Add values from tuple elements into the dictionary (crytic#1406)

* add values from tuple elements into the dictionary

* added test

* avoid adding cheatcode into dictionary

Author: gustavo-grieco

lib/Echidna/Campaign.hs

@@ -26,10 +26,11 @@ import Data.Set (Set)
 import Data.Set qualified as Set
 import Data.Text (Text, unpack)
 import Data.Time (LocalTime)
+import Data.Vector qualified as V
 import System.Random (mkStdGen)
 
 import EVM (cheatCode)
-import EVM.ABI (getAbi, AbiType(AbiAddressType), AbiValue(AbiAddress))
+import EVM.ABI (getAbi, AbiType(AbiAddressType, AbiTupleType), AbiValue(AbiAddress, AbiTuple), abiValueType)
 import EVM.Dapp (DappInfo(..))
 import EVM.Types hiding (Env, Frame(state), Gas)
 import EVM.Solidity (SolcContract(..), Method(..))
@@ -521,20 +522,32 @@ callseq vm txSeq = do
     -> (FunctionName -> Maybe AbiType)
     -> Map AbiType (Set AbiValue)
   returnValues txResults returnTypeOf =
-    Map.fromList . flip mapMaybe txResults $ \(tx, result) -> do
-      case result of
+    Map.unionsWith Set.union . mapMaybe extractValues $ txResults
+    where
+      extractValues (tx, result) = case result of
         VMSuccess (ConcreteBuf buf) -> do
           fname <- case tx.call of
             SolCall (fname, _) -> Just fname
             _ -> Nothing
           type' <- returnTypeOf fname
           case runGetOrFail (getAbi type') (LBS.fromStrict buf) of
-            -- make sure we don't use cheat codes to form fuzzing call sequences
-            Right (_, _, abiValue) | abiValue /= AbiAddress (forceAddr cheatCode) ->
-              Just (type', Set.singleton abiValue)
+            Right (_, _, abiValue) ->
+              if isTuple type'
+                then Just $ Map.fromListWith Set.union
+                      [ (abiValueType val, Set.singleton val)
+                      | val <- filter (/= AbiAddress (forceAddr cheatCode)) $ V.toList $ getTupleVector abiValue
+                      ]
+                else if abiValue /= AbiAddress (forceAddr cheatCode)
+                  then Just $ Map.singleton type' (Set.singleton abiValue)
+                  else Nothing
             _ -> Nothing
         _ -> Nothing
 
+      isTuple (AbiTupleType _) = True
+      isTuple _ = False
+      getTupleVector (AbiTuple ts) = ts
+      getTupleVector _ = error "Not a tuple!"
+
   -- | Add transactions to the corpus, discarding reverted ones
   addToCorpus :: Int -> [(Tx, VMResult Concrete RealWorld)] -> Corpus -> Corpus
   addToCorpus n res corpus =

src/test/Tests/Values.hs

@@ -8,7 +8,7 @@ import Echidna.Types.Worker (WorkerType(..))
 
 valuesTests :: TestTree
 valuesTests = testGroup "Value extraction tests"
-  [ 
+  [
     testContract "values/nearbyMining.sol" Nothing
       [ ("echidna_findNearby passed", solved "echidna_findNearby") ]
     , testContract' "values/smallValues.sol" Nothing Nothing (Just "coverage/test.yaml") False FuzzWorker
@@ -46,6 +46,8 @@ valuesTests = testGroup "Value extraction tests"
     , testContract' "values/contract.sol" (Just "Test") Nothing (Just "values/contract.yaml") False FuzzWorker
       [ ("verify_first passed",                    solved      "verify_first")
       , ("verify_later passed",                    solved      "verify_later") ]
+    , testContract' "values/struct.sol"      Nothing Nothing (Just "values/contract.yaml") False FuzzWorker
+      [ ("getItem passed",                   solved      "getItem") ]
     , testContract' "values/events.sol" Nothing Nothing (Just "values/events.yaml") False FuzzWorker
       [ ("check passed",                           solved      "check") ]
   ]

tests/solidity/values/struct.sol

@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: MIT
+pragma experimental ABIEncoderV2;
+
+contract Marketplace {
+    uint256 internal currentKey = 1375566;
+    struct Item {
+	uint16 nonsense;
+        uint256 keyId;
+        bytes32 data;
+    }
+
+    mapping(uint256 => Item) public items;
+
+    function addItem(bytes32 _data) public returns (Item memory) {
+	currentKey += 174; 
+
+        // Store the item
+        items[currentKey] = Item({
+	    nonsense: 43,
+            keyId: currentKey,
+            data: _data
+        });
+	return items[currentKey];
+    }
+
+    function getItem(uint256 _keyId) public view {
+        assert(items[_keyId].keyId == 0);
+    }
+}
+