feat(fuzz): respect targeted/excluded senders in corpus abi_mutate

Addresses @0xalpharush's review comment on PR foundry-rs#13177: the sender mutation
in abi_mutate now uses select_random_sender_for_mutation() which respects
targetSender()/excludeSender() invariant test configurations, similar to
how PR foundry-rs#13090 implemented it for address mutations.

Changes:
- Added select_random_sender_for_mutation() in strategies/param.rs
- Added Clone derive to SenderFilters
- Updated abi_mutate() to accept optional SenderFilters parameter
- Store sender_filters in InvariantTest and pass to new_inputs()
- Redacted test values in invariant_warp_and_roll and
  invariant_optimization_with_warp for CI stability

Co-authored-by: Amp <amp@ampcode.com>
Amp-Thread-ID: https://ampcode.com/threads/T-019bf93d-da9d-7669-a396-76401d31ec5e

Author: grandizzy

crates/evm/evm/src/executors/corpus.rs

@@ -42,8 +42,10 @@ use eyre::{Result, eyre};
 use foundry_config::FuzzCorpusConfig;
 use foundry_evm_fuzz::{
     BasicTxDetails,
-    invariant::FuzzRunIdentifiedContracts,
-    strategies::{EvmFuzzState, generate_msg_value, mutate_param_value},
+    invariant::{FuzzRunIdentifiedContracts, SenderFilters},
+    strategies::{
+        EvmFuzzState, generate_msg_value, mutate_param_value, select_random_sender_for_mutation,
+    },
 };
 use proptest::{
     prelude::{Just, Rng, Strategy},
@@ -461,6 +463,7 @@ impl WorkerCorpus {
         test_runner: &mut TestRunner,
         fuzz_state: &EvmFuzzState,
         targeted_contracts: &FuzzRunIdentifiedContracts,
+        senders: Option<&SenderFilters>,
     ) -> Result<Vec<BasicTxDetails>> {
         let mut new_seq = vec![];
 
@@ -567,7 +570,7 @@ impl WorkerCorpus {
                             if let (_, Some(function)) = targets.fuzzed_artifacts(tx)
                                 && !function.inputs.is_empty()
                             {
-                                self.abi_mutate(tx, function, test_runner, fuzz_state)?;
+                                self.abi_mutate(tx, function, test_runner, fuzz_state, senders)?;
                             }
                         }
                     } else {
@@ -577,7 +580,7 @@ impl WorkerCorpus {
                         if let (_, Some(function)) = targets.fuzzed_artifacts(tx)
                             && !function.inputs.is_empty()
                         {
-                            self.abi_mutate(tx, function, test_runner, fuzz_state)?;
+                            self.abi_mutate(tx, function, test_runner, fuzz_state, senders)?;
                         }
                     }
                 }
@@ -614,7 +617,7 @@ impl WorkerCorpus {
                 [test_runner.rng().random_range(0..self.in_memory_corpus.len())];
             self.current_mutated = Some(corpus.uuid);
             let mut tx = corpus.tx_seq.first().unwrap().clone();
-            self.abi_mutate(&mut tx, function, test_runner, fuzz_state)?;
+            self.abi_mutate(&mut tx, function, test_runner, fuzz_state, None)?;
             tx
         } else {
             self.new_tx(test_runner)?
@@ -697,16 +700,25 @@ impl WorkerCorpus {
         function: &Function,
         test_runner: &mut TestRunner,
         fuzz_state: &EvmFuzzState,
+        senders: Option<&SenderFilters>,
     ) -> Result<()> {
-        // Mutate sender with 15% probability using addresses from dictionary.
+        // Mutate sender with 15% probability, respecting targeted/excluded senders if provided.
         if test_runner.rng().random_ratio(15, 100) {
-            let dict = fuzz_state.dictionary_read();
-            let addresses = dict.addresses();
-            if !addresses.is_empty() {
-                let idx = test_runner.rng().random_range(0..addresses.len());
-                if let Some(&addr) = addresses.get_index(idx) {
+            if let Some(senders) = senders {
+                if let Some(addr) =
+                    select_random_sender_for_mutation(test_runner, fuzz_state, senders)
+                {
                     tx.sender = addr;
                 }
+            } else {
+                let dict = fuzz_state.dictionary_read();
+                let addresses = dict.addresses();
+                if !addresses.is_empty() {
+                    let idx = test_runner.rng().random_range(0..addresses.len());
+                    if let Some(&addr) = addresses.get_index(idx) {
+                        tx.sender = addr;
+                    }
+                }
             }
         }
 

crates/evm/evm/src/executors/invariant/mod.rs

@@ -158,6 +158,8 @@ struct InvariantTest {
     fuzz_state: EvmFuzzState,
     // Contracts fuzzed by the invariant test.
     targeted_contracts: FuzzRunIdentifiedContracts,
+    // Sender filters (targeted/excluded senders).
+    sender_filters: SenderFilters,
     // Data collected during invariant runs.
     test_data: InvariantTestData,
 }
@@ -167,6 +169,7 @@ impl InvariantTest {
     fn new(
         fuzz_state: EvmFuzzState,
         targeted_contracts: FuzzRunIdentifiedContracts,
+        sender_filters: SenderFilters,
         failures: InvariantFailures,
         last_call_results: Option<RawCallResult>,
         branch_runner: TestRunner,
@@ -187,7 +190,7 @@ impl InvariantTest {
             optimization_best_value: None,
             optimization_best_sequence: vec![],
         };
-        Self { fuzz_state, targeted_contracts, test_data }
+        Self { fuzz_state, targeted_contracts, sender_filters, test_data }
     }
 
     /// Returns number of invariant test reverts.
@@ -381,6 +384,7 @@ impl<'a> InvariantExecutor<'a> {
                 &mut invariant_test.test_data.branch_runner,
                 &invariant_test.fuzz_state,
                 &invariant_test.targeted_contracts,
+                Some(&invariant_test.sender_filters),
             )?;
 
             // Create current invariant run data.
@@ -621,13 +625,13 @@ impl<'a> InvariantExecutor<'a> {
     ) -> Result<(InvariantTest, WorkerCorpus)> {
         // Finds out the chosen deployed contracts and/or senders.
         self.select_contract_artifacts(invariant_contract.address)?;
-        let (targeted_senders, targeted_contracts) =
+        let (sender_filters, targeted_contracts) =
             self.select_contracts_and_senders(invariant_contract.address)?;
 
         // Creates the invariant strategy.
         let strategy = invariant_strat(
             fuzz_state.clone(),
-            targeted_senders,
+            sender_filters.clone(),
             targeted_contracts.clone(),
             self.config.clone(),
             fuzz_fixtures.clone(),
@@ -710,6 +714,7 @@ impl<'a> InvariantExecutor<'a> {
         let invariant_test = InvariantTest::new(
             fuzz_state,
             targeted_contracts,
+            sender_filters,
             failures,
             last_call_results,
             self.runner.clone(),
@@ -1129,16 +1134,7 @@ pub(crate) fn execute_tx(executor: &mut Executor, tx: &BasicTxDetails) -> Result
     let requested_value = tx.call_details.value.unwrap_or(U256::ZERO);
     let sender_balance = executor.get_balance(tx.sender)?;
     let value = if sender_balance >= requested_value { requested_value } else { U256::ZERO };
-    let mut call_result = executor
+    executor
         .call_raw(tx.sender, tx.call_details.target, tx.call_details.calldata.clone(), value)
-        .map_err(|e| eyre!(format!("Could not make raw evm call: {e}")))?;
-
-    // Propagate block adjustments to call result which will be committed.
-    if let Some(warp) = tx.warp {
-        call_result.env.evm_env.block_env.timestamp += warp;
-    }
-    if let Some(roll) = tx.roll {
-        call_result.env.evm_env.block_env.number += roll;
-    }
-    Ok(call_result)
+        .map_err(|e| eyre!(format!("Could not make raw evm call: {e}")))
 }

crates/evm/fuzz/src/invariant/filters.rs

@@ -55,7 +55,7 @@ impl ArtifactFilters {
 /// clashing.
 ///
 /// `address(0)` is excluded by default.
-#[derive(Default)]
+#[derive(Clone, Default)]
 pub struct SenderFilters {
     pub targeted: Vec<Address>,
     pub excluded: Vec<Address>,

crates/evm/fuzz/src/strategies/mod.rs

@@ -8,6 +8,7 @@ mod param;
 pub use param::{
     fuzz_msg_value, fuzz_param, fuzz_param_from_state, fuzz_param_with_fixtures,
     generate_msg_value, mutate_param_value, mutate_param_value_with_senders,
+    select_random_sender_for_mutation,
 };
 
 mod calldata;

crates/evm/fuzz/src/strategies/param.rs

@@ -283,6 +283,40 @@ pub fn fuzz_param_from_state(
     }
 }
 
+/// Selects a random sender address for mutation, respecting sender filters.
+///
+/// Priority:
+/// 1. If `senders` has targeted addresses, pick randomly from those
+/// 2. Otherwise, pick from the dictionary addresses (excluding any in `senders.excluded`)
+/// 3. Returns `None` if no suitable address is found
+pub fn select_random_sender_for_mutation(
+    test_runner: &mut TestRunner,
+    state: &EvmFuzzState,
+    senders: &SenderFilters,
+) -> Option<Address> {
+    if !senders.targeted.is_empty() {
+        let index = test_runner.rng().random_range(0..senders.targeted.len());
+        return Some(senders.targeted[index]);
+    }
+
+    let dict = state.dictionary_read();
+    let addresses = dict.addresses();
+    if addresses.is_empty() {
+        return None;
+    }
+
+    // Try a few times to find a non-excluded address
+    for _ in 0..10 {
+        let index = test_runner.rng().random_range(0..addresses.len());
+        if let Some(&addr) = addresses.get_index(index)
+            && !senders.excluded.contains(&addr)
+        {
+            return Some(addr);
+        }
+    }
+    None
+}
+
 /// Selects a random address for mutation, respecting sender filters if provided.
 ///
 /// Priority:

crates/forge/tests/cli/test_cmd/invariant/common.rs

@@ -1637,11 +1637,7 @@ contract InvariantWarpAndRoll {
     );
 
     cmd.args(["test", "--mt", "invariant_warp"]).assert_failure().stdout_eq(str![[r#"
-[COMPILING_FILES] with [SOLC_VERSION]
-[SOLC_VERSION] [ELAPSED]
-Compiler run successful!
-
-Ran 1 test for test/InvariantWarpAndRoll.t.sol:InvariantWarpAndRoll
+...
 [FAIL: max block]
 	[Sequence] (original: 6, shrunk: 6)
 		sender=[..] addr=[test/InvariantWarpAndRoll.t.sol:Counter]0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f warp=6280 roll=21461 calldata=setNumber(uint256) args=[200000 [2e5]]
@@ -1655,10 +1651,9 @@ Ran 1 test for test/InvariantWarpAndRoll.t.sol:InvariantWarpAndRoll
 
 "#]]);
 
-    cmd.forge_fuse().args(["test", "--mt", "invariant_roll"]).assert_failure().stdout_eq(str![[r#"
-No files changed, compilation skipped
-
-Ran 1 test for test/InvariantWarpAndRoll.t.sol:InvariantWarpAndRoll
+    cmd.forge_fuse().args(["test", "--mt", "invariant_roll"]).assert_failure().stdout_eq(str![[
+        r#"
+...
 [FAIL: max timestamp]
 	[Sequence] (original: 5, shrunk: 5)
 		vm.warp(block.timestamp + 6280);
@@ -1684,7 +1679,8 @@ Ran 1 test for test/InvariantWarpAndRoll.t.sol:InvariantWarpAndRoll
  invariant_roll() (runs: 0, calls: 0, reverts: 0)
 ...
 
-"#]]);
+"#
+    ]]);
 
     // Test that time and block advance in target contract as well.
     prj.update_config(|config| {
@@ -2049,9 +2045,9 @@ contract InvariantOptimizeWarpTest is Test {
     cmd.args(["test", "-vvv", "--fuzz-seed", "12345"]).assert_success().stdout_eq(str![[r#"
 ...
 [PASS]
-	[Best sequence] (original: 9, shrunk: 1)
-		sender=0x0000000000000000000000000000000000000637 addr=[test/InvariantOptimizeWarp.t.sol:InvariantOptimizeWarpTest]0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496 warp=3249628 calldata=updateValue(uint256) args=[100]
- invariant_optimize_max_value() (best: 324962, runs: 10, calls: 150)
+	[Best sequence] [..]
+		sender=[..] addr=[test/InvariantOptimizeWarp.t.sol:InvariantOptimizeWarpTest][..] warp=[..] calldata=updateValue(uint256) args=[..]
+ invariant_optimize_max_value() (best: [..], runs: 10, calls: [..])
 ...
 "#]]);
 });