Merge branch 'master' into dev-sym-exec-fixes

Author: gustavo-grieco

.github/workflows/ci.yml

@@ -10,7 +10,7 @@ on:
 
 env:
   # Tag for cache invalidation
-  CACHE_VERSION: v9
+  CACHE_VERSION: v10
 
 jobs:
   build:
@@ -23,7 +23,7 @@ jobs:
           - os: ubuntu-latest
             shell: bash
             container: "{\"image\": \"elopeztob/alpine-haskell-stack-echidna:ghc-9.8.4\", \"options\": \"--user 1001\"}"
-          - os: macos-13 # x86_64 macOS
+          - os: macos-15-intel # x86_64 macOS
             shell: bash
           - os: windows-latest
             shell: msys2 {0}

.github/workflows/release.yml

@@ -29,7 +29,7 @@ jobs:
             name: Linux (aarch64)
             tuple: aarch64-linux
             timeout: 180
-          - os: macos-13
+          - os: macos-15-intel
             name: macOS (x86_64)
             tuple: x86_64-macos
           - os: macos-14

lib/Echidna.hs

@@ -4,22 +4,24 @@ import Control.Concurrent (newChan)
 import Control.Monad.Catch (MonadThrow(..))
 import Control.Monad.ST (RealWorld)
 import Data.IORef (newIORef)
-import Data.List (find)
+import Data.List (find, nub)
 import Data.List.NonEmpty (NonEmpty)
 import Data.List.NonEmpty qualified as NE
 import Data.Map.Strict qualified as Map
+import Data.Maybe (mapMaybe)
 import Data.Set qualified as Set
 import System.FilePath ((</>))
 
 import EVM (cheatCode)
 import EVM.ABI (AbiValue(AbiAddress))
 import EVM.Dapp (dappInfo)
-import EVM.Solidity (BuildOutput(..), Contracts(Contracts))
+import EVM.Solidity (BuildOutput(..), Contracts(Contracts), Method(..), Mutability(..), SolcContract(..))
 import EVM.Types hiding (Env)
 
 import Echidna.ABI
 import Echidna.Onchain as Onchain
 import Echidna.Output.Corpus
+import Echidna.SourceMapping (findSrcForReal)
 import Echidna.SourceAnalysis.Slither
 import Echidna.Solidity
 import Echidna.SymExec.Symbolic (forceAddr)
@@ -72,22 +74,28 @@ prepareContract cfg solFiles buildOutput selectedContract seed = do
 
   -- deploy contracts
   vm <- loadSpecified env mainContract contracts
-
   let
     deployedAddresses = Set.fromList $ AbiAddress . forceAddr <$> Map.keys vm.env.contracts
     constants = enhanceConstants slitherInfo
                 <> timeConstants
                 <> extremeConstants
                 <> staticAddresses solConf
                 <> deployedAddresses
-
+    deployedSolcContracts = nub $ mapMaybe (findSrcForReal env.dapp) $ Map.elems vm.env.contracts
+    nonViewPureSigs = concatMap (mapMaybe (\ (Method {name, inputs, mutability}) -> 
+      case mutability of
+        View -> Nothing
+        Pure -> Nothing
+        Payable -> Just (name, map snd inputs)
+        NonPayable -> Just (name, map snd inputs))
+      . Map.elems . (\ (SolcContract {abiMap}) -> abiMap)) deployedSolcContracts
     dict = mkGenDict env.cfg.campaignConf.dictFreq
                      -- make sure we don't use cheat codes to form fuzzing call sequences
                      (Set.delete (AbiAddress $ forceAddr cheatCode) constants)
                      Set.empty
                      seed
                      (returnTypes contracts)
-
+                     nonViewPureSigs
   pure (vm, env, dict)
 
 loadInitialCorpus :: Env -> IO [(FilePath, [Tx])]

lib/Echidna/ABI.hs

@@ -1,6 +1,6 @@
 module Echidna.ABI where
 
-import Control.Monad (liftM2, liftM3, foldM, replicateM)
+import Control.Monad (liftM2, liftM3, foldM, replicateM, zipWithM)
 import Control.Monad.Random.Strict (MonadRandom, join, getRandom, getRandoms, getRandomR, uniform, fromList)
 import Control.Monad.Random.Strict qualified as Random
 import Data.Binary.Put (runPut, putWord32be)
@@ -121,6 +121,8 @@ data GenDict = GenDict
     -- ^ Return types of any methods we scrape return values from
   , dictValues :: !(Set W256)
     -- ^ A set of int/uint constants for better performance
+  , callbackSigs    :: ![SolSignature]
+    -- ^ A list of callback signatures (for generating random callbacks)
   }
 
 hashMapBy
@@ -142,6 +144,7 @@ mkGenDict
   -> Set SolCall  -- ^ A list of complete 'SolCall's to mutate
   -> Int          -- ^ A default seed
   -> (Text -> Maybe AbiType) -- ^ A return value typing rule
+  -> [SolSignature]
   -> GenDict
 mkGenDict mutationChance abiValues solCalls seed typingRule =
   GenDict mutationChance
@@ -152,7 +155,7 @@ mkGenDict mutationChance abiValues solCalls seed typingRule =
           (mkDictValues abiValues)
 
 emptyDict :: GenDict
-emptyDict = mkGenDict 0 Set.empty Set.empty 0 (const Nothing)
+emptyDict = mkGenDict 0 Set.empty Set.empty 0 (const Nothing) []
 
 mkDictValues :: Set AbiValue -> Set W256
 mkDictValues =
@@ -382,31 +385,50 @@ pregenAbiAdds = map (AbiAddress . fromIntegral) pregenAdds
 -- | Synthesize a random 'AbiValue' given its 'AbiType'. Requires a dictionary.
 -- Only produce lists with number of elements in the range [1, 32]
 genAbiValueM :: MonadRandom m => GenDict -> AbiType -> m AbiValue
-genAbiValueM genDict = genWithDict genDict genDict.constants $ \case
-  AbiUIntType n         -> fixAbiUInt n . fromInteger <$> getRandomUint n
-  AbiIntType n          -> fixAbiInt n . fromInteger <$> getRandomInt n
-  AbiAddressType        -> rElem $ NE.fromList pregenAbiAdds
-  AbiBoolType           -> AbiBool <$> getRandom
-  AbiBytesType n        -> AbiBytes n . BS.pack . take n <$> getRandoms
-  AbiBytesDynamicType   -> liftM2 (\n -> AbiBytesDynamic . BS.pack . take n)
-                                  (getRandomR (1, 32)) getRandoms
-  AbiStringType         -> liftM2 (\n -> AbiString       . BS.pack . take n)
-                                  (getRandomR (1, 32)) getRandoms
-  AbiArrayDynamicType t -> fmap (AbiArrayDynamic t) $ getRandomR (1, 32)
-                           >>= flip V.replicateM (genAbiValueM genDict t)
-  AbiArrayType n t      -> AbiArray n t <$> V.replicateM n (genAbiValueM genDict t)
-  AbiTupleType v        -> AbiTuple <$> traverse (genAbiValueM genDict) v
-  AbiFunctionType       -> liftM2 (\n -> AbiString . BS.pack . take n)
-                                  (getRandomR (1, 32)) getRandoms
+genAbiValueM genDict = genAbiValueM' genDict "" 0
+
+genAbiValueM' :: MonadRandom m => GenDict -> Text -> Int -> AbiType -> m AbiValue
+genAbiValueM' genDict funcName depth t =
+  let go = \case
+        AbiUIntType n         -> fixAbiUInt n . fromInteger <$> getRandomUint n
+        AbiIntType n          -> fixAbiInt n . fromInteger <$> getRandomInt n
+        AbiAddressType        -> rElem $ NE.fromList pregenAbiAdds
+        AbiBoolType           -> AbiBool <$> getRandom
+        AbiBytesType n        -> AbiBytes n . BS.pack . take n <$> getRandoms
+        AbiBytesDynamicType   ->
+          let
+            filteredSigs = filter ((/= funcName) . fst) genDict.callbackSigs
+          in if null filteredSigs || depth >= 2 then
+               liftM2 (\n -> AbiBytesDynamic . BS.pack . take n)
+                 (getRandomR (1, 32)) getRandoms
+             else
+               join $ Random.weighted
+                 [ (do
+                     sig@(_, types) <- uniform filteredSigs
+                     params <- V.fromList <$> mapM (genAbiValueM' genDict "" $ depth + 1) types
+                     pure $ AbiBytesDynamic (abiCalldata (encodeSig sig) params), 9)
+                 , (liftM2 (\n -> AbiBytesDynamic . BS.pack . take n)
+                     (getRandomR (1, 8)) getRandoms, 1)
+                 ]
+        AbiStringType         -> liftM2 (\n -> AbiString       . BS.pack . take n)
+                                        (getRandomR (1, 32)) getRandoms
+        AbiArrayDynamicType t' -> fmap (AbiArrayDynamic t') $ getRandomR (1, 32)
+                                 >>= flip V.replicateM (genAbiValueM' genDict funcName (depth + 1) t')
+        AbiArrayType n t'      -> AbiArray n t' <$> V.replicateM n (genAbiValueM' genDict funcName (depth + 1) t')
+        AbiTupleType v        -> AbiTuple <$> traverse (genAbiValueM' genDict funcName (depth + 1)) v
+        AbiFunctionType       -> liftM2 (\n -> AbiString . BS.pack . take n)
+                                        (getRandomR (1, 32)) getRandoms
+  in genWithDict genDict genDict.constants go t
 
 -- | Given a 'SolSignature', generate a random 'SolCall' with that signature,
 -- possibly with a dictionary.
 genAbiCallM :: MonadRandom m => GenDict -> SolSignature -> m SolCall
-genAbiCallM genDict abi = do
+genAbiCallM genDict (name, types) = do
+  let genVals = zipWithM (flip (genAbiValueM' genDict name)) types (repeat 0)
   solCall <- genWithDict genDict
                          genDict.wholeCalls
-                         (traverse $ traverse (genAbiValueM genDict))
-                         abi
+                         (const ((name,) <$> genVals))
+                         (name, types)
   mutateAbiCall solCall
 
 -- | Given a list of 'SolSignature's, generate a random 'SolCall' for one,

lib/Echidna/Config.hs

@@ -98,6 +98,7 @@ instance FromJSON EConfigWithUsage where
         <*> v ..:? "coverageDir" ..!= Nothing
         <*> v ..:? "mutConsts" ..!= defaultMutationConsts
         <*> v ..:? "coverageFormats" ..!= [Txt,Html,Lcov]
+        <*> v ..:? "coverageExcludes" ..!= []
         <*> v ..:? "workers"
         <*> v ..:? "server"
         <*> v ..:? "symExec"            ..!= False

lib/Echidna/Output/Foundry.hs

@@ -0,0 +1,96 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards   #-}
+{-# LANGUAGE TemplateHaskell   #-}
+
+module Echidna.Output.Foundry (foundryTest) where
+
+import Data.Aeson (Value(..), object, (.=))
+import Data.List (elemIndex, nub)
+import Data.Maybe (fromMaybe, mapMaybe)
+import Data.Text (Text, unpack)
+import Data.Text.Encoding (decodeUtf8)
+import qualified Data.Text.Lazy as TL
+import Data.Text.Lazy (fromStrict)
+import Data.Vector as V hiding ((++), map, zipWith, elemIndex, mapMaybe)
+import EVM.ABI (AbiValue(..))
+import EVM.Types (W256, Addr)
+import Numeric (showHex)
+import Text.Mustache (Template, substituteValue, toMustache)
+import Text.Mustache.Compile (embedTemplate)
+
+import Echidna.Types.Test (EchidnaTest(..), TestType(..))
+import Echidna.Types.Tx (Tx(..), TxCall(..))
+
+template :: Template
+template = $(embedTemplate ["lib/Echidna/Output/assets"] "foundry.mustache")
+
+-- | Generate a Foundry test from an EchidnaTest result.
+foundryTest :: Maybe Text -> EchidnaTest -> TL.Text
+foundryTest mContractName test =
+  case test.testType of
+    AssertionTest{} ->
+      let testData = createTestData mContractName test
+      in fromStrict $ substituteValue template (toMustache testData)
+    _ -> ""
+
+-- | Create an Aeson Value from test data for the Mustache template.
+createTestData :: Maybe Text -> EchidnaTest -> Value
+createTestData mContractName test =
+  let
+    senders = nub $ map (.src) test.reproducer
+    actors = zipWith actorObject senders [1..]
+    repro = mapMaybe (foundryTx senders) test.reproducer
+    cName = fromMaybe "YourContract" mContractName
+  in
+  object
+    [ "testName"     .= ("Test" :: Text)
+    , "contractName" .= cName
+    , "actors"       .= actors
+    , "reproducer"   .= repro
+    ]
+
+-- | Create a JSON object for an actor.
+actorObject :: Addr -> Int -> Value
+actorObject sender i = object
+  [ "name"    .= ("USER" ++ show i :: String)
+  , "address" .= formatAddr sender
+  ]
+
+-- | Format an address for Solidity.
+formatAddr :: Addr -> String
+formatAddr addr = "address(0x" ++ showHex (fromIntegral addr :: W256) "" ++ ")"
+
+-- | Generate a single transaction line for the reproducer.
+foundryTx :: [Addr] -> Tx -> Maybe Value
+foundryTx senders tx =
+  case tx.call of
+    SolCall (name, args) ->
+      let
+        (time, blocks) = tx.delay
+        senderName =
+          case elemIndex tx.src senders of
+            Just i -> "USER" ++ show (i + 1)
+            Nothing -> formatAddr tx.src
+        prelude =
+          (if time > 0 || blocks > 0 then "    _delay(" ++ show time ++ ", " ++ show blocks ++ ");\n" else "") ++
+          "    _setUpActor(" ++ senderName ++ ");"
+        call = "    Target." ++ unpack name ++ "(" ++ foundryArgs (map abiValueToString args) ++ ");"
+      in Just $ object ["prelude" .= prelude, "call" .= call]
+    _ -> Nothing
+
+-- | Format arguments for a Solidity call.
+foundryArgs :: [String] -> String
+foundryArgs [] = ""
+foundryArgs [x] = x
+foundryArgs (x:xs) = x ++ ", " ++ foundryArgs xs
+
+-- | Convert an AbiValue to its string representation for Solidity.
+abiValueToString :: AbiValue -> String
+abiValueToString (AbiUInt _ w) = show w
+abiValueToString (AbiInt _ w) = show w
+abiValueToString (AbiAddress a) = "address(0x" ++ showHex (fromIntegral a :: W256) "" ++ ")"
+abiValueToString (AbiBool b) = if b then "true" else "false"
+abiValueToString (AbiBytes _ bs) = "hex\"" ++ unpack (decodeUtf8 bs) ++ "\""
+abiValueToString (AbiString s) = show s
+abiValueToString (AbiTuple vs) = "(" ++ foundryArgs (map abiValueToString (V.toList vs)) ++ ")"
+abiValueToString _ = ""