Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Experimental valuegeneration techniques #384

Draft
wants to merge 57 commits into
base: master
Choose a base branch
from

Conversation

anishnaik
Copy link
Collaborator

No description provided.

Sanan Hasanov and others added 24 commits June 18, 2024 09:53
Since this struct is used in multiple files, to avoid dependency cycles,
it is moved to utils.
This tracer is used to get emitted event values and return values of
calls and add them to corpus for each sequence.
Since values inside contracts are added to base value set automatically,
it was confusing to see values to be emitted and captured in the value
set already.
…dd them to valueSet

This change will make sure to extract captured event values and their
types and store them in a data structure.
This also makes sure that baseValueSet is cloned at the beginning of
each call sequence execution and event values are added to cloned value
set.
Later, the modified value set is used by fuzzer workers while executing
call sequences.
Since we are using a different structure to store event values and
types, we don't need emittedValues and functionReturnValues as members
of ValueGenerationTracer structure.
TransactionOutputValues structure is used to store event and return
values together so that both kinds of values can be provided to
results.AdditionalResults[valueGenerationTracerResultsKey].
getCallFrameReturnValue is called from this function as this function
itself gets called in CaptureExit and CaptureEnd, allowing us to grab
return value of every call frame including the top call frame.
We provide the values to MessageResults so that they can be later on
added to the ValueSet of the current call sequence in fuzzer worker.
…nt sequence value set

This function will check the type of the collected data and add them
accordingly to the value set of the currently executed sequence.
Cleaner code is achieved by migrating the part that is responsible for
adding collected data to value set into a separate function.
@CLAassistant
Copy link

CLAassistant commented Jun 26, 2024

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
2 out of 3 committers have signed the CLA.

✅ s4nsec
✅ anishnaik
❌ Sanan Hasanov


Sanan Hasanov seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

fuzzing/config/config.go Outdated Show resolved Hide resolved
fuzzing/config/config_defaults.go Outdated Show resolved Hide resolved
fuzzing/config/config.go Outdated Show resolved Hide resolved
fuzzing/fuzzer_worker.go Outdated Show resolved Hide resolved
fuzzing/fuzzer_worker.go Outdated Show resolved Hide resolved
fuzzing/fuzzer_worker.go Outdated Show resolved Hide resolved
fuzzing/fuzzer_worker.go Outdated Show resolved Hide resolved
fuzzing/testdata/contracts/assertions/assert_immediate.sol Outdated Show resolved Hide resolved
fuzzing/testdata/contracts/assertions/assert_immediate.sol Outdated Show resolved Hide resolved
fuzzing/valuegenerationtracer/valuegeneration_tracer.go Outdated Show resolved Hide resolved
fuzzing/valuegenerationtracer/valuegeneration_tracer.go Outdated Show resolved Hide resolved
s4nsec added 3 commits June 27, 2024 12:47
As we don't need to differentiate between an emitted value and a return
value, and also saving the type of emitted values are not necessary, we
can simply use a slice of any elements to store interesting elements
found during EVM execution.
utils/call_frame.go Outdated Show resolved Hide resolved
fuzzing/testdata/contracts/assertions/assert_immediate.sol Outdated Show resolved Hide resolved
fuzzing/valuegenerationtracer/valuegeneration_tracer.go Outdated Show resolved Hide resolved
fuzzing/fuzzer_worker.go Show resolved Hide resolved
fuzzing/fuzzer_worker.go Outdated Show resolved Hide resolved
fuzzing/valuegenerationtracer/valuegeneration_tracer.go Outdated Show resolved Hide resolved
fuzzing/valuegenerationtracer/valuegeneration_tracer.go Outdated Show resolved Hide resolved
fuzzing/valuegenerationtracer/valuegeneration_tracer.go Outdated Show resolved Hide resolved
fuzzing/valuegenerationtracer/valuegeneration_tracer.go Outdated Show resolved Hide resolved
fuzzing/valuegenerationtracer/valuegeneration_tracer.go Outdated Show resolved Hide resolved
s4nsec added 15 commits July 17, 2024 15:25
Considering clean desing, the function responsible for adding
transaction output values to value set is moved to value_set.go and
turned into a method called Add.
This contract will emit event/return values of various types to test
value generation tracer's ability to collect them.
The function duplicates a call sequence element at index N and places it
at index N+1 if N is not equal to one less the length of the sequence.
Otherwise, the duplicate is placed at index N-1.
@s4nsec s4nsec force-pushed the valuegeneration-tracer branch from 8ac6695 to 0e1763f Compare July 30, 2024 15:30
anishnaik and others added 5 commits July 31, 2024 10:38

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
…426)

* initial commit

* fix: weight methods correctly to avoid skipping some

* fix commenting

* add debugging scripts

* zero clue if i optimized anything at all...

* upload artifact on every PR

* fix: log number of workers shrinking (#8)

* fix: log number of workers shrinking

* report total # failed sequences/ total sequences tested

* pushing json coverage report

---------

Co-authored-by: alpharush <[email protected]>
@bsamuels453 bsamuels453 self-assigned this Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants