-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: deep fuzzing on newly modified Solidity contracts and pull requests #768
Conversation
Regarding the issue:
Regarding the PR:
|
Hi @rndquu thank you for starting the review and your valuable comments.
I used the recommended workflow implementation for listing changed files for https://github.com/tj-actions/changed-files , see https://github.com/tj-actions/changed-files#using-local-git-history . Since deep fuzz will be run on the whole protocol I will use the Slither's example that you provided. Apart from that I will incorporate your feedback and submit updates so that the pull request can be accepted. |
Incorporate pull request review feedback: - trigger deep fuzzing only on push to development if *.sol files were changed - execute fuzzing on the whole protocol Resolves: ubiquity#515
Hi @rndquu , @pavlovcik I incorporated the suggested changes cfd27ed , my QA is available at https://github.com/gitcoindev/ubiquity-dollar/actions/runs/5935230402/job/16093344234 . The pull request is ready for another round of the review. |
Warning: I did not read the fuzz documentation on Foundry, but from what I understand about the concepts, here are my beliefs: the concept of fuzzing is testing as many types of inputs as possible. We only need to deep fuzz the entire protocol once, and then afterwards only deep fuzz the changed contracts. It does not matter if the contracts are connected or not with the rest of the protocol, because each contract is fuzz tested in isolation anyways. It will only add more time to fuzz test the entire protocol every time a Solidity file is changed.
You should be using the GitHub API version, not relying on local .git history (we are not running locally) which checks for changed files on a pull request: https://github.com/tj-actions/changed-files#using-githubs-api |
Hi @pavlovcik @rndquu , I executed a few experiments during implementation. Currently 35 out of 267 total tests in packages/contracts are fuzz tests, with default 256 runs for each test case. The deep fuzzing takes about 2-3 minutes for 10000 runs for the whole protocol, so currently this is still manageable. For my original approach with QA here gitcoindev#2 : I had to find out which tests imported changed contracts and execute 10000 runs on those. When the test code base grows significantly this approach can still be used. I also already reworked the pull request to use GitHub API version and verified it triggers only on push to development branch when *.sol files change: see https://github.com/gitcoindev/ubiquity-dollar/actions/runs/5935230402 |
As decided during PR review. Resolves: ubiquity#515
Thank you for approvals and merging! |
Resolves #515