feat(forge): fuzz dictionary #731
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brockelmore
changed the title
gakonst
reviewed
Feb 15, 2022
|
@onbjerg something to consider for the REVM fuzzer. For Revm it should be easier, as we can lift the changelog per call and add it to the dictionary? |
brockelmore
changed the title
gakonst
approved these changes
Mar 9, 2022
Comment on lines
+189
to
+190
| state_weight: u32, | ||
| random_weight: u32, |
There was a problem hiding this comment.
should this be under EvmOpts? Should we make a builder that makes this struct easier to construct?
|
|
||
| // Snapshot the state before the test starts running | ||
| let pre_test_state = self.evm.borrow().state().clone(); | ||
|
|
||
| let flattened_state = Rc::new(RefCell::new(self.evm.borrow().flatten_state())); | ||
|
|
||
| // we dont shrink for state strategy |
There was a problem hiding this comment.
Suggested change
| // we dont shrink for state strategy | |
| // we dont shrink for state strategy because shrinking in a collection moves the iterator | |
| // whereas here it doesn't make sense to shrink, given everything is a concrete value |
evm-adapters/src/fuzz.rs
Outdated
| @@ -122,6 +160,19 @@ impl<'a, S, E: Evm<S>> FuzzedExecutor<'a, E, S> { | |||
| } | |||
| ); | |||
|
|
|||
| { | |||
| let new_flattened = evm.flatten_state(); | |||
There was a problem hiding this comment.
Suggested change
| let new_flattened = evm.flatten_state(); | |
| // we extend the state dict with any returndata from the call in 32-byte chunks. | |
| let new_flattened = evm.flatten_state(); |
| ) -> impl Strategy<Value = Bytes> { | ||
| // We need to compose all the strategies generated for each parameter in all | ||
| // possible combinations | ||
| // let strategy = proptest::sample::select(state.clone().into_iter().collect::<Vec<[u8; |
There was a problem hiding this comment.
Suggested change
| // let strategy = proptest::sample::select(state.clone().into_iter().collect::<Vec<[u8; |
Comment on lines
185
to
187
| } else { | ||
| // because of metadata bs, we may hit this codepath. just ignore it | ||
| // and continue on |
There was a problem hiding this comment.
shouldn't be required?
Suggested change
| } else { | |
| // because of metadata bs, we may hit this codepath. just ignore it | |
| // and continue on |
| if let Some(code) = code { | ||
| let mut i = 0; | ||
| while i < code.len() { | ||
| let wrapped_op = OpCode::from(Opcode(code[i])); |
There was a problem hiding this comment.
The OpCode struct should probably have a direct from(x: u8) method
| }); | ||
| } | ||
| } | ||
| for log in logs { |
There was a problem hiding this comment.
Suggested change
| for log in logs { | |
| // Flatten all log addresses, topics & data into H256 and write them to the dictionary | |
| for log in logs { |
| } | ||
| } | ||
|
|
||
| // we keep bytes as little endian |
There was a problem hiding this comment.
Suggested change
| // we keep bytes as little endian | |
| // Flatten the old and new account values & storage in H256 | |
| // and insert them as little endian bytes in the dictionary |
8 tasks
This was referenced Mar 18, 2022
Merged
Merged
|
Rolled into #985 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements a fuzzing dictionary per #387
Takes a weighted union of 2 strategies, 40-60 weighted dictionary-random. Grabs state via a hack around the
deconstructmethod to get all state changes not applied (in our case, thats all of them), and flattens them into a hashset. We then pass this state hashset into the strategy creator which uses a selector to select a random value from the set as the input and transforms it into an inputSome limitations: bytes and strings types are only ever 32 bytes when pulling from state. probably improvements to be had there