feat(fuzz): ast-seeded dictionary

crates/common/src/compile.rs

@@ -26,9 +26,13 @@ use std::{
     io::IsTerminal,
     path::{Path, PathBuf},
     str::FromStr,
+    sync::Arc,
     time::Instant,
 };
 
+/// A Solar compiler instance, to grant syntactic and semantic analysis capabilities.
+pub type Analysis = Arc<solar::sema::Compiler>;
+
 /// Builder type to configure how to compile a project.
 ///
 /// This is merely a wrapper for [`Project::compile()`] which also prints to stdout depending on its

crates/common/src/lib.rs

@@ -38,6 +38,7 @@ pub mod transactions;
 mod utils;
 pub mod version;
 
+pub use compile::Analysis;
 pub use constants::*;
 pub use contracts::*;
 pub use io::{Shell, shell, stdin};

crates/config/src/fuzz.rs

@@ -80,18 +80,24 @@ pub struct FuzzDictionaryConfig {
     /// Once the fuzzer exceeds this limit, it will start evicting random entries
     #[serde(deserialize_with = "crate::deserialize_usize_or_max")]
     pub max_fuzz_dictionary_values: usize,
+    /// How many literal values to seed from the AST, at most.
+    ///
+    /// This value is independent from the max amount of addresses and values.
+    #[serde(deserialize_with = "crate::deserialize_usize_or_max")]
+    pub max_fuzz_dictionary_literals: usize,
 }
 
 impl Default for FuzzDictionaryConfig {
     fn default() -> Self {
+        const MB: usize = 1024 * 1024;
+
         Self {
             dictionary_weight: 40,
             include_storage: true,
             include_push_bytes: true,
-            // limit this to 300MB
-            max_fuzz_dictionary_addresses: (300 * 1024 * 1024) / 20,
-            // limit this to 200MB
-            max_fuzz_dictionary_values: (200 * 1024 * 1024) / 32,
+            max_fuzz_dictionary_addresses: 300 * MB / 20,
+            max_fuzz_dictionary_values: 300 * MB / 32,
+            max_fuzz_dictionary_literals: 200 * MB / 32,
         }
     }
 }

crates/evm/evm/Cargo.toml

@@ -24,8 +24,6 @@ foundry-evm-fuzz.workspace = true
 foundry-evm-networks.workspace = true
 foundry-evm-traces.workspace = true
 
-solar.workspace = true
-
 alloy-dyn-abi = { workspace = true, features = ["arbitrary", "eip712"] }
 alloy-evm.workspace = true
 alloy-json-abi.workspace = true

crates/evm/evm/src/executors/fuzz/mod.rs

@@ -362,13 +362,23 @@ impl FuzzedExecutor {
 
     /// Stores fuzz state for use with [fuzz_calldata_from_state]
     pub fn build_fuzz_state(&self, deployed_libs: &[Address]) -> EvmFuzzState {
+        let inspector = self.executor.inspector();
+
         if let Some(fork_db) = self.executor.backend().active_fork_db() {
-            EvmFuzzState::new(fork_db, self.config.dictionary, deployed_libs)
+            EvmFuzzState::new(
+                fork_db,
+                self.config.dictionary,
+                deployed_libs,
+                inspector.analysis.as_ref(),
+                inspector.paths_config(),
+            )
         } else {
             EvmFuzzState::new(
                 self.executor.backend().mem_db(),
                 self.config.dictionary,
                 deployed_libs,
+                inspector.analysis.as_ref(),
+                inspector.paths_config(),
             )
         }
     }

crates/evm/evm/src/executors/invariant/mod.rs

@@ -566,10 +566,13 @@ impl<'a> InvariantExecutor<'a> {
             self.select_contracts_and_senders(invariant_contract.address)?;
 
         // Stores fuzz state for use with [fuzz_calldata_from_state].
+        let inspector = self.executor.inspector();
         let fuzz_state = EvmFuzzState::new(
             self.executor.backend().mem_db(),
             self.config.dictionary,
             deployed_libs,
+            inspector.analysis.as_ref(),
+            inspector.paths_config(),
         );
 
         // Creates the invariant strategy.

crates/evm/evm/src/inspectors/stack.rs

@@ -8,6 +8,8 @@ use alloy_primitives::{
     map::{AddressHashMap, HashMap},
 };
 use foundry_cheatcodes::{CheatcodeAnalysis, CheatcodesExecutor, Wallets};
+use foundry_common::compile::Analysis;
+use foundry_compilers::ProjectPathsConfig;
 use foundry_evm_core::{
     ContextExt, Env, InspectorExt,
     backend::{DatabaseExt, JournaledState},
@@ -38,8 +40,8 @@ use std::{
 #[derive(Clone, Debug, Default)]
 #[must_use = "builders do nothing unless you call `build` on them"]
 pub struct InspectorStackBuilder {
-    /// Solar compiler instance, to grant syntactic and semantic analysis capabilities
-    pub analysis: Option<Arc<solar::sema::Compiler>>,
+    /// Solar compiler instance, to grant syntactic and semantic analysis capabilities.
+    pub analysis: Option<Analysis>,
     /// The block environment.
     ///
     /// Used in the cheatcode handler to overwrite the block environment separately from the
@@ -85,7 +87,7 @@ impl InspectorStackBuilder {
 
     /// Set the solar compiler instance that grants syntactic and semantic analysis capabilities
     #[inline]
-    pub fn set_analysis(mut self, analysis: Arc<solar::sema::Compiler>) -> Self {
+    pub fn set_analysis(mut self, analysis: Analysis) -> Self {
         self.analysis = Some(analysis);
         self
     }
@@ -209,6 +211,7 @@ impl InspectorStackBuilder {
             let mut cheatcodes = Cheatcodes::new(config);
             // Set analysis capabilities if they are provided
             if let Some(analysis) = analysis {
+                stack.set_analysis(analysis.clone());
                 cheatcodes.set_analysis(CheatcodeAnalysis::new(analysis));
             }
             // Set wallets if they are provided
@@ -308,11 +311,20 @@ pub struct InspectorStack {
     pub inner: InspectorStackInner,
 }
 
+impl InspectorStack {
+    pub fn paths_config(&self) -> Option<&ProjectPathsConfig> {
+        self.cheatcodes.as_ref().map(|c| &c.config.paths)
+    }
+}
+
 /// All used inpectors besides [Cheatcodes].
 ///
 /// See [`InspectorStack`].
 #[derive(Default, Clone, Debug)]
 pub struct InspectorStackInner {
+    /// Solar compiler instance, to grant syntactic and semantic analysis capabilities.
+    pub analysis: Option<Analysis>,
+
     // Inspectors.
     // These are boxed to reduce the size of the struct and slightly improve performance of the
     // `if let Some` checks.
@@ -388,6 +400,12 @@ impl InspectorStack {
         });
     }
 
+    /// Set the solar compiler instance.
+    #[inline]
+    pub fn set_analysis(&mut self, analysis: Analysis) {
+        self.analysis = Some(analysis);
+    }
+
     /// Set variables from an environment for the relevant inspectors.
     #[inline]
     pub fn set_env(&mut self, env: &Env) {

crates/evm/fuzz/Cargo.toml

@@ -21,6 +21,8 @@ foundry-evm-core.workspace = true
 foundry-evm-coverage.workspace = true
 foundry-evm-traces.workspace = true
 
+solar.workspace = true
+
 alloy-dyn-abi = { workspace = true, features = ["arbitrary", "eip712"] }
 alloy-json-abi.workspace = true
 alloy-primitives = { workspace = true, features = [

crates/evm/fuzz/src/lib.rs

@@ -28,6 +28,7 @@ pub use error::FuzzError;
 
 pub mod invariant;
 pub mod strategies;
+pub use strategies::LiteralMaps;
 
 mod inspector;
 pub use inspector::Fuzzer;