corpus

func (*Corpus) ActiveMutableSequenceCount ¶ added in v0.1.1

func (c *Corpus) ActiveMutableSequenceCount() int

ActiveMutableSequenceCount returns the count of call sequences recorded in the corpus which have been validated after Corpus initialization and are ready for use in mutations.

func (*Corpus) AddTestResultCallSequence ¶ added in v0.1.1

func (c *Corpus) AddTestResultCallSequence(callSequence calls.CallSequence, mutationChooserWeight *big.Int, flushImmediately bool) error

AddTestResultCallSequence adds a call sequence recorded to the corpus due to a test case provider flagging it to be recorded. Returns an error, if one occurs.

func (*Corpus) CallSequenceEntryCount ¶ added in v0.1.1

func (c *Corpus) CallSequenceEntryCount() (int, int)

CallSequenceEntryCount returns the total number of call sequences that increased coverage and also any test results that led to a failure.

func (*Corpus) CheckSequenceCoverageAndUpdate ¶ added in v0.1.1

func (c *Corpus) CheckSequenceCoverageAndUpdate(callSequence calls.CallSequence, mutationChooserWeight *big.Int, flushImmediately bool) error

CheckSequenceCoverageAndUpdate checks if the most recent call executed in the provided call sequence achieved coverage the Corpus did not with any of its call sequences. If it did, the call sequence is added to the corpus and the Corpus coverage maps are updated accordingly. Returns an error if one occurs.

func (*Corpus) CoverageMaps ¶

func (c *Corpus) CoverageMaps() *coverage.CoverageMaps

CoverageMaps exposes coverage details for all call sequences known to the corpus.

func (*Corpus) Flush ¶

func (c *Corpus) Flush() error

Flush writes corpus changes to disk. Returns an error if one occurs.

func (*Corpus) IncrementValid ¶ added in v1.4.0

func (c *Corpus) IncrementValid()

IncrementValid increments the valid call sequences counter.

func (*Corpus) Initialize ¶

func (c *Corpus) Initialize(baseTestChain *chain.TestChain, contractDefinitions contracts.Contracts) error

Initialize initializes the in-memory corpus state but does not actually replay any of the sequences stored in the corpus. It seeds coverage information from the post-setup chain while enqueueing all persisted sequences for execution. The fuzzer workers will concurrently execute all the sequences stored in the corpus before actually starting the fuzzing campaign.

func (*Corpus) InitializingCorpus ¶ added in v1.4.0

func (c *Corpus) InitializingCorpus() bool

InitializingCorpus returns true if the corpus is still initializing, false otherwise.

func (*Corpus) MarkCallSequenceForMutation ¶ added in v1.4.0

func (c *Corpus) MarkCallSequenceForMutation(sequence calls.CallSequence, mutationChooserWeight *big.Int) error

MarkCallSequenceForMutation records that a call sequence in the corpus has been successfully executed and can be used for mutations.

func (*Corpus) PruneSequences ¶ added in v1.3.0

func (c *Corpus) PruneSequences(ctx context.Context, chain *chain.TestChain) (int, error)

PruneSequences removes unnecessary entries from the corpus. It does this by:

• Initialize a blank coverage map tmpMap
• Grab all sequences in the corpus
• Randomize the order
• For each transaction, see whether it adds anything new to tmpMap. If it does, add the new coverage and continue. If it doesn't, remove it from the corpus.

By doing this, we hope to find a smaller set of txn sequences that still preserves our current coverage. PruneSequences takes a chain.TestChain parameter used to run transactions. It returns an int indicating the number of sequences removed from the corpus, and an error if any occurred.

func (*Corpus) RandomMutationTargetSequence ¶ added in v0.1.1

func (c *Corpus) RandomMutationTargetSequence() (calls.CallSequence, error)

RandomMutationTargetSequence returns a weighted random call sequence from the Corpus, or an error if one occurs.

func (*Corpus) UnexecutedCallSequence ¶

func (c *Corpus) UnexecutedCallSequence() *calls.CallSequence

UnexecutedCallSequence returns a call sequence loaded from disk which has not yet been returned by this method. It is intended to be used by the fuzzer to run all un-executed call sequences (without mutations) to check for test failures. If a call sequence is returned, it will not be returned by this method again. Returns a call sequence loaded from disk which has not yet been executed, to check for test failures. If all sequences in the corpus have been executed, this will return nil.

func (*Corpus) ValidCallSequences ¶ added in v1.4.0

func (c *Corpus) ValidCallSequences() uint64

ValidCallSequences returns the number of valid call sequences in the corpus. Note that this value is only accurate right after corpus initialization.

func (*CorpusPruner) Start ¶ added in v1.3.0

func (cp *CorpusPruner) Start(ctx context.Context, corpus *Corpus, baseTestChain *chain.TestChain) error

Start takes a context, a corpus to prune, and a base chain in a setup state ready for testing. It clones the base chain, then prunes the corpus every `PruneFrequency` minutes. This runs until ctx cancels the operation. Returns an error if one occurred.