YouTube
  • IPFS
  • Details

Fuzzing the Solidity Compiler

Duration: 00:18:25

Speaker: Bhargava Shastry

Type: Breakout

Expertise: Intermediate

Event: Devcon 5

Date: Oct 2019

Since the Solidity programming language does not have a formal specification, testing the compiler implementation is an important way to obtain assurance about the correctness of code generated by the compiler. Fuzz testing is well-suited for this setting. However, applying fuzzing in the traditional manner (random input generation that is coverage-guided) is inefficient for testing compilers because a significant fraction of randomly generated code is syntactically invalid. If the fuzzer does not generate syntactically correct Solidity programs, the compiler will simply reject it. As a consequence, code optimization and generation subsystems of the compiler will not be tested. The approach adopted by us is to define a grammar for the Solidity programming language and automatically generate inputs based on this grammar. Grammar based fuzzing ensures that generated programs are successfully parsed by the front-end parser. We make use of libProtobuf and libProtobufMutator for defining the grammar and performing grammar-based mutations, and libFuzzer as the underlying fuzzing engine.



  • Related