Native M1 development support and releases with Nix (#700)

Author: arcz

.github/workflows/nix.yml

@@ -18,7 +18,7 @@ jobs:
           - ubuntu-latest
           - macos-latest
     steps:
-    - uses: actions/checkout@v2.3.4
+    - uses: actions/checkout@v2.4.0
     - uses: cachix/install-nix-action@v16
       with:
         nix_path: nixpkgs=channel:nixos-unstable

README.md

@@ -73,7 +73,7 @@ Our tool signals each execution trace in the corpus with the following "line mar
  - `*` if an execution ended with a STOP
  - `r` if an execution ended with a REVERT
  - `o` if an execution ended with an out-of-gas error
- - `e` if an execution ended with any other error (zero division, assertion failure, etc) 
+ - `e` if an execution ended with any other error (zero division, assertion failure, etc)
 
 ### Support for smart contract build systems
 
@@ -171,16 +171,16 @@ checking for these would be a good place to start.
 
 Our [Building Secure Smart Contracts](https://github.com/crytic/building-secure-contracts/tree/master/program-analysis/echidna#echidna-tutorial) repository contains a crash course on Echidna, including examples, lessons and exercises.
 
-### Limitations and known issues
+## Limitations and known issues
 
 EVM emulation and testing is hard. Echidna has a number of limitations in the latest release. Some of these are inherited from [hevm](https://github.com/dapphub/dapptools/tree/master/src/hevm) while some are results from design/performance decisions or simply bugs in our code. We list them here including their corresponding issue and the status ("wont fix", "in review", "fixed"). Issues that are "fixed" are expected to be included in the next Echidna release.
 
-| Description |  Issue   | Status   |  
+| Description |  Issue   | Status   |
 | :--- |     :---:              |         :---:   |
 | Debug information can be insufficient | [#656](https://github.com/crytic/echidna/issues/656) | *[in review for 2.0](https://github.com/crytic/echidna/pull/674)* |
 | Vyper support is limited | [#652](https://github.com/crytic/echidna/issues/652) | *wont fix* |
 | Limited library support for testing | [#651](https://github.com/crytic/echidna/issues/651) | *wont fix* |
-| If the contract is not properly linked, Echidna will crash | [#514](https://github.com/crytic/echidna/issues/514) | *in review* | 
+| If the contract is not properly linked, Echidna will crash | [#514](https://github.com/crytic/echidna/issues/514) | *in review* |
 | Assertions are not detected in internal transactions | [#601](https://github.com/crytic/echidna/issues/601) | *[in review for 2.0](https://github.com/crytic/echidna/pull/674)* |
 | Assertions are not detected in solc 0.8.x | [#669](https://github.com/crytic/echidna/issues/669) | *[in review for 2.0](https://github.com/crytic/echidna/pull/674)* |
 | Value generation can fail in multi-abi mode, since the function hash is not precise enough | [#579](https://github.com/crytic/echidna/issues/579) | *[in review for 2.0](https://github.com/crytic/echidna/pull/674)*|
@@ -215,13 +215,22 @@ Some Linux distributions do not ship static libraries for certain things that Ha
 
 If you're getting errors building related to linking, try tinkering with `--extra-include-dirs` and `--extra-lib-dirs`.
 
-### Building using Nix
+### Building using Nix (works natively on Apple M1 systems)
 
-Nix users can install the lastest Echidna with:
+[Nix users](https://nixos.org/download.html) can install the lastest Echidna with:
 ```
 $ nix-env -i -f https://github.com/crytic/echidna/tarball/master
 ```
 
+To build a standalone release for non-Nix macOS systems, the following will
+bundle Echidna and all linked dylibs in a tarball:
+
+```
+$ nix-build macos-release.nix
+$ ll result/
+bin    echidna-1.7.3-aarch64-darwin.tar.gz
+```
+
 It is possible to develop Echidna with Cabal inside `nix-shell`. Nix will automatically
 install all the dependencies required for development including `crytic-compile` and `solc`.
 A quick way to get GHCi with Echidna ready for work:
@@ -253,7 +262,7 @@ This is a partial list of smart contracts projects that use Echidna for testing:
 * [Aragon Staking](https://github.com/aragon/staking/blob/82bf54a3e11ec4e50d470d66048a2dd3154f940b/packages/protocol/contracts/test/lib/EchidnaStaking.sol)
 * [Centre Token](https://github.com/centrehq/centre-tokens/tree/master/echidna_tests)
 * [Tokencard](https://github.com/tokencard/contracts/tree/master/tools/echidna)
-* [Minimalist USD Stablecoin](https://github.com/usmfum/USM/pull/41) 
+* [Minimalist USD Stablecoin](https://github.com/usmfum/USM/pull/41)
 
 ### Trophies
 
@@ -280,7 +289,7 @@ The following security vulnerabilities were found by Echidna. If you found a sec
 
 We can also use Echidna to reproduce research examples from smart contract fuzzing papers to show how quickly it can find the solution. All these can be solved, from a few seconds to one or two minutes on a laptop computer.
 
-| Source | Code 
+| Source | Code
 |--|--
 [Using automatic analysis tools with MakerDAO contracts](https://forum.openzeppelin.com/t/using-automatic-analysis-tools-with-makerdao-contracts/1021) | [SimpleDSChief](https://github.com/crytic/echidna/blob/master/examples/solidity/research/vera_dschief.sol)
 [Integer precision bug in Sigma Prime](https://github.com/b-mueller/sabre#example-2-integer-precision-bug) | [VerifyFunWithNumbers](https://github.com/crytic/echidna/blob/master/examples/solidity/research/solcfuzz_funwithnumbers.sol)

default.nix

@@ -1,12 +1,7 @@
-{ pkgs ? import (builtins.fetchTarball {
-    name = "nixpkgs-unstable-2021-10-15";
-    url = "https://github.com/nixos/nixpkgs/archive/ee084c02040e864eeeb4cf4f8538d92f7c675671.tar.gz";
-    sha256 = "sha256:1x8amcixdaw3ryyia32pb706vzhvn5whq9n8jin0qcha5qnm1fnh";
-  }) {},
+{ pkgs ? import nix/pkgs.nix,
   profiling ? false,
   tests ? true
 }:
-
 let
   # this is not perfect for development as it hardcodes solc to 0.5.7, test suite runs fine though
   # would be great to integrate solc-select to be more flexible, improve this in future
@@ -30,11 +25,9 @@ let
     '';
   };
 
-  slither-analyzer = pkgs.slither-analyzer.override { withSolc = false; };
-
-  v = "1.7.2";
+  v = "1.7.3";
 
-  testInputs = [ slither-analyzer solc ];
+  testInputs = [ pkgs.slither-analyzer solc ];
 
   f = { mkDerivation, aeson, ansi-terminal, base, base16-bytestring, binary
       , brick, bytestring, cborg, containers, data-dword, data-has, deepseq
@@ -53,17 +46,16 @@ let
         libraryHaskellDepends = [
           aeson ansi-terminal base base16-bytestring binary brick bytestring
           cborg containers data-dword data-has deepseq directory exceptions
-          filepath hashable hevm lens lens-aeson megaparsec MonadRandom mtl
-          optparse-applicative process random stm temporary text transformers
-          unix unliftio unliftio-core unordered-containers vector
+          filepath hashable hevm lens lens-aeson ListLike megaparsec MonadRandom
+          mtl optparse-applicative process random semver stm temporary text
+          transformers unix unliftio unliftio-core unordered-containers vector
           vector-instances vty wl-pprint-annotated word8 yaml extra ListLike
-          semver
         ] ++ (if pkgs.lib.inNixShell then testHaskellDepends else []);
         executableHaskellDepends = libraryHaskellDepends;
         testHaskellDepends = [ tasty tasty-hunit tasty-quickcheck ];
-        libraryToolDepends = [ hpack ];
         testToolDepends = testInputs;
         configureFlags = if profiling then [ "--enable-profiling" "--enable-library-profiling" ] else [];
+        libraryToolDepends = [ hpack pkgs.slither-analyzer solc ];
         preConfigure = ''
           hpack
           # re-enable dynamic build for Linux
@@ -81,6 +73,8 @@ let
     buildInputs = with pkgs.haskellPackages; [
       hlint
       cabal-install
+    ] ++ pkgs.lib.optional (!pkgs.stdenv.isAarch64) [
+      # this doesn't work due to ormolu not building
       haskell-language-server
     ];
     nativeBuildInputs = if tests then [] else testInputs;

macos-release.nix

@@ -0,0 +1,33 @@
+{ tests ? false }:
+let
+  pkgs = import nix/pkgs.nix;
+  echidna = import ./. { inherit tests; };
+in
+  with pkgs; runCommand "echidna-${echidna.version}-bundled-dylibs" {
+    buildInputs = [
+      macdylibbundler
+      darwin.sigtool
+      darwin.cctools
+    ];
+  } ''
+    mkdir -p $out/bin
+    cp ${echidna}/bin/echidna-test $out/bin/echidna-test
+    chmod 755 $out/bin/echidna-test
+    dylibbundler -b \
+      -x $out/bin/echidna-test \
+      -d $out/bin \
+      -p '@executable_path'
+
+    # Manually fix iconv dylib ignored by dylibbundler
+    cp ${pkgs.libiconv.outPath}/lib/libiconv-nocharset.dylib $out/bin/
+    cp ${pkgs.libiconv.outPath}/lib/libcharset.1.0.0.dylib $out/bin/libcharset.1.dylib
+    chmod 755 $out/bin/libiconv-nocharset.dylib $out/bin/libcharset.1.dylib
+    install_name_tool -id "@rpath/libiconv-nocharset.dylib" $out/bin/libiconv-nocharset.dylib
+    install_name_tool -id "@rpath/libcharset.1.dylib" $out/bin/libcharset.1.dylib
+    install_name_tool -change ${pkgs.libiconv.outPath}/lib/libiconv-nocharset.dylib "@executable_path/libiconv-nocharset.dylib" $out/bin/libiconv.dylib
+    install_name_tool -change ${pkgs.libiconv.outPath}/lib/libcharset.1.dylib "@executable_path/libcharset.1.dylib" $out/bin/libiconv.dylib
+
+    # re-sign the binaries since the load paths were modified
+    codesign -s - -f $out/bin/*
+    tar -czvf $out/echidna-${echidna.version}-${stdenv.system}.tar.gz -C $out/bin .
+  ''

nix/pkgs.nix

@@ -0,0 +1,5 @@
+import (builtins.fetchTarball {
+  name = "nixpkgs-unstable-2022-01-07";
+  url = "https://github.com/nixos/nixpkgs/archive/d77bbfcbb650d9c219ca3286e1efb707b922d7c2.tar.gz";
+  sha256 = "sha256:1wh9qr6wvnfaprws2kbm4n9wxbckzh5d33lc4xfk6ama9bhbxr92";
+}) { }