Merge pull request argotorg#14787 from ethereum/fuzz-mcopy

Yul proto fuzzer: Add mcopy builtin to generator.

Author: cameel

test/tools/ossfuzz/protoToYul.cpp

@@ -796,6 +796,10 @@ void ProtoConverter::visit(CopyFunc const& _x)
 	if (type == CopyFunc::RETURNDATA && !m_evmVersion.supportsReturndata())
 		return;
 
+	// Bail out if MCOPY is not supported for fuzzed EVM version
+	if (type == CopyFunc::MEMORY && !m_evmVersion.hasMcopy())
+		return;
+
 	// Code copy may change state if e.g., some byte of code
 	// is stored to storage via a sequence of mload and sstore.
 	if (m_filterStatefulInstructions && type == CopyFunc::CODE)
@@ -816,13 +820,22 @@ void ProtoConverter::visit(CopyFunc const& _x)
 	case CopyFunc::DATA:
 		m_output << "datacopy";
 		break;
+	case CopyFunc::MEMORY:
+		m_output << "mcopy";
 	}
 	m_output << "(";
 	m_output << "mod(";
 	visit(_x.target());
 	m_output << ", " << to_string(s_maxMemory - s_maxSize) << ")";
 	m_output << ", ";
-	visit(_x.source());
+	if (type == CopyFunc::MEMORY)
+	{
+		m_output << "mod(";
+		visit(_x.source());
+		m_output << ", " << to_string(s_maxMemory - s_maxSize) << ")";
+	}
+	else
+		visit(_x.source());
 	m_output << ", ";
 	m_output << "mod(";
 	visit(_x.size());

test/tools/ossfuzz/protoToYul.h

@@ -346,7 +346,9 @@ class ProtoConverter
 	static auto constexpr s_dataIdentifier = "datablock";
 	/// Upper bound on memory writes is 64KB in order to
 	/// preserve semantic equivalence in the presence of
-	/// memory guard
+	/// memory guard. Note that s_maxMemory must be much larger
+	/// than s_maxSize to create tests without significant overlap
+	/// of I/O memory regions.
 	static unsigned constexpr s_maxMemory = 65536;
 	/// Upper bound on size for range copy functions
 	static unsigned constexpr s_maxSize = 32768;

test/tools/ossfuzz/yulProto.proto

@@ -186,6 +186,7 @@ message CopyFunc {
     CODE = 1;
     RETURNDATA = 2;
     DATA = 3;
+    MEMORY = 4;
   }
   required CopyType ct = 1;
   required Expression target = 2;