Merge branch 'master' into fixed-sym-exec

Author: elopez

CHANGELOG.md

@@ -1,3 +1,7 @@
+## Unreleased
+* Dropped Etheno support (#1402)
+* Dropped `estimateGas` support and auxiliary code (#1403)
+
 ## 2.2.7
 
 * feat: show which project is being fuzzed (#1381)

README.md

@@ -15,8 +15,6 @@ More seriously, Echidna is a Haskell program designed for fuzzing/property-based
 * Interactive terminal UI, text-only or JSON output
 * Automatic test case minimization for quick triage
 * Seamless integration into the development workflow
-* Maximum gas usage reporting of the fuzzing campaign
-* Support for a complex contract initialization with [Etheno](https://github.com/crytic/etheno) and Truffle
 
 .. and [a beautiful high-resolution handcrafted logo](https://raw.githubusercontent.com/crytic/echidna/master/echidna.png).
 
@@ -85,7 +83,7 @@ Our tool signals each execution trace in the corpus with the following "line mar
 
 Echidna can test contracts compiled with different smart contract build systems, including [Foundry](https://book.getfoundry.sh/), [Hardhat](https://hardhat.org/), and [Truffle](https://archive.trufflesuite.com/), using [crytic-compile](https://github.com/crytic/crytic-compile). To invoke Echidna with the current compilation framework, use `echidna .`.
 
-On top of that, Echidna supports two modes of testing complex contracts. Firstly, one can [describe an initialization procedure with Truffle and Etheno](https://github.com/crytic/building-secure-contracts/blob/master/program-analysis/echidna/advanced/end-to-end-testing.md) and use that as the base state for Echidna. Secondly, Echidna can call into any contract with a known ABI by passing in the corresponding Solidity source in the CLI. Use `allContracts: true` in your config to turn this on.
+On top of that, Echidna supports two modes of testing complex contracts. Firstly, one can [take advantage of existing network state](https://secure-contracts.com/program-analysis/echidna/advanced/state-network-forking.html) and use that as the base state for Echidna. Secondly, Echidna can call into any contract with a known ABI by passing in the corresponding Solidity source in the CLI. Use `allContracts: true` in your config to turn this on.
 
 ### Crash course on Echidna
 
@@ -124,8 +122,7 @@ Campaign = {
   "error"        : string?,
   "tests"        : [Test],
   "seed"         : number,
-  "coverage"     : Coverage,
-  "gas_info"     : [GasInfo]
+  "coverage"     : Coverage
 }
 Test = {
   "contract"     : string,
@@ -144,9 +141,7 @@ Transaction = {
 }
 ```
 
-`Coverage` is a dict describing certain coverage-increasing calls.
-Each `GasInfo` entry is a tuple that describes how maximal
-gas usage was achieved, and is also not too important. These interfaces are
+`Coverage` is a dict describing certain coverage-increasing calls. These interfaces are
 subject to change to be slightly more user-friendly at a later date. `testType`
 will either be `property` or `assertion`, and `status` always takes on either
 `fuzzing`, `shrinking`, `solved`, `passed`, or `error`.

lib/Echidna.hs

@@ -93,13 +93,12 @@ prepareContract cfg solFiles buildOutput selectedContract seed = do
 
 loadInitialCorpus :: Env -> IO [(FilePath, [Tx])]
 loadInitialCorpus env = do
-  -- load transactions from init sequence (if any)
   case env.cfg.campaignConf.corpusDir of
-       Nothing -> pure []
-       Just dir
-         -> do ctxs1 <- loadTxs (dir </> "reproducers")
-               ctxs2 <- loadTxs (dir </> "coverage")
-               pure (ctxs1 ++ ctxs2)
+    Nothing -> pure []
+    Just dir -> do
+      ctxs1 <- loadTxs (dir </> "reproducers")
+      ctxs2 <- loadTxs (dir </> "coverage")
+      pure (ctxs1 ++ ctxs2)
 
 mkEnv :: EConfig -> BuildOutput -> [EchidnaTest] -> World -> Maybe SlitherInfo -> IO Env
 mkEnv cfg buildOutput tests world slitherInfo = do

lib/Echidna/Campaign.hs

@@ -46,7 +46,6 @@ import Echidna.SymExec.Exploration (exploreContract, getTargetMethodFromTx, getR
 import Echidna.SymExec.Verification (verifyMethod)
 import Echidna.Test
 import Echidna.Transaction
-import Echidna.Types (Gas)
 import Echidna.Types.Campaign
 import Echidna.Types.Corpus (Corpus, corpusSize)
 import Echidna.Types.Coverage (coverageStats)
@@ -141,7 +140,6 @@ runSymWorker callback vm dict workerId _ name = do
   effectiveGenDict = dict { defSeed = effectiveSeed }
   initialState =
     WorkerState { workerId
-                , gasInfo = mempty
                 , genDict = effectiveGenDict
                 , newCoverage = False
                 , ncallseqs = 0
@@ -334,7 +332,6 @@ runFuzzWorker callback vm dict workerId initialCorpus testLimit = do
     effectiveGenDict = dict { defSeed = effectiveSeed }
     initialState =
       WorkerState { workerId
-                  , gasInfo = mempty
                   , genDict = effectiveGenDict
                   , newCoverage = False
                   , ncallseqs = 0
@@ -494,7 +491,7 @@ callseq vm txSeq = do
       -- and construct a set to union to the constants table
       diffs = Map.fromList [(AbiAddressType, Set.fromList $ AbiAddress . forceAddr <$> newAddrs)]
       -- Now we try to parse the return values as solidity constants, and add them to 'GenDict'
-      resultMap = returnValues (map (\(t, (vr, _)) -> (t, vr)) results) workerState.genDict.rTypes
+      resultMap = returnValues results workerState.genDict.rTypes
       -- union the return results with the new addresses
       additions = Map.unionWith Set.union diffs resultMap
       -- append to the constants dictionary
@@ -507,11 +504,6 @@ callseq vm txSeq = do
     -- Update the worker state
     in workerState
       { genDict = updatedDict
-        -- Update the gas estimation
-      , gasInfo =
-          if conf.estimateGas
-             then updateGasInfo results [] workerState.gasInfo
-             else workerState.gasInfo
         -- Reset the new coverage flag
       , newCoverage = False
         -- Keep track of the number of calls to `callseq`
@@ -544,7 +536,7 @@ callseq vm txSeq = do
         _ -> Nothing
 
   -- | Add transactions to the corpus, discarding reverted ones
-  addToCorpus :: Int -> [(Tx, (VMResult Concrete RealWorld, Gas))] -> Corpus -> Corpus
+  addToCorpus :: Int -> [(Tx, VMResult Concrete RealWorld)] -> Corpus -> Corpus
   addToCorpus n res corpus =
     if null rtxs then corpus else Set.insert (n, rtxs) corpus
     where rtxs = fst <$> res
@@ -554,7 +546,7 @@ callseq vm txSeq = do
 execTxOptC
   :: (MonadIO m, MonadReader Env m, MonadState WorkerState m, MonadThrow m)
   => VM Concrete RealWorld -> Tx
-  -> m ((VMResult Concrete RealWorld, Gas), VM Concrete RealWorld)
+  -> m (VMResult Concrete RealWorld, VM Concrete RealWorld)
 execTxOptC vm tx = do
   ((res, grew), vm') <- runStateT (execTxWithCov tx) vm
   when grew $ do
@@ -566,25 +558,6 @@ execTxOptC vm tx = do
       in workerState { newCoverage = True, genDict = dict' }
   pure (res, vm')
 
--- | Given current `gasInfo` and a sequence of executed transactions, updates
--- information on the highest gas usage for each call
-updateGasInfo
-  :: [(Tx, (VMResult Concrete RealWorld, Gas))]
-  -> [Tx]
-  -> Map Text (Gas, [Tx])
-  -> Map Text (Gas, [Tx])
-updateGasInfo [] _ gi = gi
-updateGasInfo ((tx@Tx{call = SolCall (f, _)}, (_, used')):txs) tseq gi =
-  case mused of
-    Nothing -> rec
-    Just (used, _) | used' > used -> rec
-    Just (used, otseq) | (used' == used) && (length otseq > length tseq') -> rec
-    _ -> updateGasInfo txs tseq' gi
-  where mused = Map.lookup f gi
-        tseq' = tx:tseq
-        rec   = updateGasInfo txs tseq' (Map.insert f (used', reverse tseq') gi)
-updateGasInfo ((t, _):ts) tseq gi = updateGasInfo ts (t:tseq) gi
-
 -- | Given an initial 'VM' state and a way to run transactions, evaluate a list
 -- of transactions, constantly checking if we've solved any tests.
 evalSeq

lib/Echidna/Config.hs

@@ -89,7 +89,6 @@ instance FromJSON EConfigWithUsage where
       campaignConfParser = CampaignConf
         <$> v ..:? "testLimit" ..!= defaultTestLimit
         <*> v ..:? "stopOnFail" ..!= False
-        <*> v ..:? "estimateGas" ..!= False
         <*> v ..:? "seqLen" ..!= defaultSequenceLength
         <*> v ..:? "shrinkLimit" ..!= defaultShrinkLimit
         <*> (v ..:? "coverage" <&> \case Just False -> Nothing;  _ -> Just mempty)

lib/Echidna/Exec.hs

@@ -37,7 +37,7 @@ import Echidna.Onchain (safeFetchContractFrom, safeFetchSlotFrom)
 import Echidna.SourceMapping (lookupUsingCodehashOrInsert)
 import Echidna.SymExec.Symbolic (forceBuf)
 import Echidna.Transaction
-import Echidna.Types (ExecException(..), Gas, fromEVM, emptyAccount)
+import Echidna.Types (ExecException(..), fromEVM, emptyAccount)
 import Echidna.Types.Config (Env(..), EConfig(..), UIConf(..), OperationMode(..), OutputFormat(Text))
 import Echidna.Types.Coverage (CoverageInfo)
 import Echidna.Types.Solidity (SolConf(..))
@@ -84,24 +84,22 @@ execTxWith
   :: (MonadIO m, MonadState (VM Concrete RealWorld) m, MonadReader Env m, MonadThrow m)
   => m (VMResult Concrete RealWorld)
   -> Tx
-  -> m (VMResult Concrete RealWorld, Gas)
+  -> m (VMResult Concrete RealWorld)
 execTxWith executeTx tx = do
   vm <- get
   if hasSelfdestructed vm tx.dst then
-    pure (VMFailure (Revert (ConcreteBuf "")), 0)
+    pure $ VMFailure (Revert (ConcreteBuf ""))
   else do
     #traces .= emptyEvents
     vmBeforeTx <- get
     setupTx tx
     case tx.call of
-      NoCall -> pure (VMSuccess (ConcreteBuf ""), 0)
+      NoCall -> pure $ VMSuccess (ConcreteBuf "")
       _ -> do
-        gasLeftBeforeTx <- gets (.state.gas)
         vmResult <- runFully
-        gasLeftAfterTx <- gets (.state.gas)
         handleErrorsAndConstruction vmResult vmBeforeTx
         fromEVM clearTStorages
-        pure (vmResult, gasLeftBeforeTx - gasLeftAfterTx)
+        pure vmResult
   where
   runFully = do
     config <- asks (.cfg)
@@ -240,8 +238,8 @@ execTx
   :: (MonadIO m, MonadReader Env m, MonadThrow m)
   => VM Concrete RealWorld
   -> Tx
-  -> m ((VMResult Concrete RealWorld, Gas), VM Concrete RealWorld)
-execTx vm tx = runStateT (execTxWith (fromEVM $ exec defaultConfig) tx) vm
+  -> m (VMResult Concrete RealWorld, VM Concrete RealWorld)
+execTx vm tx = runStateT (execTxWith (fromEVM (exec defaultConfig)) tx) vm
 
 -- | A type alias for the context we carry while executing instructions
 type CoverageContext = (Bool, Maybe (VMut.IOVector CoverageInfo, Int))
@@ -250,7 +248,7 @@ type CoverageContext = (Bool, Maybe (VMut.IOVector CoverageInfo, Int))
 execTxWithCov
   :: (MonadIO m, MonadState (VM Concrete RealWorld) m, MonadReader Env m, MonadThrow m)
   => Tx
-  -> m ((VMResult Concrete RealWorld, Gas), Bool)
+  -> m (VMResult Concrete RealWorld, Bool)
 execTxWithCov tx = do
   env <- ask
 
@@ -263,7 +261,7 @@ execTxWithCov tx = do
   -- Update the last valid location with the transaction result
   grew' <- liftIO $ case lastLoc of
     Just (vec, pc) -> do
-      let txResultBit = fromEnum $ getResult $ fst r
+      let txResultBit = fromEnum $ getResult r
       VMut.read vec pc >>= \case
         (opIx, depths, txResults) | not (txResults `testBit` txResultBit) -> do
           VMut.write vec pc (opIx, depths, txResults `setBit` txResultBit)

lib/Echidna/Output/JSON.hs

@@ -17,7 +17,6 @@ import EVM.Dapp (DappInfo)
 
 import Echidna.ABI (ppAbiValue, GenDict(..))
 import Echidna.Events (Events, extractEvents)
-import Echidna.Types (Gas)
 import Echidna.Types.Campaign (WorkerState(..))
 import Echidna.Types.Config (Env(..))
 import Echidna.Types.Coverage (CoverageInfo, mergeCoverageMaps)
@@ -31,7 +30,6 @@ data Campaign = Campaign
   , _tests :: [Test]
   , seed :: Int
   , coverage :: Map String [CoverageInfo]
-  , gasInfo :: [(Text, (Gas, [Tx]))]
   }
 
 instance ToJSON Campaign where
@@ -41,7 +39,6 @@ instance ToJSON Campaign where
     , "tests" .= _tests
     , "seed" .= seed
     , "coverage" .= coverage
-    , "gas_info" .= gasInfo
     ]
 
 data Test = Test
@@ -113,7 +110,6 @@ encodeCampaign env workerStates = do
     , _tests = mapTest env.dapp <$> tests
     , seed = seed
     , coverage = Map.mapKeys (("0x" ++) . (`showHex` "")) $ VU.toList <$> frozenCov
-    , gasInfo = Map.toList $ Map.unionsWith max ((.gasInfo) <$> workerStates)
     }
 
 mapTest :: DappInfo -> EchidnaTest -> Test

lib/Echidna/Solidity.hs

@@ -173,7 +173,7 @@ loadSpecified
 loadSpecified env mainContract cs = do
   let solConf = env.cfg.solConf
 
-  -- Set up initial VM, either with chosen contract or Etheno initialization file
+  -- Set up initial VM with chosen contract
   -- need to use snd to add to ABI dict
   initVM <- stToIO $ initialVM solConf.allowFFI
   let vm = initVM & #block % #gaslimit .~ unlimitedGasPerBlock

lib/Echidna/Types/Campaign.hs

@@ -1,7 +1,6 @@
 module Echidna.Types.Campaign where
 
 import Control.Concurrent (ThreadId)
-import Data.Map (Map)
 import Data.Text (Text)
 import Data.Word (Word8, Word16)
 import GHC.Conc (numCapabilities)
@@ -19,8 +18,6 @@ data CampaignConf = CampaignConf
     -- ^ Maximum number of function calls to execute while fuzzing
   , stopOnFail         :: Bool
     -- ^ Whether to stop the campaign immediately if any property fails
-  , estimateGas        :: Bool
-    -- ^ Whether to collect gas usage statistics
   , seqLen             :: Int
     -- ^ Number of calls between state resets (e.g. \"every 10 calls,
     -- reset the state to avoid unrecoverable states/save memory\"
@@ -73,8 +70,6 @@ data CampaignConf = CampaignConf
 data WorkerState = WorkerState
   { workerId    :: !Int
     -- ^ Worker ID starting from 0
-  , gasInfo     :: !(Map Text (Gas, [Tx]))
-    -- ^ Worst case gas (NOTE: we don't always record this)
   , genDict     :: !GenDict
     -- ^ Generation dictionary
   , newCoverage :: !Bool
@@ -93,7 +88,6 @@ data WorkerState = WorkerState
 initialWorkerState :: WorkerState
 initialWorkerState =
   WorkerState { workerId = 0
-              , gasInfo = mempty
               , genDict = emptyDict
               , newCoverage = False
               , ncallseqs = 0

lib/Echidna/UI.hs

@@ -165,7 +165,7 @@ ui vm dict initialCorpus cliSelectedContract = do
       liftIO $ killThread ticker
 
       states <- workerStates workers
-      liftIO . putStrLn =<< ppCampaign vm states
+      liftIO . putStrLn =<< ppCampaign states
 
       pure states
 
@@ -220,7 +220,7 @@ ui vm dict initialCorpus cliSelectedContract = do
         JSON ->
           liftIO $ BS.putStr =<< Echidna.Output.JSON.encodeCampaign env states
         Text -> do
-          liftIO . putStrLn =<< ppCampaign vm states
+          liftIO . putStrLn =<< ppCampaign  states
         None ->
           pure ()
       pure states