feat: fuzzing #44

gakonst · 2021-09-25T17:19:55Z

Closes #16

Introduces fuzzing of solidity test functions with >0 arguments, using the proptest library.

This is done in 2 parts:

Defining the fuzzing rules in fuzz.rs which basically says "take in an ABI type and generate a fuzzing strategy for it" and then "combine all fuzzing strategies for a certain function to a strategy for fuzzing the function's calldata"
Changing runner.rs to execute proptest's TestRunner if >0 inputs are detected for the current function.

A requirement of fuzzing was to make the EVM cloneable, since the TestRunner only accepts Fns which cannot mutate their environment, meaning that we had to add a Clone restriction on it in the fuzzing-related code.

(To facilitate that, we need rust-ethereum/evm#61 for Sputnik and vorot93/evmodin#9 for EvmOdin)

TODO:

Expand the types being fuzzed.
See if we can remove the Clone requirement by using a factory, and splitting the fuzz tests to a separate function so we can run fuzz tests w/o tracing even when the EVM uses a tracer in non-fuzz tests

testing the shrinking of varlen strings is flaky because the fuzzer may be able to produce the optimal string length by chance in the first iteration because the test case is quite narrow

gakonst added 10 commits September 25, 2021 00:22

feat(evm): allow providing low level encoded calldata

856bee6

feat(dapp): add proptest calldata fuzzing strat

5c1e2df

chore(evm): cargo fmt

607e06f

feat(sputnik): implement Clone for Executor

172a225

chore: use patch directive to manage sputnik version

2f2470b

feat(evmodin): derive Clone for EvmOdin

b102103

feat(fuzz): add more types for fuzzing

79fb442

test: add fuzzing test

4c268c1

feat(runner): fuzz test sol funcs with >0 args using proptest

2a91b2e

chore: use patched evmodin until merged

fb04ae9

gakonst mentioned this pull request Sep 25, 2021

Add random fuzzing of inputs #16

Closed

gakonst added 6 commits September 25, 2021 20:32

chore: fix dapptools cli

a7d7e8c

feat: allow configuring the fuzzer at the creation of the test runners

cbc7033

feat: add counterexample generation and test shrinking

0ca24e6

fix: disable fuzzer in multi runner

42991bc

feat(cli): enable fuzzing

9deba15

fix(fuzz): change test case to be more reliable with 2 uints

5ace8b1

testing the shrinking of varlen strings is flaky because the fuzzer may be able to produce the optimal string length by chance in the first iteration because the test case is quite narrow

gakonst merged commit 7e61d48 into master Sep 27, 2021

gakonst mentioned this pull request Sep 27, 2021

Remove Clone trait bound from EVM #47

Closed

gakonst deleted the feat/fuzzing branch September 28, 2021 00:11

0x4007 mentioned this pull request Dec 7, 2021

[CONTRACTS] - fuzzing <- we are here ubiquity/ubiquity-dollar#120

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: fuzzing #44

feat: fuzzing #44

gakonst commented Sep 25, 2021 •

edited

feat: fuzzing #44

feat: fuzzing #44

Conversation

gakonst commented Sep 25, 2021 • edited

gakonst commented Sep 25, 2021 •

edited