MariusVanDerWijden · MariusVanDerWijden · Jul 26, 2024 · Sep 1, 2024 · Sep 1, 2024 · Sep 1, 2024
diff --git a/filler/fill.go b/filler/fill.go
@@ -130,6 +130,20 @@ func (f *Filler) MemInt() *big.Int {
 	return big.NewInt(int64(f.Byte()))
 }
 
+// SmallInt returns a new big int to be used as a memory or offset value.
+// With probability 250/255 its in [0, 16].
+// With probability 4/255 its in [0, 255].
+// With probability 1/255 its in [0, 512].
+func (f *Filler) SmallInt() int {
+	b := f.Byte()
+	if b <= 250 {
+		return int(f.Byte() % 16)
+	} else if b == 255 {
+		return int(f.Byte()) + int(f.Byte())
+	}
+	return int(f.Byte())
+}
+
 // ByteSlice returns a byteslice with `items` values.
 func (f *Filler) ByteSlice(items int) []byte {
 	// TODO (MariusVanDerWijden) this can be done way more efficiently

diff --git a/generator/eof_strategies.go b/generator/eof_strategies.go
@@ -0,0 +1,114 @@
+package generator
+
+import (
+	"github.com/MariusVanDerWijden/FuzzyVM/filler"
+	"github.com/ethereum/go-ethereum/core/vm"
+)
+
+type eofGenerator struct{}
+
+func (eofGenerator) Execute(env Environment) {
+	container := RandomContainer(env.f)
+	code := container.MarshalBinary()
+	// Deploy code
+	// call code
+	_ = code
+}
+
+func (*eofGenerator) Importance() int {
+	return 1
+}
+
+func RandomContainer(f *filler.Filler) *vm.Container {
+	return randomSubContainer(f, 0, 0)
+}
+
+func randomSubContainer(f *filler.Filler, codeSize int, level int) *vm.Container {
+
+	// Setup Function Metadata
+	typeLen := f.SmallInt()
+	types := make([]*vm.FunctionMetadata, 0, typeLen)
+	for i := 0; i < typeLen; i++ {
+		types = append(types, RandomFunctionMetadata(f))
+	}
+	// Setup Code
+	codes := make([][]byte, 0, typeLen)
+	for i := 0; i < typeLen; i++ {
+		_, code := GenerateProgram(f)
+		codes = append(codes, code)
+		codeSize += len(code)
+	}
+	// Setup Data
+	_, data := GenerateProgram(f)
+	// TODO make this optional
+	data = removeInvalidEOFOpcodes(data)
+	codeSize += len(data)
+	// Setup Subcontainers
+	subCLen := f.SmallInt()
+	subContainers := make([]*vm.Container, 0, subCLen)
+	subContainerCodes := make([][]byte, 0, subCLen)
+	for i := 0; i < subCLen; i++ {
+		if codeSize < maxCodeSize && level < maxContainerLevel {
+			subC := randomSubContainer(f, codeSize, level+1)
+			subContainers = append(subContainers, subC)
+			subCode := subC.MarshalBinary()
+			subContainerCodes = append(subContainerCodes, subCode)
+			codeSize += len(subCode)
+		}
+	}
+
+	return &vm.Container{
+		Types:             types,
+		Code:              codes,
+		Data:              data,
+		DataSize:          len(data),
+		ContainerSections: subContainers,
+		ContainerCode:     subContainerCodes,
+	}
+}
+
+func RandomFunctionMetadata(f *filler.Filler) *vm.FunctionMetadata {
+	// Create starting container with prob 1/2
+	if f.Bool() {
+		return &vm.FunctionMetadata{
+			Input:          0,
+			Output:         0x80,
+			MaxStackHeight: uint16(f.Byte()),
+		}
+	}
+	return &vm.FunctionMetadata{
+		Input:          f.Byte(),
+		Output:         f.Byte(),
+		MaxStackHeight: f.Uint16(),
+	}
+}
+
+func removeInvalidEOFOpcodes(input []byte) []byte {
+	output := make([]byte, 0, len(input))
+	for _, in := range input {
+		switch vm.OpCode(in) {
+		case vm.CALL, vm.CALLCODE:
+			output = append(output, byte(vm.EXTCALL))
+		case vm.DELEGATECALL:
+			output = append(output, byte(vm.EXTDELEGATECALL))
+		case vm.STATICCALL:
+			output = append(output, byte(vm.EXTSTATICCALL))
+		case vm.JUMP:
+			output = append(output, byte(vm.RJUMP))
+		case vm.JUMPI:
+			output = append(output, byte(vm.RJUMPI))
+		case vm.CREATE, vm.CREATE2:
+			output = append(output, byte(vm.EOFCREATE))
+		case vm.CODESIZE, vm.EXTCODESIZE:
+			output = append(output, byte(vm.DATASIZE))
+		case vm.CODECOPY, vm.EXTCODECOPY:
+			output = append(output, byte(vm.DATACOPY))
+		case vm.SELFDESTRUCT, vm.PC, vm.GAS, vm.EXTCODEHASH:
+			// ignore
+			continue
+		default:
+			output = append(output, in)
+		}
+	}
+	return output
+}
diff --git a/generator/eof_strategies_test.go b/generator/eof_strategies_test.go
@@ -0,0 +1,39 @@
+package generator
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/MariusVanDerWijden/FuzzyVM/filler"
+	"github.com/ethereum/go-ethereum/core/vm"
+)
+
+func FuzzEOFGenerator(f *testing.F) {
+	jt := vm.NewPragueEOFInstructionSetForTesting()
+	f.Fuzz(func(t *testing.T, data []byte) {
+		fl := filler.NewFiller(data)
+		container := RandomContainer(fl)
+		newCon := new(vm.Container)
+		if err := newCon.UnmarshalBinary(container.MarshalBinary(), true); err == nil {
+			if err := newCon.ValidateCode(&jt, true); err == nil {
+				if len(newCon.Code) > 0 && len(newCon.Code[0]) > 10 {
+					panic(newCon.Code)
+				}
+			}
+		}
+	})
+}
+
+func TestEOFGenerator(t *testing.T) {
+	data := []byte("01\xbe\x00\x01 \xfe")
+	jt := vm.NewPragueEOFInstructionSetForTesting()
+	fl := filler.NewFiller(data)
+	container := RandomContainer(fl)
+	//fmt.Printf("%x\n", container.MarshalBinary())
+	newCon := new(vm.Container)
+	if err := newCon.UnmarshalBinary(container.MarshalBinary(), true); err == nil {
+		if err := newCon.ValidateCode(&jt, true); err == nil {
+			fmt.Println(container.Code)
+		}
+	}
+}
diff --git a/generator/generator.go b/generator/generator.go
@@ -23,6 +23,7 @@ import (
 	"github.com/MariusVanDerWijden/FuzzyVM/filler"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/params"
 	"github.com/holiman/goevmlab/fuzzing"
 	"github.com/holiman/goevmlab/program"
 )
@@ -33,6 +34,8 @@ var (
 	sk                = hexutil.MustDecode("0x45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8")
 	recursionLevel    = 0
 	maxRecursionLevel = 10
+	maxCodeSize       = params.MaxInitCodeSize
+	maxContainerLevel = 5
 	minJumpDistance   = 10
 )
 
@@ -56,6 +59,10 @@ func GenerateProgram(f *filler.Filler) (*fuzzing.GstMaker, []byte) {
 		strategy := selectStrat(rnd, strategies)
 		// Execute the strategy
 		strategy.Execute(env)
+		// Check that we are still within (or barely out of) code size limits
+		if len(env.p.Bytecode()) > params.MaxInitCodeSize+1000 {
+			break
+		}
 	}
 	code := env.jumptable.InsertJumps(env.p.Bytecode())
 	return createGstMaker(f, code), code

diff --git a/go.mod b/go.mod
@@ -14,35 +14,36 @@ require (
 
 require (
 	github.com/DataDog/zstd v1.5.5 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/VictoriaMetrics/fastcache v1.12.2 // indirect
 	github.com/allegro/bigcache v1.2.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.11.0 // indirect
-	github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cockroachdb/errors v1.11.1 // indirect
+	github.com/btcsuite/btcd/btcec/v2 v2.3.4 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cockroachdb/errors v1.11.3 // indirect
+	github.com/cockroachdb/fifo v0.0.0-20240606204812-0bbfbd93a7ce // indirect
 	github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect
-	github.com/cockroachdb/pebble v1.1.0 // indirect
+	github.com/cockroachdb/pebble v1.1.2 // indirect
 	github.com/cockroachdb/redact v1.1.5 // indirect
 	github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 // indirect
 	github.com/consensys/bavard v0.1.13 // indirect
 	github.com/consensys/gnark-crypto v0.12.1 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
-	github.com/crate-crypto/go-ipa v0.0.0-20231025140028-3c0104f4b233 // indirect
+	github.com/crate-crypto/go-ipa v0.0.0-20240223125850-b1e8a79f509c // indirect
 	github.com/crate-crypto/go-kzg-4844 v1.0.0 // indirect
-	github.com/deckarep/golang-set/v2 v2.5.0 // indirect
+	github.com/deckarep/golang-set/v2 v2.6.0 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/ethereum/c-kzg-4844 v1.0.0 // indirect
-	github.com/gballet/go-verkle v0.1.1-0.20231031103413-a67434b50f46 // indirect
-	github.com/getsentry/sentry-go v0.25.0 // indirect
+	github.com/ethereum/go-verkle v0.1.1-0.20240306133620-7d920df305f0 // indirect
+	github.com/getsentry/sentry-go v0.27.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/snappy v0.0.5-0.20231225225746-43d5d4cd4e0e // indirect
 	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/holiman/bloomfilter/v2 v2.0.3 // indirect
-	github.com/holiman/uint256 v1.2.4 // indirect
+	github.com/holiman/uint256 v1.3.1 // indirect
 	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
@@ -67,12 +68,12 @@ require (
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect
-	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.24.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/tools v0.20.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	rsc.io/tmplfunc v0.0.3 // indirect
 )
+
+replace github.com/ethereum/go-ethereum => github.com/mariusvanderwijden/go-ethereum v1.8.22-0.20240830115345-d0465bab6ee6