├── .github
└── workflows
│ └── rust.yml
├── .gitignore
├── Cargo.lock
├── Cargo.toml
├── LICENSE
├── Makefile
├── README.md
├── cairo-fuzzer.png
├── cairo-native-fuzzer
├── .gitignore
├── Cargo.toml
├── README.md
├── doc
│ ├── cairo_fuzzer_demo.png
│ └── property_testing.png
├── examples
│ ├── cairo
│ │ ├── echo.cairo
│ │ ├── fuzzinglabs.cairo
│ │ └── proptesting.cairo
│ └── sierra
│ │ ├── hello_starknet__hello_starknet.contract_class.json
│ │ └── zklend_fuzzing.json
├── install.sh
└── src
│ ├── custom_rand
│ ├── mod.rs
│ └── rng.rs
│ ├── fuzzer
│ ├── fuzzer.rs
│ ├── mod.rs
│ ├── statistics.rs
│ └── utils.rs
│ ├── main.rs
│ ├── mutator
│ ├── argument_type.rs
│ ├── basic_mutator.rs
│ ├── magic_values.rs
│ └── mod.rs
│ ├── runner
│ ├── mod.rs
│ ├── runner.rs
│ └── syscall_handler.rs
│ └── utils.rs
├── docs
├── TUTO101.md
├── USAGE.md
├── crash.png
└── fuzzer_running.png
├── scripts
├── Cargo.toml
└── src
│ └── main.rs
├── setup.sh
├── src
├── cli
│ ├── args.rs
│ ├── config.rs
│ └── mod.rs
├── custom_rand
│ ├── mod.rs
│ └── rng.rs
├── fuzzer
│ ├── corpus_crash.rs
│ ├── corpus_input.rs
│ ├── dict.rs
│ ├── fuzzer.rs
│ ├── mod.rs
│ ├── starknet_worker.rs
│ ├── stats.rs
│ └── utils.rs
├── json
│ ├── json_parser.rs
│ └── mod.rs
├── lib.rs
├── main.rs
├── mutator
│ ├── magic_values.rs
│ ├── mod.rs
│ └── mutator_felt252.rs
└── runner
│ ├── mod.rs
│ ├── runner.rs
│ └── starknet_runner.rs
├── test-generator
├── Cargo.toml
├── README.md
└── src
│ └── main.rs
└── tests1.0
├── config.json
├── dict
├── fuzzinglabs.cairo
├── fuzzinglabs.casm
├── fuzzinglabs.json
├── fuzzinglabs_fuzz.cairo
├── fuzzinglabs_fuzz.casm
├── fuzzinglabs_fuzz.json
├── fuzzinglabs_init.cairo
├── fuzzinglabs_init.casm
├── fuzzinglabs_init.json
├── fuzzinglabs_starknet_2023-04-04--12:38:47.json
├── test_symbolic_execution_2022-12-22--10:18:57.json
├── teststorage.cairo
├── teststorage.casm
└── teststorage.json
/.github/workflows/rust.yml:
--------------------------------------------------------------------------------
1 | name: Rust
2 |
3 | on:
4 | push:
5 | branches: [ "starknet-rs-fuzzer" ]
6 | pull_request:
7 | branches: [ "master" ]
8 |
9 | env:
10 | CARGO_TERM_COLOR: always
11 |
12 | jobs:
13 | build:
14 |
15 | runs-on: ubuntu-latest
16 |
17 | steps:
18 | - uses: actions/checkout@v3
19 | - name: Build
20 | run: cargo build --verbose
21 | - name: Run tests
22 | run: cargo test --verbose
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Generated by Cargo
2 | # will have compiled files and executables
3 | */target/
4 |
5 | # Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
6 | # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
7 | Cargo.lock
8 |
9 | # These are backup files generated by rustfmt
10 | **/*.rs.bk
11 | .vscode/
12 | *_workspace/
13 |
14 | # Added by cargo
15 |
16 | /target
17 |
--------------------------------------------------------------------------------
/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = 'cairo-fuzzer'
3 | version = '0.1.1'
4 | edition = '2021'
5 |
6 | [dependencies]
7 | chrono = '0.4.19'
8 | rand = '0.8.5'
9 | serde_json = '1.0'
10 | serde = '*'
11 | log = '0.4.20'
12 | thiserror = '1.0.32'
13 | sha3 = '0.10.8'
14 | num-traits = '0.2.15'
15 | cairo-lang-starknet = { version = "2.1.0-rc2", default-features = false }
16 | cairo-lang-casm = { version = "2.1.0-rc2", default-features = false }
17 |
18 | [dependencies.cairo-rs]
19 | git = 'https://github.com/FuzzingLabs/cairo-rs'
20 | rev = '48af153240392992f18a09e969bae6518eec9639'
21 | package = 'cairo-vm'
22 |
23 | [dependencies.felt]
24 | git = 'https://github.com/FuzzingLabs/cairo-rs'
25 | rev = '48af153240392992f18a09e969bae6518eec9639'
26 | package = 'cairo-felt'
27 |
28 | [dependencies.starknet-rs]
29 | git = 'https://github.com/FuzzingLabs/starknet_in_rust/'
30 | rev = '6ee8eef52af4c0fea78d951ee29e52940363be69'
31 | package = 'starknet_in_rust'
32 |
33 | [dependencies.num-bigint]
34 | version = '0.4'
35 | features = ['serde']
36 |
37 | [dependencies.clap]
38 | version = ' 4.1.16'
39 | features = ['derive']
40 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | fuzzinglabs:
2 | cargo run --release -- --cores 10 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --function "Fuzz_symbolic_execution"
3 |
4 | teststorage:
5 | cargo run --release -- --cores 1 --contract ./tests1.0/teststorage.json --casm ./tests1.0/teststorage.casm --function "storage_test"
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Cairo-Fuzzer -- Cairo Smart Contract Fuzzer
2 |
3 | > [!IMPORTANT]
4 | > This repository is no longer maintained. If you have any questions or need further assistance, please contact [FuzzingLabs](https://fuzzinglabs.com/).
5 |
6 | Release version 1.2
7 | Developped and maintained by [@FuzzingLabs](https://github.com/FuzzingLabs)
8 |
9 | ## Description:
10 |
11 | Cairo-fuzzer is a tool designed for smart contract developers to test the security. It can be used as an independent tool or as a library.
12 |
13 | ## Features:
14 |
15 |
16 | 
17 |
18 |
19 | - Run Starknet contract
20 | - Replayer of fuzzing corpus
21 | - Minimizer of fuzzing corpus
22 | - Load old corpus
23 | - Handle multiple arguments
24 | - Workspace architecture
25 | - Import dictionnary
26 | - Use Cairo-fuzzer as a library
27 |
28 |
29 | ## Usage:
30 | ```
31 | cargo run --release -- --cores 10 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --function "Fuzz_symbolic_execution"
32 |
33 | ```
34 |
35 | For more usage information, follow our [tutorial](docs/TUTO101.md)
36 |
37 | ## CMDLINE (--help):
38 |
39 | ```
40 | Usage: cairo-fuzzer [OPTIONS]
41 |
42 | Options:
43 | --cores Set the number of threads to run [default: 1]
44 | --contract Set the path of the JSON artifact to load [default: ]
45 | --casm Set the path of the JSON CASM artifact to load [default: ]
46 | --function Set the function to fuzz [default: ]
47 | --workspace Workspace of the fuzzer [default: fuzzer_workspace]
48 | --inputfolder Path to the inputs folder to load [default: ]
49 | --crashfolder Path to the crashes folder to load [default: ]
50 | --inputfile Path to the inputs file to load [default: ]
51 | --crashfile Path to the crashes file to load [default: ]
52 | --dict Path to the dictionnary file to load [default: ]
53 | --logs Enable fuzzer logs in file
54 | --seed Set a custom seed (only applicable for 1 core run)
55 | --run-time Number of seconds this fuzzing session will last
56 | --config Load config file
57 | --replay Replay the corpus folder
58 | --minimizer Minimize Corpora
59 | --proptesting Property Testing
60 | --analyze Dump functions prototypes
61 | --iter Iteration Number [default: -1]
62 | -h, --help Print help
63 | ```
64 |
65 | # F.A.Q
66 |
67 | ## How to find a Cairo/Starknet compilation artifact (json file)?
68 |
69 | Cairo-Fuzzer supports starknet compilation artifact (json and casm files) generated after compilation using `starknet-compile` and `starknet-sierra-compile`.
70 | Cairo-Fuzzer does not support Cairo2.0 and pure cairo contract.
71 |
72 | ## How to run the tests?
73 |
74 | ```
75 | cargo test
76 | ```
77 |
78 | # License
79 |
80 | Cairo-Fuzzer is licensed and distributed under the AGPLv3 license. [Contact us](mailto:contact@fuzzinglabs.com) if you're looking for an exception to the terms.
81 |
--------------------------------------------------------------------------------
/cairo-fuzzer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzingLabs/cairo-fuzzer/9b063a9e99bb0aff44f8444557682f7ff6fd4708/cairo-fuzzer.png
--------------------------------------------------------------------------------
/cairo-native-fuzzer/.gitignore:
--------------------------------------------------------------------------------
1 | /target
2 | /cairo2
3 | /corelib
4 | cairo*.tar
--------------------------------------------------------------------------------
/cairo-native-fuzzer/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "cairo-native-fuzzer"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | [dependencies]
7 | cairo-lang-compiler = "=2.9.3"
8 | cairo-lang-sierra = "=2.9.3"
9 | cairo-lang-starknet = "=2.9.3"
10 | cairo-lang-starknet-classes = "=2.9.3"
11 | cairo-native = { version = "=0.2.5-rc1", features = ["with-runtime"] }
12 | cairo-native-runtime = { version = "=0.2.5-rc1", optional = true }
13 | clap = "4.5.20"
14 | colog = "1.3.0"
15 | colored = "2.1.0"
16 | env_logger = "0.11.5"
17 | log = "0.4.22"
18 | rand = "0.8.5"
19 | regex = "1.11.1"
20 | serde_json = "1.0.138"
21 | starknet-types-core = "0.1.7"
22 |
23 | [dependencies.felt]
24 | git = 'https://github.com/FuzzingLabs/cairo-rs'
25 | rev = '48af153240392992f18a09e969bae6518eec9639'
26 | package = 'cairo-felt'
27 |
28 | [features]
29 | default = ["with-runtime"]
30 | with-runtime = ["dep:cairo-native-runtime"]
31 |
32 | [profile.dev]
33 | opt-level = 0
34 | debug = true
35 | debug-assertions = true
36 | overflow-checks = true
37 | lto = false
38 | panic = 'unwind'
39 | incremental = true
40 | codegen-units = 256
41 | rpath = false
42 |
43 | [profile.release]
44 | opt-level = 3
45 | debug = false
46 | debug-assertions = false
47 | overflow-checks = false
48 | lto = true
49 | panic = 'unwind'
50 | incremental = false
51 | codegen-units = 1
52 | rpath = false
53 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/README.md:
--------------------------------------------------------------------------------
1 | ## Cairo Native Fuzzer
2 |
3 | Cairo Native Fuzzer is a rewrite of the Cairo Fuzzer based on [Cairo native from Lambdaclass](https://github.com/lambdaclass/cairo_native) developed to enhance fuzzer execution speed.
4 |
5 |
6 | 
7 |
8 |
9 | ### Installation
10 |
11 | - Install LLVM 19.
12 | - Run `insall.sh`.
13 |
14 | #### Print the functions prototypes
15 |
16 | ```sh
17 | ## With a cairo program
18 | cargo run -- --program-path examples/fuzzinglabs.cairo --analyze
19 |
20 | # With a Sierra program
21 | cargo run -- --sierra-program ./examples/sierra/zklend_fuzzing.json --analyze
22 | ```
23 |
24 | #### Run the fuzzer
25 |
26 | ```sh
27 | cargo run -- --program-path ./examples/cairo/echo.cairo --entry-point echo::echo::Echo::__wrapper__echo_felt
28 |
29 | ## Use a seed
30 | cargo run -- --program-path ./examples/cairo/echo.cairo --entry-point echo::echo::Echo::__wrapper__echo_felt --seed 42
31 |
32 | ## With a sierra input file
33 | cargo run -- --sierra-program ./examples/sierra/zklend_fuzzing.json --entry-point zklend::fuzzing::Fuzzing::__wrapper__fuzz_scaled_down_amount --seed 1739662178
34 | ```
35 |
36 | #### Property testing
37 |
38 | You can define functions that will be fuzzed automatically by prefixing their name with `fuzz_` :
39 |
40 | ```rs
41 | #[starknet::contract]
42 | mod Echo {
43 | #[storage]
44 | struct Storage {
45 | balance: felt252,
46 | }
47 |
48 | #[constructor]
49 | fn constructor(ref self: ContractState, initial_balance: felt252) {
50 | self.balance.write(initial_balance);
51 | }
52 |
53 | #[external(v0)]
54 | fn fuzz_test(ref self: ContractState, value: felt252) -> felt252 {
55 | assert(value != 2, 'fail');
56 | value
57 | }
58 |
59 | #[external(v0)]
60 | fn fuzz_test2(ref self: ContractState, value: u32) -> u32 {
61 | assert(value != 3, 'fail');
62 | value
63 | }
64 | }
65 | ```
66 |
67 | Then run the `cairo-fuzzer` with the `--proptesting` flag :
68 |
69 | ```sh
70 | cargo run -- --program-path examples/cairo/proptesting.cairo --proptesting
71 | ```
72 |
73 |
74 | 
75 |
76 |
77 |
78 | ### Roadmap
79 |
80 | - [x] Implement the Cairo Native runner
81 | - [x] Implement the fuzzer based on Cairo Native runner
82 | - [x] Import existing mutator from the cairo-fuzzer
83 | - [x] Property testing
84 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/doc/cairo_fuzzer_demo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzingLabs/cairo-fuzzer/9b063a9e99bb0aff44f8444557682f7ff6fd4708/cairo-native-fuzzer/doc/cairo_fuzzer_demo.png
--------------------------------------------------------------------------------
/cairo-native-fuzzer/doc/property_testing.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzingLabs/cairo-fuzzer/9b063a9e99bb0aff44f8444557682f7ff6fd4708/cairo-native-fuzzer/doc/property_testing.png
--------------------------------------------------------------------------------
/cairo-native-fuzzer/examples/cairo/echo.cairo:
--------------------------------------------------------------------------------
1 |
2 | #[starknet::contract]
3 | mod Echo {
4 | use integer::u8_try_as_non_zero;
5 |
6 | #[storage]
7 | struct Storage {}
8 |
9 | #[external(v0)]
10 | fn echo_felt(ref self: ContractState, value: felt252) -> felt252 {
11 | assert(value != 2, 'fail');
12 | value
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/examples/cairo/fuzzinglabs.cairo:
--------------------------------------------------------------------------------
1 | #[starknet::contract]
2 | mod test_contract {
3 | #[storage]
4 | struct Storage {
5 | bal:u8
6 | }
7 |
8 | #[external(v0)]
9 | fn Fuzz_symbolic_execution(
10 | ref self: ContractState,
11 | f: felt252,
12 | u: felt252,
13 | z: u32,
14 | z2: u32,
15 | i: u64,
16 | n: u128,
17 | g: u128,
18 | l: u128,
19 | a: felt252,
20 | b: felt252,
21 | s: u8,
22 | ) {
23 | if (f == 'f') {
24 | if (u == 'u') {
25 | if (z == 'z') {
26 | if (z2 == 'z') {
27 | if (i == 'i') {
28 | if (n == 'n') {
29 | if (g == 'g') {
30 | if (l == 'l') {
31 | if (a == 'a') {
32 | if (b == 'b') {
33 | if (s == 's') {
34 | assert(1==0 , '!(f & t)');
35 | }
36 | }
37 | }
38 | }
39 | }
40 | }
41 | }
42 | }
43 | }
44 | }
45 | }
46 | return ();
47 | }
48 | }
--------------------------------------------------------------------------------
/cairo-native-fuzzer/examples/cairo/proptesting.cairo:
--------------------------------------------------------------------------------
1 | #[starknet::contract]
2 | mod Echo {
3 | #[storage]
4 | struct Storage {
5 | balance: felt252,
6 | }
7 |
8 | #[constructor]
9 | fn constructor(ref self: ContractState, initial_balance: felt252) {
10 | //panic_with_felt252('panic');
11 | self.balance.write(initial_balance);
12 | }
13 |
14 | #[external(v0)]
15 | fn fuzz_test(ref self: ContractState, value: felt252) -> felt252 {
16 | assert(value != 2, 'fail');
17 | value
18 | }
19 |
20 | #[external(v0)]
21 | fn fuzz_test2(ref self: ContractState, value: felt252) -> felt252 {
22 | assert(value != 3, 'fail');
23 | value
24 | }
25 |
26 | #[external(v0)]
27 | fn fuzz_i128(ref self: ContractState, value: i128) -> i128 {
28 | assert(value != 2, 'fail');
29 | value
30 | }
31 |
32 | #[external(v0)]
33 | fn fuzz_i64(ref self: ContractState, value: i64) -> i64 {
34 | assert(value != 2, 'fail');
35 | value
36 | }
37 |
38 | #[external(v0)]
39 | fn fuzz_i32(ref self: ContractState, value: i32) -> i32 {
40 | assert(value != 2, 'fail');
41 | value
42 | }
43 |
44 | #[external(v0)]
45 | fn fuzz_i16(ref self: ContractState, value: i16) -> i16 {
46 | assert(value != 2, 'fail');
47 | value
48 | }
49 |
50 | #[external(v0)]
51 | fn fuzz_i8(ref self: ContractState, value: i8) -> i8 {
52 | assert(value != 2, 'fail');
53 | value
54 | }
55 |
56 | #[external(v0)]
57 | fn fuzz_u256(ref self: ContractState, value: u256) -> u256 {
58 | assert(value != 2, 'fail');
59 | value
60 | }
61 |
62 | #[external(v0)]
63 | fn fuzz_u128(ref self: ContractState, value: u128) -> u128 {
64 | assert(value != 2, 'fail');
65 | value
66 | }
67 |
68 | #[external(v0)]
69 | fn fuzz_u64(ref self: ContractState, value: u64) -> u64 {
70 | assert(value != 2, 'fail');
71 | value
72 | }
73 |
74 | #[external(v0)]
75 | fn fuzz_u32(ref self: ContractState, value: u32) -> u32 {
76 | assert(value != 2, 'fail');
77 | value
78 | }
79 |
80 | #[external(v0)]
81 | fn fuzz_u16(ref self: ContractState, value: u16) -> u16 {
82 | assert(value != 2, 'fail');
83 | value
84 | }
85 |
86 | #[external(v0)]
87 | fn fuzz_u8(ref self: ContractState, value: u8) -> u8 {
88 | assert(value != 2, 'fail');
89 | value
90 | }
91 | }
--------------------------------------------------------------------------------
/cairo-native-fuzzer/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | ###
4 | ### This script automates the setup of the Cairo 2 compiler and Scarb on Linux and macOS systems.
5 | ### It downloads the appropriate Cairo release, decompresses it, installs Scarb, and sets up
6 | ### the necessary environment variables for macOS. Additionally, it creates a symbolic link
7 | ### to the Cairo core library.
8 | ###
9 |
10 | set -e
11 |
12 | UNAME=$(uname)
13 | CAIRO_2_VERSION=2.9.1
14 | SCARB_VERSION=2.9.1
15 |
16 | # Decompress the Cairo tarball
17 | function decompress_cairo {
18 | local source=$1
19 | local target=$2
20 | rm -rf "$target"
21 | tar -xzvf "$source"
22 | mv cairo/ "$target"
23 | }
24 |
25 | # Download the Cairo tarball
26 | function download_cairo {
27 | local version=$1
28 | local os=$2
29 | local url=""
30 |
31 | if [ "$os" == "macos" ]; then
32 | url="https://github.com/starkware-libs/cairo/releases/download/v${version}/release-aarch64-apple-darwin.tar"
33 | else
34 | url="https://github.com/starkware-libs/cairo/releases/download/v${version}/release-x86_64-unknown-linux-musl.tar.gz"
35 | fi
36 |
37 | curl -L -o "cairo-${version}-${os}.tar" "$url"
38 | }
39 |
40 | # Install Scarb
41 | function install_scarb {
42 | curl --proto '=https' --tlsv1.2 -sSf https://docs.swmansion.com/scarb/install.sh | sh -s -- --no-modify-path --version "$SCARB_VERSION"
43 | }
44 |
45 | # Build the Cairo 2 compiler
46 | function build_cairo_2_compiler {
47 | local os=$1
48 | local cairo_dir="cairo2"
49 |
50 | if [ "$os" == "macos" ]; then
51 | cairo_dir="cairo2-macos"
52 | fi
53 |
54 | download_cairo "$CAIRO_2_VERSION" "$os"
55 | decompress_cairo "cairo-${CAIRO_2_VERSION}-${os}.tar" "$cairo_dir"
56 | }
57 |
58 | # Install dependencies for macOS
59 | function deps_macos {
60 | build_cairo_2_compiler "macos"
61 | install_scarb
62 | brew install llvm@19 --quiet
63 | echo "You can execute the env-macos.sh script to setup the needed env variables."
64 | }
65 |
66 | # Install dependencies for Linux
67 | function deps_linux {
68 | build_cairo_2_compiler "linux"
69 | install_scarb
70 | }
71 |
72 | # Determine the OS and call the appropriate function
73 | function main {
74 | if [ "$UNAME" == "Linux" ]; then
75 | deps_linux
76 | elif [ "$UNAME" == "Darwin" ]; then
77 | deps_macos
78 | else
79 | echo "Unsupported operating system: $UNAME"
80 | exit 1
81 | fi
82 |
83 | rm -rf corelib
84 | ln -s cairo2/corelib corelib
85 | }
86 |
87 | main
88 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/custom_rand/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod rng;
2 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/custom_rand/rng.rs:
--------------------------------------------------------------------------------
1 | use std::cell::Cell;
2 | use std::ops::RangeInclusive;
3 |
4 | /// Random number generator implementation using xorshift64
5 | /// We use an xorshift rng during mutations for better performances
6 | #[derive(Clone)]
7 | pub struct Rng {
8 | /// Internal xorshift seed
9 | seed: Cell,
10 | }
11 |
12 | impl Rng {
13 | /// Creates a RNG with a fixed `seed` value
14 | pub fn seeded(seed: u64) -> Self {
15 | Rng {
16 | seed: Cell::new(seed),
17 | }
18 | }
19 |
20 | /// Get a random 64-bit number using xorshift
21 | pub fn rand(&self) -> u64 {
22 | let mut seed = self.seed.get();
23 | seed ^= seed << 13;
24 | seed ^= seed >> 17;
25 | seed ^= seed << 43;
26 | self.seed.set(seed);
27 | seed
28 | }
29 |
30 | /// Get a random usize number using xorshift
31 | pub fn rand_usize(&self) -> usize {
32 | self.rand() as usize
33 | }
34 |
35 | /// Generate a random number in the range [start, end]
36 | pub fn gen_range(&self, range: RangeInclusive) -> usize {
37 | let start = *range.start();
38 | let end = *range.end();
39 | assert!(end >= start, "end must be greater than or equal to start");
40 | start + self.rand_usize() % (end - start + 1)
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/fuzzer/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod fuzzer;
2 | pub mod statistics;
3 | pub mod utils;
4 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/fuzzer/statistics.rs:
--------------------------------------------------------------------------------
1 | use std::time::Instant;
2 |
3 | /// Cairo Fuzzer statistics
4 | pub struct FuzzerStats {
5 | // Total fuzzer executions
6 | pub total_executions: usize,
7 | // Start time of the fuzzer
8 | pub start_time: Instant,
9 | // Total number of crashes
10 | pub crashes: usize,
11 | }
12 |
13 | impl Default for FuzzerStats {
14 | fn default() -> Self {
15 | Self {
16 | // Init the fuzzer statistics
17 | total_executions: 0,
18 | crashes: 0,
19 | start_time: Instant::now(),
20 | }
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/fuzzer/utils.rs:
--------------------------------------------------------------------------------
1 | use regex::Regex;
2 | use std::sync::Arc;
3 |
4 | use cairo_lang_sierra::ids::FunctionId;
5 | use cairo_lang_sierra::program::Program;
6 | use colored::*;
7 |
8 | use crate::mutator::argument_type::{map_argument_type, ArgumentType};
9 | use crate::utils::get_cairo_native_version;
10 | use crate::utils::get_function_by_id;
11 |
12 | // Initialization message printed at fuzzer launch
13 | const INIT_MESSAGE_FORMAT: &str = "
14 | =============================================================================================================================================================
15 | ╔═╗ ┌─┐ ┬ ┬─┐ ┌───┐ ╔═╗ ┬ ┬ ┌─┐ ┌─┐ ┌─┐ ┬─┐ | Seed -- {}
16 | ║ ├─┤ │ ├┬┘ │2.0│───╠╣ │ │ ┌─┘ ┌─┘ ├┤ ├┬┘ | cairo-native version -- {}
17 | ╚═╝ ┴ ┴ ┴ ┴└─ └───┘ ╚ └─┘ └─┘ └─┘ └─┘ ┴└─ |
18 | =============================================================================================================================================================
19 | ";
20 |
21 | /// Print the initialization message
22 | pub fn print_init_message(seed: u64) {
23 | let version = get_cairo_native_version();
24 |
25 | // Replace the first occurrence of {} with the seed value
26 | let re = Regex::new(r"\{\}").unwrap();
27 | let message = re.replace(INIT_MESSAGE_FORMAT, |_: ®ex::Captures| seed.to_string());
28 |
29 | // Replace the next occurrence of {} with the version string
30 | let message = re.replace(&message, |_: ®ex::Captures| version.to_string());
31 |
32 | println!("{}", message);
33 | }
34 |
35 | /// Returns a vector of the function parameter types
36 | ///
37 | /// For example, given a function with the prototype:
38 | /// ```
39 | /// myfunction(a: felt252, b: felt252) -> felt252
40 | /// ```
41 | /// This function will return:
42 | /// ```
43 | /// [Felt, Felt]
44 | /// ```
45 | pub fn get_function_argument_types(
46 | sierra_program: &Option>,
47 | entry_point_id: &Option,
48 | ) -> Vec {
49 | // Get the function from the Sierra program using the entry point id
50 | let func = match (sierra_program, entry_point_id) {
51 | (Some(program), Some(entry_point_id)) => get_function_by_id(program, entry_point_id),
52 | _ => None,
53 | };
54 |
55 | // Iterate through entry point arguments and map their types to a type supported by the fuzzer
56 | if let Some(func) = func {
57 | let argument_types: Vec = func
58 | .signature
59 | .param_types
60 | .iter()
61 | .filter_map(|param_type| {
62 | if let Some(debug_name) = ¶m_type.debug_name {
63 | // Map param_type to an `ArgumentType`
64 | // For now we only handle felt252
65 | return map_argument_type(debug_name);
66 | }
67 | None
68 | })
69 | .collect();
70 | argument_types
71 | } else {
72 | Vec::new()
73 | }
74 | }
75 |
76 | /// Print the contract functions prototypes
77 | pub fn print_contract_functions(sierra_program: &Option>) {
78 | println!("Contract functions :\n");
79 |
80 | if let Some(program) = sierra_program {
81 | for function in &program.funcs {
82 | // Use function.id.debug_name if available, otherwise use function.id.id
83 | let function_name = function
84 | .id
85 | .debug_name
86 | .clone()
87 | .unwrap_or_else(|| function.id.id.to_string().into());
88 |
89 | let signature = &function.signature;
90 |
91 | // Collect parameter types
92 | let param_types: Vec = signature
93 | .param_types
94 | .iter()
95 | .map(|param| {
96 | param
97 | .debug_name
98 | .as_ref()
99 | .expect("Parameter name not found")
100 | .to_string()
101 | })
102 | .collect();
103 |
104 | // Collect return types
105 | let ret_types: Vec = signature
106 | .ret_types
107 | .iter()
108 | .map(|ret_type| {
109 | ret_type
110 | .debug_name
111 | .as_ref()
112 | .expect("Return type name not found")
113 | .to_string()
114 | })
115 | .collect();
116 |
117 | // Format the prototype
118 | let prototype = format!(
119 | "{} ({}) -> ({})",
120 | function_name.bold().white(),
121 | param_types.join(", ").green(),
122 | ret_types.join(", ").cyan()
123 | );
124 |
125 | // Print the contract functions
126 | println!("- {}", prototype);
127 | }
128 | }
129 | }
130 |
131 | /// Find the entry point id
132 | pub fn find_entry_point_id(sierra_program: &Option>, entry_point: &str) -> FunctionId {
133 | let sierra_program = sierra_program
134 | .as_ref()
135 | .expect("Sierra program not available");
136 | cairo_native::utils::find_function_id(sierra_program, entry_point)
137 | .expect(&format!("Entry point '{}' not found", entry_point))
138 | .clone()
139 | }
140 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/main.rs:
--------------------------------------------------------------------------------
1 | mod custom_rand;
2 | mod fuzzer;
3 | mod mutator;
4 | mod runner;
5 | mod utils;
6 |
7 | use clap::Parser;
8 | use std::path::PathBuf;
9 | use std::time::{SystemTime, UNIX_EPOCH};
10 |
11 | use crate::fuzzer::fuzzer::Fuzzer;
12 |
13 | /// Command-line arguments for the fuzzer
14 | #[derive(Parser, Debug)]
15 | #[command(version, about, long_about = None)]
16 | struct Args {
17 | /// Path to the Cairo program
18 | #[arg(short, long)]
19 | program_path: Option,
20 |
21 | /// Path to the Sierra program
22 | #[arg(long)]
23 | sierra_program: Option,
24 |
25 | /// Entry point of the Sierra program
26 | #[arg(short, long)]
27 | entry_point: Option,
28 |
29 | /// Analyze the program and print function prototypes
30 | #[arg(short, long)]
31 | analyze: bool,
32 |
33 | /// Number of iterations to use for fuzzing
34 | #[arg(short, long)]
35 | iter: Option,
36 |
37 | /// Enable property-based testing
38 | #[arg(long)]
39 | proptesting: bool,
40 |
41 | /// Seed for the random number generator
42 | #[arg(short, long)]
43 | seed: Option,
44 | }
45 |
46 | fn main() {
47 | let args = Args::parse();
48 |
49 | // Initialize the logger
50 | colog::init();
51 |
52 | // Determine the seed value
53 | let seed = args.seed.unwrap_or_else(|| {
54 | // Use the current time as default seed if the --seed parameter is not specified
55 | let start = SystemTime::now();
56 | start
57 | .duration_since(UNIX_EPOCH)
58 | .expect("Failed to get the current time")
59 | .as_secs()
60 | });
61 |
62 | // Set the default value for iter based on proptesting flag
63 | let iter = if args.proptesting {
64 | args.iter.unwrap_or(10000)
65 | } else {
66 | args.iter.unwrap_or(-1)
67 | };
68 |
69 | // Check if --entry-point parameter is required
70 | if !(args.proptesting || args.analyze) && args.entry_point.is_none() {
71 | eprintln!("Error: --entry-point is required if --proptesting is not set");
72 | return;
73 | }
74 |
75 | // Check if --analyze requires either --program-path or --sierra-program
76 | if args.analyze && args.program_path.is_none() && args.sierra_program.is_none() {
77 | eprintln!("Error: --analyze requires either --program-path or --sierra-program");
78 | return;
79 | }
80 |
81 | // Initialize the fuzzer based on the provided program path
82 | let mut fuzzer = if let Some(sierra_program) = args.sierra_program {
83 | Fuzzer::new_sierra(sierra_program, args.entry_point)
84 | } else if let Some(program_path) = args.program_path {
85 | Fuzzer::new(program_path, args.entry_point)
86 | } else {
87 | eprintln!("Error: Either --program-path or --sierra-program must be specified");
88 | return;
89 | };
90 |
91 | match fuzzer.init(seed) {
92 | Ok(()) => {
93 | // Print the contract functions
94 | if args.analyze {
95 | fuzzer.print_functions_prototypes();
96 | }
97 | // Run the fuzzer
98 | else {
99 | if args.proptesting {
100 | match fuzzer.fuzz_proptesting(iter) {
101 | Ok(()) => println!("Property-based testing completed successfully."),
102 | Err(e) => eprintln!("Error during property-based testing: {}", e),
103 | }
104 | } else {
105 | match fuzzer.fuzz(iter) {
106 | Ok(()) => println!("Fuzzing completed successfully."),
107 | Err(e) => eprintln!("Error during fuzzing: {}", e),
108 | }
109 | }
110 | }
111 | }
112 | Err(e) => eprintln!("Error during initialization: {}", e),
113 | }
114 | }
115 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/mutator/argument_type.rs:
--------------------------------------------------------------------------------
1 | /// Enum representing the types of arguments that can be passed to a function
2 | #[derive(Debug, Clone)]
3 | pub enum ArgumentType {
4 | Felt,
5 | FeltArray, // TODO: Add support for other types
6 | }
7 |
8 | /// Helper function to map argument types based on their debug names
9 | /// This function takes a debug name string and returns the corresponding `ArgumentType`
10 | pub fn map_argument_type(debug_name: &str) -> Option {
11 | match debug_name {
12 | "felt252" => Some(ArgumentType::Felt),
13 | // We treat felt252 arrays as a single felt for now
14 | "core::array::Span::" => Some(ArgumentType::FeltArray),
15 | // TODO: Add support for other types
16 | _ => None,
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/mutator/basic_mutator.rs:
--------------------------------------------------------------------------------
1 | use starknet_types_core::felt::Felt;
2 |
3 | use crate::custom_rand::rng::Rng;
4 | use crate::mutator::magic_values::MAGIC_VALUES;
5 |
6 | /// This mutator only handles felt252
7 | /// TODO: Handle more types
8 | #[derive(Clone)]
9 | pub struct Mutator {
10 | rng: Rng,
11 | max_input_size: usize,
12 | }
13 |
14 | impl Mutator {
15 | /// Creates a new `Mutator` with the given seed
16 | pub fn new(seed: u64) -> Self {
17 | Self {
18 | rng: Rng::seeded(seed),
19 | max_input_size: 252,
20 | }
21 | }
22 |
23 | pub fn mutate(&mut self, felt: Felt) -> Felt {
24 | // Perform a random mutation
25 | let mutation_type = self.rng.gen_range(0..=15); // Increase range to accommodate more strategies
26 | match mutation_type {
27 | 0 => self.add_small_random_value(felt),
28 | 1 => self.subtract_small_random_value(felt),
29 | 2 => self.flip_random_bit(felt),
30 | 3 => self.inc_byte(felt),
31 | 4 => self.dec_byte(felt),
32 | // 5 => self.neg_byte(felt),
33 | 6 => self.add_sub(felt),
34 | 7 => self.swap(felt),
35 | 8 => self.copy(felt),
36 | 9 => self.inter_splice(felt),
37 | 10 => self.magic_overwrite(felt),
38 | 11 => self.magic_insert(felt),
39 | 12 => self.random_overwrite(felt),
40 | 13 => self.random_insert(felt),
41 | 14 => self.byte_repeat_overwrite(felt),
42 | 15 => self.byte_repeat_insert(felt),
43 | // Fallback to the original value if something goes wrong
44 | _ => felt,
45 | }
46 | }
47 |
48 | fn add_small_random_value(&mut self, felt: Felt) -> Felt {
49 | // Random value between 1 and 9
50 | let small_value = self.rng.gen_range(1..=9);
51 | felt + Felt::from(small_value)
52 | }
53 |
54 | fn subtract_small_random_value(&mut self, felt: Felt) -> Felt {
55 | // Random value between 1 and 9
56 | let small_value = self.rng.gen_range(1..=9);
57 |
58 | // Check for underflow before performing the subtraction
59 | if felt < Felt::from(small_value) {
60 | Felt::from(0)
61 | } else {
62 | felt - Felt::from(small_value)
63 | }
64 | }
65 |
66 | fn flip_random_bit(&mut self, felt: Felt) -> Felt {
67 | // Determine the actual bit length of the Felt value
68 | let felt_bytes = felt.to_bytes_be();
69 | let mut bit_length = 0;
70 |
71 | for byte in felt_bytes.iter().rev() {
72 | if *byte != 0 {
73 | bit_length =
74 | (felt_bytes.len() - felt_bytes.iter().rev().position(|&b| b != 0).unwrap()) * 8;
75 | for i in (0..8).rev() {
76 | if byte & (1 << i) != 0 {
77 | bit_length += i + 1;
78 | break;
79 | }
80 | }
81 | break;
82 | }
83 | }
84 |
85 | if bit_length == 0 {
86 | // If the Felt value is zero, return the original value
87 | return felt;
88 | }
89 |
90 | // Random bit index within the actual bit length
91 | let bit_index = self.rng.gen_range(0..=bit_length - 1);
92 | let byte_index = bit_index / 8;
93 | let bit_position = bit_index % 8;
94 |
95 | // Ensure the byte index is within the valid range
96 | if byte_index >= felt_bytes.len() {
97 | return felt;
98 | }
99 |
100 | // Flip the bit at the calculated position
101 | let mut felt_bytes = felt.to_bytes_be();
102 | felt_bytes[byte_index] ^= 1 << bit_position;
103 |
104 | Felt::from_bytes_be(&felt_bytes)
105 | }
106 |
107 | fn inc_byte(&mut self, felt: Felt) -> Felt {
108 | felt + Felt::from(1)
109 | }
110 |
111 | fn dec_byte(&mut self, felt: Felt) -> Felt {
112 | // Check for underflow before performing the subtraction
113 | if felt <= Felt::from(0) {
114 | Felt::from(0)
115 | } else {
116 | felt - Felt::from(1)
117 | }
118 | }
119 |
120 | fn add_sub(&mut self, felt: Felt) -> Felt {
121 | // Add or subtract a random amount with a random endianness from a random size `u8` through `u64`
122 | let delta = self.rng.gen_range(0..=200) as i64 - 100; // Example range
123 | let new_felt = felt + Felt::from(delta);
124 |
125 | // Clamp the value to a reasonable range
126 | if new_felt > Felt::from(u64::MAX) {
127 | Felt::from(u64::MAX)
128 | } else if new_felt < Felt::from(0) {
129 | Felt::from(0)
130 | } else {
131 | new_felt
132 | }
133 | }
134 |
135 | fn swap(&mut self, felt: Felt) -> Felt {
136 | // Swap two ranges in an input buffer
137 | let mut felt_bytes = felt.to_bytes_be();
138 | let len = felt_bytes.len();
139 | let src = self.rng.gen_range(0..=len - 1);
140 | let dst = self.rng.gen_range(0..=len - 1);
141 | let swap_len = self.rng.gen_range(1..=len.min(len - src.max(dst)));
142 |
143 | for i in 0..swap_len {
144 | felt_bytes.swap(src + i, dst + i);
145 | }
146 |
147 | Felt::from_bytes_be(&felt_bytes)
148 | }
149 |
150 | fn copy(&mut self, felt: Felt) -> Felt {
151 | // Copy bytes from one location in the input and overwrite them at another
152 | let mut felt_bytes = felt.to_bytes_be();
153 | let len = felt_bytes.len();
154 | let src = self.rng.gen_range(0..=len - 1);
155 | let dst = self.rng.gen_range(0..=len - 1);
156 | let copy_len = self.rng.gen_range(1..=len.min(len - src.max(dst)));
157 |
158 | for i in 0..copy_len {
159 | felt_bytes[dst + i] = felt_bytes[src + i];
160 | }
161 |
162 | Felt::from_bytes_be(&felt_bytes)
163 | }
164 |
165 | fn inter_splice(&mut self, felt: Felt) -> Felt {
166 | // Take one location of the input and splice it into another
167 | let felt_bytes = felt.to_bytes_be();
168 | let len = felt_bytes.len();
169 | let src = self.rng.gen_range(0..=len - 1);
170 | let dst = self.rng.gen_range(0..=len - 1);
171 | let splice_len = self.rng.gen_range(1..=len.min(len - src.max(dst)));
172 |
173 | let mut new_bytes = Vec::new();
174 | new_bytes.extend_from_slice(&felt_bytes[..dst]);
175 | new_bytes.extend_from_slice(&felt_bytes[src..src + splice_len]);
176 | new_bytes.extend_from_slice(&felt_bytes[dst..]);
177 |
178 | // Ensure the length is exactly 32 bytes
179 | if new_bytes.len() > 32 {
180 | new_bytes.truncate(32);
181 | } else if new_bytes.len() < 32 {
182 | new_bytes.resize(32, 0);
183 | }
184 |
185 | let mut array = [0u8; 32];
186 | array.copy_from_slice(&new_bytes);
187 |
188 | Felt::from_bytes_be(&array)
189 | }
190 |
191 | fn magic_overwrite(&mut self, felt: Felt) -> Felt {
192 | // Pick a random magic value
193 | let magic_value = &MAGIC_VALUES[self.rng.gen_range(0..=MAGIC_VALUES.len() - 1)];
194 | let mut felt_bytes = felt.to_bytes_be();
195 |
196 | // Overwrite the bytes in the input with the magic value
197 | let len = magic_value.len().min(felt_bytes.len());
198 | felt_bytes[..len].copy_from_slice(&magic_value[..len]);
199 |
200 | Felt::from_bytes_be(&felt_bytes)
201 | }
202 |
203 | fn magic_insert(&mut self, felt: Felt) -> Felt {
204 | // Pick a random magic value
205 | let magic_value = &MAGIC_VALUES[self.rng.gen_range(0..=MAGIC_VALUES.len() - 1)];
206 | let felt_bytes = felt.to_bytes_be();
207 |
208 | // Insert the magic value at a random offset
209 | let offset = self.rng.gen_range(0..=felt_bytes.len());
210 | let mut new_bytes = Vec::new();
211 | new_bytes.extend_from_slice(&felt_bytes[..offset]);
212 | new_bytes.extend_from_slice(magic_value);
213 | new_bytes.extend_from_slice(&felt_bytes[offset..]);
214 |
215 | // Ensure the length is exactly 32 bytes
216 | if new_bytes.len() > 32 {
217 | new_bytes.truncate(32);
218 | } else if new_bytes.len() < 32 {
219 | new_bytes.resize(32, 0);
220 | }
221 |
222 | let mut array = [0u8; 32];
223 | array.copy_from_slice(&new_bytes);
224 |
225 | Felt::from_bytes_be(&array)
226 | }
227 |
228 | fn random_overwrite(&mut self, felt: Felt) -> Felt {
229 | // Overwrite a random offset of the input with random bytes
230 | let mut felt_bytes = felt.to_bytes_be();
231 | let offset = self.rng.gen_range(0..=felt_bytes.len() - 1);
232 | let amount = self.rng.gen_range(1..=felt_bytes.len() - offset);
233 |
234 | for i in offset..offset + amount {
235 | felt_bytes[i] = self.rng.rand_usize() as u8;
236 | }
237 |
238 | Felt::from_bytes_be(&felt_bytes)
239 | }
240 |
241 | fn random_insert(&mut self, felt: Felt) -> Felt {
242 | // Insert random bytes into a random offset in the input
243 | let felt_bytes = felt.to_bytes_be();
244 | let offset = self.rng.gen_range(0..=felt_bytes.len());
245 | let amount = self
246 | .rng
247 | .gen_range(0..=self.max_input_size - felt_bytes.len());
248 |
249 | let mut new_bytes = Vec::new();
250 | new_bytes.extend_from_slice(&felt_bytes[..offset]);
251 | new_bytes.extend(std::iter::repeat(self.rng.rand_usize() as u8).take(amount));
252 | new_bytes.extend_from_slice(&felt_bytes[offset..]);
253 |
254 | // Ensure the length is exactly 32 bytes
255 | if new_bytes.len() > 32 {
256 | new_bytes.truncate(32);
257 | } else if new_bytes.len() < 32 {
258 | new_bytes.resize(32, 0);
259 | }
260 |
261 | let mut array = [0u8; 32];
262 | array.copy_from_slice(&new_bytes);
263 |
264 | Felt::from_bytes_be(&array)
265 | }
266 |
267 | fn byte_repeat_overwrite(&mut self, felt: Felt) -> Felt {
268 | // Find a byte and repeat it multiple times by overwriting the data after it
269 | let mut felt_bytes = felt.to_bytes_be();
270 | let offset = self.rng.gen_range(0..=felt_bytes.len() - 1);
271 | let amount = self.rng.gen_range(1..=felt_bytes.len() - offset);
272 |
273 | let val = felt_bytes[offset];
274 | for i in offset + 1..offset + amount {
275 | felt_bytes[i] = val;
276 | }
277 |
278 | Felt::from_bytes_be(&felt_bytes)
279 | }
280 |
281 | fn byte_repeat_insert(&mut self, felt: Felt) -> Felt {
282 | // Find a byte and repeat it multiple times by splicing a random amount of the byte in
283 | let felt_bytes = felt.to_bytes_be();
284 | let offset = self.rng.gen_range(0..=felt_bytes.len() - 1);
285 | let amount = self
286 | .rng
287 | .gen_range(0..=self.max_input_size - felt_bytes.len());
288 |
289 | let val = felt_bytes[offset];
290 | let mut new_bytes = Vec::new();
291 | new_bytes.extend_from_slice(&felt_bytes[..offset]);
292 | new_bytes.extend(std::iter::repeat(val).take(amount));
293 | new_bytes.extend_from_slice(&felt_bytes[offset..]);
294 |
295 | // Ensure the length is exactly 32 bytes
296 | if new_bytes.len() > 32 {
297 | new_bytes.truncate(32);
298 | } else if new_bytes.len() < 32 {
299 | new_bytes.resize(32, 0);
300 | }
301 |
302 | let mut array = [0u8; 32];
303 | array.copy_from_slice(&new_bytes);
304 |
305 | Felt::from_bytes_be(&array)
306 | }
307 | }
308 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/mutator/magic_values.rs:
--------------------------------------------------------------------------------
1 | //! A file containing a bunch of magic values, from honggfuzz
2 | /*
3 | *
4 | * Authors:
5 | * Robert Swiecki
6 | * Brandon Falk
7 | *
8 | * Copyright 2010-2018 by Google Inc. All Rights Reserved.
9 | * Copyright 2020 by Brandon Falk
10 | *
11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
12 | * not use this file except in compliance with the License. You may obtain
13 | * a copy of the License at
14 | *
15 | * http://www.apache.org/licenses/LICENSE-2.0
16 | *
17 | * Unless required by applicable law or agreed to in writing, software
18 | * distributed under the License is distributed on an "AS IS" BASIS,
19 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
20 | * implied. See the License for the specific language governing
21 | * permissions and limitations under the License.
22 | *
23 | */
24 |
25 | /// Magic values of various sizes and endiannesses
26 | pub const MAGIC_VALUES: &[&[u8]] = &[
27 | b"\x00",
28 | b"\x01",
29 | b"\x02",
30 | b"\x03",
31 | b"\x04",
32 | b"\x05",
33 | b"\x06",
34 | b"\x07",
35 | b"\x08",
36 | b"\x09",
37 | b"\x0a",
38 | b"\x0b",
39 | b"\x0c",
40 | b"\x0d",
41 | b"\x0e",
42 | b"\x0f",
43 | b"\x10",
44 | b"\x20",
45 | b"\x40",
46 | b"\x7e",
47 | b"\x7f",
48 | b"\x80",
49 | b"\x81",
50 | b"\xc0",
51 | b"\xfe",
52 | b"\xff",
53 | b"\x00\x00",
54 | b"\x01\x01",
55 | b"\x80\x80",
56 | b"\xff\xff",
57 | b"\x00\x01",
58 | b"\x00\x02",
59 | b"\x00\x03",
60 | b"\x00\x04",
61 | b"\x00\x05",
62 | b"\x00\x06",
63 | b"\x00\x07",
64 | b"\x00\x08",
65 | b"\x00\x09",
66 | b"\x00\x0a",
67 | b"\x00\x0b",
68 | b"\x00\x0c",
69 | b"\x00\x0d",
70 | b"\x00\x0e",
71 | b"\x00\x0f",
72 | b"\x00\x10",
73 | b"\x00\x20",
74 | b"\x00\x40",
75 | b"\x00\x7e",
76 | b"\x00\x7f",
77 | b"\x00\x80",
78 | b"\x00\x81",
79 | b"\x00\xc0",
80 | b"\x00\xfe",
81 | b"\x00\xff",
82 | b"\x7e\xff",
83 | b"\x7f\xff",
84 | b"\x80\x00",
85 | b"\x80\x01",
86 | b"\xff\xfe",
87 | b"\x00\x00",
88 | b"\x01\x00",
89 | b"\x02\x00",
90 | b"\x03\x00",
91 | b"\x04\x00",
92 | b"\x05\x00",
93 | b"\x06\x00",
94 | b"\x07\x00",
95 | b"\x08\x00",
96 | b"\x09\x00",
97 | b"\x0a\x00",
98 | b"\x0b\x00",
99 | b"\x0c\x00",
100 | b"\x0d\x00",
101 | b"\x0e\x00",
102 | b"\x0f\x00",
103 | b"\x10\x00",
104 | b"\x20\x00",
105 | b"\x40\x00",
106 | b"\x7e\x00",
107 | b"\x7f\x00",
108 | b"\x80\x00",
109 | b"\x81\x00",
110 | b"\xc0\x00",
111 | b"\xfe\x00",
112 | b"\xff\x00",
113 | b"\xff\x7e",
114 | b"\xff\x7f",
115 | b"\x00\x80",
116 | b"\x01\x80",
117 | b"\xfe\xff",
118 | b"\x00\x00\x00\x00",
119 | b"\x01\x01\x01\x01",
120 | b"\x80\x80\x80\x80",
121 | b"\xff\xff\xff\xff",
122 | b"\x00\x00\x00\x01",
123 | b"\x00\x00\x00\x02",
124 | b"\x00\x00\x00\x03",
125 | b"\x00\x00\x00\x04",
126 | b"\x00\x00\x00\x05",
127 | b"\x00\x00\x00\x06",
128 | b"\x00\x00\x00\x07",
129 | b"\x00\x00\x00\x08",
130 | b"\x00\x00\x00\x09",
131 | b"\x00\x00\x00\x0a",
132 | b"\x00\x00\x00\x0b",
133 | b"\x00\x00\x00\x0c",
134 | b"\x00\x00\x00\x0d",
135 | b"\x00\x00\x00\x0e",
136 | b"\x00\x00\x00\x0f",
137 | b"\x00\x00\x00\x10",
138 | b"\x00\x00\x00\x20",
139 | b"\x00\x00\x00\x40",
140 | b"\x00\x00\x00\x7e",
141 | b"\x00\x00\x00\x7f",
142 | b"\x00\x00\x00\x80",
143 | b"\x00\x00\x00\x81",
144 | b"\x00\x00\x00\xc0",
145 | b"\x00\x00\x00\xfe",
146 | b"\x00\x00\x00\xff",
147 | b"\x7e\xff\xff\xff",
148 | b"\x7f\xff\xff\xff",
149 | b"\x80\x00\x00\x00",
150 | b"\x80\x00\x00\x01",
151 | b"\xff\xff\xff\xfe",
152 | b"\x00\x00\x00\x00",
153 | b"\x01\x00\x00\x00",
154 | b"\x02\x00\x00\x00",
155 | b"\x03\x00\x00\x00",
156 | b"\x04\x00\x00\x00",
157 | b"\x05\x00\x00\x00",
158 | b"\x06\x00\x00\x00",
159 | b"\x07\x00\x00\x00",
160 | b"\x08\x00\x00\x00",
161 | b"\x09\x00\x00\x00",
162 | b"\x0a\x00\x00\x00",
163 | b"\x0b\x00\x00\x00",
164 | b"\x0c\x00\x00\x00",
165 | b"\x0d\x00\x00\x00",
166 | b"\x0e\x00\x00\x00",
167 | b"\x0f\x00\x00\x00",
168 | b"\x10\x00\x00\x00",
169 | b"\x20\x00\x00\x00",
170 | b"\x40\x00\x00\x00",
171 | b"\x7e\x00\x00\x00",
172 | b"\x7f\x00\x00\x00",
173 | b"\x80\x00\x00\x00",
174 | b"\x81\x00\x00\x00",
175 | b"\xc0\x00\x00\x00",
176 | b"\xfe\x00\x00\x00",
177 | b"\xff\x00\x00\x00",
178 | b"\xff\xff\xff\x7e",
179 | b"\xff\xff\xff\x7f",
180 | b"\x00\x00\x00\x80",
181 | b"\x01\x00\x00\x80",
182 | b"\xfe\xff\xff\xff",
183 | b"\x00\x00\x00\x00\x00\x00\x00\x00",
184 | b"\x01\x01\x01\x01\x01\x01\x01\x01",
185 | b"\x80\x80\x80\x80\x80\x80\x80\x80",
186 | b"\xff\xff\xff\xff\xff\xff\xff\xff",
187 | b"\x00\x00\x00\x00\x00\x00\x00\x01",
188 | b"\x00\x00\x00\x00\x00\x00\x00\x02",
189 | b"\x00\x00\x00\x00\x00\x00\x00\x03",
190 | b"\x00\x00\x00\x00\x00\x00\x00\x04",
191 | b"\x00\x00\x00\x00\x00\x00\x00\x05",
192 | b"\x00\x00\x00\x00\x00\x00\x00\x06",
193 | b"\x00\x00\x00\x00\x00\x00\x00\x07",
194 | b"\x00\x00\x00\x00\x00\x00\x00\x08",
195 | b"\x00\x00\x00\x00\x00\x00\x00\x09",
196 | b"\x00\x00\x00\x00\x00\x00\x00\x0a",
197 | b"\x00\x00\x00\x00\x00\x00\x00\x0b",
198 | b"\x00\x00\x00\x00\x00\x00\x00\x0c",
199 | b"\x00\x00\x00\x00\x00\x00\x00\x0d",
200 | b"\x00\x00\x00\x00\x00\x00\x00\x0e",
201 | b"\x00\x00\x00\x00\x00\x00\x00\x0f",
202 | b"\x00\x00\x00\x00\x00\x00\x00\x10",
203 | b"\x00\x00\x00\x00\x00\x00\x00\x20",
204 | b"\x00\x00\x00\x00\x00\x00\x00\x40",
205 | b"\x00\x00\x00\x00\x00\x00\x00\x7e",
206 | b"\x00\x00\x00\x00\x00\x00\x00\x7f",
207 | b"\x00\x00\x00\x00\x00\x00\x00\x80",
208 | b"\x00\x00\x00\x00\x00\x00\x00\x81",
209 | b"\x00\x00\x00\x00\x00\x00\x00\xc0",
210 | b"\x00\x00\x00\x00\x00\x00\x00\xfe",
211 | b"\x00\x00\x00\x00\x00\x00\x00\xff",
212 | b"\x7e\xff\xff\xff\xff\xff\xff\xff",
213 | b"\x7f\xff\xff\xff\xff\xff\xff\xff",
214 | b"\x80\x00\x00\x00\x00\x00\x00\x00",
215 | b"\x80\x00\x00\x00\x00\x00\x00\x01",
216 | b"\xff\xff\xff\xff\xff\xff\xff\xfe",
217 | b"\x00\x00\x00\x00\x00\x00\x00\x00",
218 | b"\x01\x00\x00\x00\x00\x00\x00\x00",
219 | b"\x02\x00\x00\x00\x00\x00\x00\x00",
220 | b"\x03\x00\x00\x00\x00\x00\x00\x00",
221 | b"\x04\x00\x00\x00\x00\x00\x00\x00",
222 | b"\x05\x00\x00\x00\x00\x00\x00\x00",
223 | b"\x06\x00\x00\x00\x00\x00\x00\x00",
224 | b"\x07\x00\x00\x00\x00\x00\x00\x00",
225 | b"\x08\x00\x00\x00\x00\x00\x00\x00",
226 | b"\x09\x00\x00\x00\x00\x00\x00\x00",
227 | b"\x0a\x00\x00\x00\x00\x00\x00\x00",
228 | b"\x0b\x00\x00\x00\x00\x00\x00\x00",
229 | b"\x0c\x00\x00\x00\x00\x00\x00\x00",
230 | b"\x0d\x00\x00\x00\x00\x00\x00\x00",
231 | b"\x0e\x00\x00\x00\x00\x00\x00\x00",
232 | b"\x0f\x00\x00\x00\x00\x00\x00\x00",
233 | b"\x10\x00\x00\x00\x00\x00\x00\x00",
234 | b"\x20\x00\x00\x00\x00\x00\x00\x00",
235 | b"\x40\x00\x00\x00\x00\x00\x00\x00",
236 | b"\x7e\x00\x00\x00\x00\x00\x00\x00",
237 | b"\x7f\x00\x00\x00\x00\x00\x00\x00",
238 | b"\x80\x00\x00\x00\x00\x00\x00\x00",
239 | b"\x81\x00\x00\x00\x00\x00\x00\x00",
240 | b"\xc0\x00\x00\x00\x00\x00\x00\x00",
241 | b"\xfe\x00\x00\x00\x00\x00\x00\x00",
242 | b"\xff\x00\x00\x00\x00\x00\x00\x00",
243 | b"\xff\xff\xff\xff\xff\xff\xff\x7e",
244 | b"\xff\xff\xff\xff\xff\xff\xff\x7f",
245 | b"\x00\x00\x00\x00\x00\x00\x00\x80",
246 | b"\x01\x00\x00\x00\x00\x00\x00\x80",
247 | b"\xfe\xff\xff\xff\xff\xff\xff\xff",
248 | ];
249 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/mutator/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod argument_type;
2 | pub mod basic_mutator;
3 | pub mod magic_values;
4 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/runner/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod runner;
2 | pub mod syscall_handler;
3 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/runner/runner.rs:
--------------------------------------------------------------------------------
1 | use cairo_lang_sierra::ids::FunctionId;
2 | use cairo_lang_sierra::program::Program;
3 | use cairo_native::context::NativeContext;
4 | use cairo_native::execution_result::ContractExecutionResult;
5 | use cairo_native::executor::JitNativeExecutor;
6 | use cairo_native::module::NativeModule;
7 | use starknet_types_core::felt::Felt;
8 |
9 | use crate::runner::syscall_handler::SyscallHandler;
10 |
11 | // Create a JIT Native Executor
12 | pub fn create_executor<'a>(native_program: NativeModule<'a>) -> JitNativeExecutor<'a> {
13 | JitNativeExecutor::from_native_module(native_program, Default::default())
14 | .expect("Failed to create JIT native executor from the provided native module")
15 | }
16 |
17 | /// Compile a Sierra program into a MLIR module
18 | pub fn compile_sierra_program<'a>(
19 | native_context: &'a NativeContext,
20 | sierra_program: &'a Program,
21 | ) -> Result, String> {
22 | native_context
23 | .compile(sierra_program, false, Some(Default::default()))
24 | .map_err(|e| e.to_string())
25 | }
26 |
27 | /// Execute a program with arbitraty entrypoint & parameters
28 | pub fn run_program(
29 | executor: &JitNativeExecutor,
30 | entry_point_id: &FunctionId,
31 | params: &Vec,
32 | ) -> Result {
33 | executor
34 | .invoke_contract_dynamic(entry_point_id, params, Some(u64::MAX), SyscallHandler)
35 | .map_err(|e| e.to_string())
36 | }
37 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/runner/syscall_handler.rs:
--------------------------------------------------------------------------------
1 | // Source : https://github.com/lambdaclass/cairo_native/blob/2bad480b4f59cd047626b9b5697eb90fa723ef07/examples/erc20.rs
2 |
3 | use cairo_native::starknet::BlockInfo;
4 | use cairo_native::starknet::ExecutionInfo;
5 | use cairo_native::starknet::ExecutionInfoV2;
6 | use cairo_native::starknet::ResourceBounds;
7 | use cairo_native::starknet::Secp256k1Point;
8 | use cairo_native::starknet::Secp256r1Point;
9 | use cairo_native::starknet::StarknetSyscallHandler;
10 | use cairo_native::starknet::SyscallResult;
11 | use cairo_native::starknet::TxInfo;
12 | use cairo_native::starknet::TxV2Info;
13 | use cairo_native::starknet::U256;
14 | use starknet_types_core::felt::Felt;
15 |
16 | #[derive(Debug)]
17 | pub struct SyscallHandler;
18 |
19 | impl StarknetSyscallHandler for SyscallHandler {
20 | fn get_block_hash(&mut self, block_number: u64, _gas: &mut u64) -> SyscallResult {
21 | println!("Called `get_block_hash({block_number})` from MLIR.");
22 | Ok(Felt::from_bytes_be_slice(b"get_block_hash ok"))
23 | }
24 |
25 | fn get_execution_info(
26 | &mut self,
27 | _gas: &mut u64,
28 | ) -> SyscallResult {
29 | println!("Called `get_execution_info()` from MLIR.");
30 | Ok(ExecutionInfo {
31 | block_info: BlockInfo {
32 | block_number: 1234,
33 | block_timestamp: 2345,
34 | sequencer_address: 3456.into(),
35 | },
36 | tx_info: TxInfo {
37 | version: 4567.into(),
38 | account_contract_address: 5678.into(),
39 | max_fee: 6789,
40 | signature: vec![1248.into(), 2486.into()],
41 | transaction_hash: 9876.into(),
42 | chain_id: 8765.into(),
43 | nonce: 7654.into(),
44 | },
45 | caller_address: 6543.into(),
46 | contract_address: 5432.into(),
47 | entry_point_selector: 4321.into(),
48 | })
49 | }
50 |
51 | fn get_execution_info_v2(
52 | &mut self,
53 | _remaining_gas: &mut u64,
54 | ) -> SyscallResult {
55 | println!("Called `get_execution_info_v2()` from MLIR.");
56 | Ok(ExecutionInfoV2 {
57 | block_info: BlockInfo {
58 | block_number: 1234,
59 | block_timestamp: 2345,
60 | sequencer_address: 3456.into(),
61 | },
62 | tx_info: TxV2Info {
63 | version: 1.into(),
64 | account_contract_address: 1.into(),
65 | max_fee: 0,
66 | signature: vec![1.into()],
67 | transaction_hash: 1.into(),
68 | chain_id: 1.into(),
69 | nonce: 1.into(),
70 | tip: 1,
71 | paymaster_data: vec![1.into()],
72 | nonce_data_availability_mode: 0,
73 | fee_data_availability_mode: 0,
74 | account_deployment_data: vec![1.into()],
75 | resource_bounds: vec![ResourceBounds {
76 | resource: 2.into(),
77 | max_amount: 10,
78 | max_price_per_unit: 20,
79 | }],
80 | },
81 | caller_address: 6543.into(),
82 | contract_address: 5432.into(),
83 | entry_point_selector: 4321.into(),
84 | })
85 | }
86 |
87 | fn deploy(
88 | &mut self,
89 | class_hash: Felt,
90 | contract_address_salt: Felt,
91 | calldata: &[Felt],
92 | deploy_from_zero: bool,
93 | _gas: &mut u64,
94 | ) -> SyscallResult<(Felt, Vec)> {
95 | println!("Called `deploy({class_hash}, {contract_address_salt}, {calldata:?}, {deploy_from_zero})` from MLIR.");
96 | Ok((
97 | class_hash + contract_address_salt,
98 | calldata.iter().map(|x| x + Felt::ONE).collect(),
99 | ))
100 | }
101 |
102 | fn replace_class(&mut self, class_hash: Felt, _gas: &mut u64) -> SyscallResult<()> {
103 | println!("Called `replace_class({class_hash})` from MLIR.");
104 | Ok(())
105 | }
106 |
107 | fn library_call(
108 | &mut self,
109 | class_hash: Felt,
110 | function_selector: Felt,
111 | calldata: &[Felt],
112 | _gas: &mut u64,
113 | ) -> SyscallResult> {
114 | println!(
115 | "Called `library_call({class_hash}, {function_selector}, {calldata:?})` from MLIR."
116 | );
117 | Ok(calldata.iter().map(|x| x * Felt::from(3)).collect())
118 | }
119 |
120 | fn call_contract(
121 | &mut self,
122 | address: Felt,
123 | entry_point_selector: Felt,
124 | calldata: &[Felt],
125 | _gas: &mut u64,
126 | ) -> SyscallResult> {
127 | println!(
128 | "Called `call_contract({address}, {entry_point_selector}, {calldata:?})` from MLIR."
129 | );
130 | Ok(calldata.iter().map(|x| x * Felt::from(3)).collect())
131 | }
132 |
133 | fn storage_read(
134 | &mut self,
135 | address_domain: u32,
136 | address: Felt,
137 | _gas: &mut u64,
138 | ) -> SyscallResult {
139 | println!("Called `storage_read({address_domain}, {address})` from MLIR.");
140 | Ok(address * Felt::from(3))
141 | }
142 |
143 | fn storage_write(
144 | &mut self,
145 | address_domain: u32,
146 | address: Felt,
147 | value: Felt,
148 | _gas: &mut u64,
149 | ) -> SyscallResult<()> {
150 | println!("Called `storage_write({address_domain}, {address}, {value})` from MLIR.");
151 | Ok(())
152 | }
153 |
154 | fn emit_event(&mut self, keys: &[Felt], data: &[Felt], _gas: &mut u64) -> SyscallResult<()> {
155 | println!("Called `emit_event({keys:?}, {data:?})` from MLIR.");
156 | Ok(())
157 | }
158 |
159 | fn send_message_to_l1(
160 | &mut self,
161 | to_address: Felt,
162 | payload: &[Felt],
163 | _gas: &mut u64,
164 | ) -> SyscallResult<()> {
165 | println!("Called `send_message_to_l1({to_address}, {payload:?})` from MLIR.");
166 | Ok(())
167 | }
168 |
169 | fn keccak(
170 | &mut self,
171 | input: &[u64],
172 | _gas: &mut u64,
173 | ) -> SyscallResult {
174 | println!("Called `keccak({input:?})` from MLIR.");
175 | Ok(U256 {
176 | hi: 0,
177 | lo: 1234567890,
178 | })
179 | }
180 |
181 | fn secp256k1_new(
182 | &mut self,
183 | _x: U256,
184 | _y: U256,
185 | _remaining_gas: &mut u64,
186 | ) -> SyscallResult> {
187 | unimplemented!()
188 | }
189 |
190 | fn secp256k1_add(
191 | &mut self,
192 | _p0: Secp256k1Point,
193 | _p1: Secp256k1Point,
194 | _remaining_gas: &mut u64,
195 | ) -> SyscallResult {
196 | unimplemented!()
197 | }
198 |
199 | fn secp256k1_mul(
200 | &mut self,
201 | _p: Secp256k1Point,
202 | _m: U256,
203 | _remaining_gas: &mut u64,
204 | ) -> SyscallResult {
205 | unimplemented!()
206 | }
207 |
208 | fn secp256k1_get_point_from_x(
209 | &mut self,
210 | _x: U256,
211 | _y_parity: bool,
212 | _remaining_gas: &mut u64,
213 | ) -> SyscallResult> {
214 | unimplemented!()
215 | }
216 |
217 | fn secp256k1_get_xy(
218 | &mut self,
219 | _p: Secp256k1Point,
220 | _remaining_gas: &mut u64,
221 | ) -> SyscallResult<(U256, U256)> {
222 | unimplemented!()
223 | }
224 |
225 | fn secp256r1_new(
226 | &mut self,
227 | _x: U256,
228 | _y: U256,
229 | _remaining_gas: &mut u64,
230 | ) -> SyscallResult> {
231 | unimplemented!()
232 | }
233 |
234 | fn secp256r1_add(
235 | &mut self,
236 | _p0: Secp256r1Point,
237 | _p1: Secp256r1Point,
238 | _remaining_gas: &mut u64,
239 | ) -> SyscallResult {
240 | unimplemented!()
241 | }
242 |
243 | fn secp256r1_mul(
244 | &mut self,
245 | _p: Secp256r1Point,
246 | _m: U256,
247 | _remaining_gas: &mut u64,
248 | ) -> SyscallResult {
249 | unimplemented!()
250 | }
251 |
252 | fn secp256r1_get_point_from_x(
253 | &mut self,
254 | _x: U256,
255 | _y_parity: bool,
256 | _remaining_gas: &mut u64,
257 | ) -> SyscallResult> {
258 | unimplemented!()
259 | }
260 |
261 | fn secp256r1_get_xy(
262 | &mut self,
263 | _p: Secp256r1Point,
264 | _remaining_gas: &mut u64,
265 | ) -> SyscallResult<(U256, U256)> {
266 | unimplemented!()
267 | }
268 |
269 | fn sha256_process_block(
270 | &mut self,
271 | _state: &mut [u32; 8],
272 | _block: &[u32; 16],
273 | _remaining_gas: &mut u64,
274 | ) -> SyscallResult<()> {
275 | unimplemented!()
276 | }
277 |
278 | fn get_class_hash_at(
279 | &mut self,
280 | _contract_address: Felt,
281 | _remaining_gas: &mut u64,
282 | ) -> SyscallResult {
283 | unimplemented!()
284 | }
285 | }
286 |
--------------------------------------------------------------------------------
/cairo-native-fuzzer/src/utils.rs:
--------------------------------------------------------------------------------
1 | use cairo_lang_sierra::ids::FunctionId;
2 | use cairo_lang_sierra::program::GenFunction;
3 | use cairo_lang_sierra::program::Program;
4 | use cairo_lang_sierra::program::StatementIdx;
5 |
6 | /// Return the current cairo-native package version
7 | pub fn get_cairo_native_version() -> String {
8 | // TODO : Automatically parse Cargo.toml
9 | "0.2.5-rc1".to_string()
10 | }
11 |
12 | /// Find and return the function with the given `FunctionId` in the `Program`
13 | pub fn get_function_by_id<'a>(
14 | program: &'a Program,
15 | function_id: &FunctionId,
16 | ) -> Option<&'a GenFunction> {
17 | program.funcs.iter().find(|f| &f.id == function_id)
18 | }
19 |
--------------------------------------------------------------------------------
/docs/TUTO101.md:
--------------------------------------------------------------------------------
1 | # How to fuzz a Cairo/Starknet Smart Contract
2 |
3 | We will take this Smart Contract as an example:
4 | ```rust
5 | use starknet::{
6 | Store, SyscallResult, StorageBaseAddress, storage_read_syscall, storage_write_syscall,
7 | storage_address_from_base_and_offset
8 | };
9 | use integer::{
10 | U128IntoFelt252, Felt252IntoU256, Felt252TryIntoU64, U256TryIntoFelt252, u256_from_felt252
11 | };
12 |
13 |
14 | #[starknet::contract]
15 | mod test_contract {
16 | #[storage]
17 | struct Storage {
18 | bal:u8
19 | }
20 | #[external(v0)]
21 | fn Fuzz_symbolic_execution(
22 | ref self: ContractState,
23 | f: felt252,
24 | u: felt252,
25 | z: u16,
26 | z2: u32,
27 | i: u64,
28 | n: u128,
29 | g: u128,
30 | l: u128,
31 | a: felt252,
32 | b: felt252,
33 | s: u8,
34 | ) {
35 | if (f == 'f') {
36 | if (u == 'u') {
37 | if (z == 'z') {
38 | if (z2 == 'z') {
39 | if (i == 'i') {
40 | if (n == 'n') {
41 | if (g == 'g') {
42 | if (l == 'l') {
43 | if (a == 'a') {
44 | if (b == 'b') {
45 | if (s == 's') {
46 | assert(1==0 , '!(f & t)');
47 | }
48 | }
49 | }
50 | }
51 | }
52 | }
53 | }
54 | }
55 | }
56 | }
57 | }
58 | return ();
59 | }
60 | }
61 | ```
62 |
63 | ## Compile contract:
64 | - Follow these [steps](https://github.com/starkware-libs/cairo#getting-started) to setup cairo in your environment
65 | - Next, create the file `fuzzinglabs.cairo` that will contain the code above.
66 | - run `cargo run --bin starknet-compile -- --single-file /path/to/fuzzinglabs.cairo /path/to/fuzzinglabs.json`
67 | - then `cargo run --bin starknet-sierra-compile -- /path/to/fuzzinglabs.json /path/to/fuzzinglabs.casm`
68 |
69 | ## Analyze the code:
70 | Looking at the code, we deduce that the function we want to fuzz is `Fuzz_symbolic_execution`, the goal is to find the good arguments to reach the `assert 1 == 0`.
71 |
72 | ## Running the fuzzer:
73 | The simple command line to fuzz the function `Fuzz_symbolic_execution` of the `fuzzinglabs.cairo` contract is:
74 |
75 | ```sh
76 | cargo run --release -- --cores 10 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --function "Fuzz_symbolic_execution"
77 | ```
78 |
79 | 
80 |
81 | Understanding the output ` 1.00 uptime | 93000 fuzz cases | 92979.48 fcps | 5 coverage | 5 inputs | 0 crashes [ 0 unique]`:
82 | - 1.00 uptime: Number of seconds the fuzzer is running
83 | - 93000 fuzz cases: Number of executions done
84 | - 92979.48 fcps: Number of Fuzz Case Per Second
85 | - 5 coverage: Number of instruction reached by the fuzzer
86 | - 5 inputs: Number of interesting inputs that generate a new coverage
87 | - 0 crashes [ 0 unique]: Number of crashes and unique crashes
88 |
89 | ## Detecting the crash:
90 | Once the fuzzer will find a unique crash you will have something like this:
91 |
92 | 
93 |
94 | You can see that the good input to reach the `assert 0 = 2` is `[102, 117, 122, 122, 105, 110, 103, 108, 97, 98, 115]`.
95 | In ascii we get `[f,u,z,z,i,n,g,l,a,b,s]`.
96 |
97 | So running the function `Fuzz_symbolic_execution` with `(102, 117, 122, 122, 105, 110, 103, 108, 97, 98, 115)` will lead to the assert.
98 |
99 | ## Optimize the fuzzing
100 |
101 | You can optimize the fuzzing using the multiple option of Cairo-Fuzzer.
102 | See [this documention](Usage.md) to get more information.
--------------------------------------------------------------------------------
/docs/USAGE.md:
--------------------------------------------------------------------------------
1 | =========================================================================================================================
2 |
3 | _______ _______ _________ _______ _______ _______ _______ _______ _______ _______
4 | ( ____ \( ___ )\__ __/( ____ )( ___ ) ( ____ \|\ /|/ ___ )/ ___ )( ____ \( ____ )
5 | | ( \/| ( ) | ) ( | ( )|| ( ) | | ( \/| ) ( |\/ ) |\/ ) || ( \/| ( )|
6 | | | | (___) | | | | (____)|| | | | _____ | (__ | | | | / ) / )| (__ | (____)|
7 | | | | ___ | | | | __)| | | |(_____)| __) | | | | / / / / | __) | __)
8 | | | | ( ) | | | | (\ ( | | | | | ( | | | | / / / / | ( | (\ (
9 | | (____/\| ) ( |___) (___| ) \ \__| (___) | | ) | (___) | / (_/\ / (_/\| (____/\| ) \ \__
10 | (_______/|/ \|\_______/|/ \__/(_______) |/ (_______)(_______/(_______/(_______/|/ \__/
11 |
12 | =========================================================================================================================
13 |
14 | # Options:
15 |
16 | ```
17 | Usage: cairo-fuzzer [OPTIONS]
18 |
19 | Options:
20 | --cores Set the number of threads to run [default: 1]
21 | --contract Set the path of the JSON artifact to load [default: ]
22 | --casm Set the path of the JSON CASM artifact to load [default: ]
23 | --function Set the function to fuzz [default: ]
24 | --workspace Workspace of the fuzzer [default: fuzzer_workspace]
25 | --inputfolder Path to the inputs folder to load [default: ]
26 | --crashfolder Path to the crashes folder to load [default: ]
27 | --inputfile Path to the inputs file to load [default: ]
28 | --crashfile Path to the crashes file to load [default: ]
29 | --dict Path to the dictionnary file to load [default: ]
30 | --logs Enable fuzzer logs in file
31 | --seed Set a custom seed (only applicable for 1 core run)
32 | --run-time Number of seconds this fuzzing session will last
33 | --config Load config file
34 | --replay Replay the corpus folder
35 | --minimizer Minimize Corpora
36 | --proptesting Property Testing
37 | --analyze Dump functions prototypes
38 | --iter Iteration Number [default: -1]
39 | -h, --help Print help
40 | ```
41 |
42 | ## Fuzzing function of a contract:
43 | ```sh
44 | cargo run --release -- --cores 13 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --function "fuzzinglabs_starknet"
45 | ```
46 |
47 | ## Fuzzing function of a contract with a number of iteration max:
48 | ```sh
49 | cargo run --release -- --cores 13 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --function "fuzzinglabs_starknet" --iter 100000
50 | ```
51 |
52 | ## Load old corpus:
53 | ```sh
54 | cargo run --release -- --cores 13 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --function "fuzzinglabs_starknet" --inputfile "tests1.0/fuzzinglabs_starknet_2023-04-04--12:38:47.json"
55 | ```
56 |
57 | ## Fuzzing using a config file:
58 | Example of config file:
59 | ```json
60 | {
61 | "cores": 1,
62 | "logs": false,
63 | "replay": false,
64 | "minimizer": false,
65 | "contract_file": "tests1.0/fuzzinglabs.json",
66 | "casm_file": "tests1.0/fuzzinglabs.casm",
67 | "function_name": "Fuzz_symbolic_execution",
68 | "input_file": "",
69 | "crash_file": "",
70 | "input_folder": "",
71 | "crash_folder": "",
72 | "workspace": "fuzzer_workspace",
73 | "proptesting": false,
74 | "iter": -1,
75 | "dict": "tests1.0/dict"
76 | }
77 | ```
78 |
79 | ```sh
80 | cargo run --release -- --config tests/config.json
81 | ```
82 |
83 | ## Replay corpus folder:
84 | ```sh
85 | cargo run --release -- --cores 13 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --function "fuzzinglabs_starknet" --replay --inputfolder fuzzer_workspace/fuzzinglabs_starknet/inputs
86 | ```
87 |
88 | ## Fuzzing property testing:
89 | Function should start with `Fuzz_`
90 | ```rust
91 | func Fuzz_symbolic_execution()
92 | ```
93 |
94 | ```sh
95 | cargo run --release -- --cores 13 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --proptesting --iter 500000
96 | ```
97 |
98 | ## Fuzzing with a dictionnary:
99 |
100 | Dictionnary format is the same as other fuzzers such as Honggfuzz or libafl
101 | ```python
102 | key1=999999999999
103 | key2=888888888888
104 | key3=777777777777
105 | ...
106 | key9=111111111111
107 | ```
108 |
109 | ```sh
110 | cargo run --release -- --cores 13 --contract ./tests1.0/fuzzinglabs.json --casm ./tests1.0/fuzzinglabs.casm --function "Fuzz_symbolic_execution" --dict tests/dict
111 | ```
112 |
--------------------------------------------------------------------------------
/docs/crash.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzingLabs/cairo-fuzzer/9b063a9e99bb0aff44f8444557682f7ff6fd4708/docs/crash.png
--------------------------------------------------------------------------------
/docs/fuzzer_running.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzingLabs/cairo-fuzzer/9b063a9e99bb0aff44f8444557682f7ff6fd4708/docs/fuzzer_running.png
--------------------------------------------------------------------------------
/scripts/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "scripts"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7 |
8 | [dependencies]
9 | cairo-fuzzer = { path="../" }
10 | serde_json = '1.0'
11 | cairo-lang-starknet = { version = "2.1.0-rc2", default-features = false }
12 |
13 | [dependencies.felt]
14 | git = 'https://github.com/FuzzingLabs/cairo-rs'
15 | rev = '48af153240392992f18a09e969bae6518eec9639'
16 | package = 'cairo-felt'
17 |
--------------------------------------------------------------------------------
/scripts/src/main.rs:
--------------------------------------------------------------------------------
1 | use cairo_fuzzer::json::json_parser::get_function_from_json;
2 | use cairo_fuzzer::runner::runner::Runner;
3 | use cairo_fuzzer::runner::starknet_runner::RunnerStarknet;
4 | use cairo_lang_starknet::casm_contract_class::CasmContractClass;
5 | use felt::Felt252;
6 |
7 | use std::fs;
8 |
9 | fn main() {
10 | // Init state
11 | let casm_file = "../tests1.0/fuzzinglabs_init.casm";
12 | let sierra_file = "../tests1.0/fuzzinglabs_init.json";
13 | let casm_content = fs::read_to_string(casm_file).expect("Could not read casm file");
14 | let sierra_content = fs::read_to_string(sierra_file).expect("Could not read casm file");
15 | let init_function_name = "init".to_string();
16 |
17 | let function = get_function_from_json(&sierra_content, &init_function_name)
18 | .expect("Could not get function");
19 | let contract_class: CasmContractClass =
20 | serde_json::from_str(&casm_content).expect("could not get contractclass");
21 | let mut runner = RunnerStarknet::new(&contract_class, function.selector_idx);
22 | let input: Vec = vec![Felt252::from_bytes_be(&10000000_i64.to_be_bytes())];
23 | runner = runner.clone().run(&input).unwrap().0;
24 | let state = runner.get_state();
25 | println!("================================================");
26 |
27 | // Ready to fuzz other contract
28 | let casm_file = "../tests1.0/fuzzinglabs_fuzz.casm";
29 | let sierra_file = "../tests1.0/fuzzinglabs_fuzz.json";
30 | let casm_content = fs::read_to_string(casm_file).expect("Could not read casm file");
31 | let sierra_content = fs::read_to_string(sierra_file).expect("Could not read casm file");
32 | let init_function_name = "storage_test".to_string();
33 |
34 | let function = get_function_from_json(&sierra_content, &init_function_name)
35 | .expect("Could not get function");
36 | let contract_class: CasmContractClass =
37 | serde_json::from_str(&casm_content).expect("could not get contractclass");
38 |
39 | let mut runner = RunnerStarknet::new(&contract_class, function.selector_idx);
40 | runner = runner.clone().set_state(state.cache);
41 | let state = runner.clone().get_state();
42 | let input: Vec = vec![];
43 | runner = runner.clone().run(&input).unwrap();
44 | }
45 |
--------------------------------------------------------------------------------
/setup.sh:
--------------------------------------------------------------------------------
1 | mv .pre-commit-hook .git/hooks/pre-commit
--------------------------------------------------------------------------------
/src/cli/args.rs:
--------------------------------------------------------------------------------
1 | use clap::{self, Parser};
2 |
3 | #[derive(Debug, Parser)]
4 | pub struct Opt {
5 | #[arg(
6 | long,
7 | help = "Set the number of threads to run",
8 | name = "CORES",
9 | default_value = "1"
10 | )]
11 | pub cores: i32,
12 |
13 | #[arg(
14 | long,
15 | help = "Set the path of the JSON artifact to load",
16 | name = "CONTRACT",
17 | default_value = ""
18 | )]
19 | pub contract: String,
20 |
21 | #[arg(
22 | long,
23 | help = "Set the path of the JSON CASM artifact to load",
24 | name = "CASM",
25 | default_value = ""
26 | )]
27 | pub casm: String,
28 |
29 | #[arg(
30 | long,
31 | help = "Set the function to fuzz",
32 | name = "FUNCTION",
33 | default_value = ""
34 | )]
35 | pub function: String,
36 |
37 | #[arg(
38 | long,
39 | help = "Workspace of the fuzzer",
40 | name = "WORKSPACE",
41 | default_value = "fuzzer_workspace"
42 | )]
43 | pub workspace: String,
44 |
45 | #[arg(
46 | long,
47 | help = "Path to the inputs folder to load",
48 | name = "INPUTFOLDER",
49 | default_value = ""
50 | )]
51 | pub inputfolder: String,
52 |
53 | #[arg(
54 | long,
55 | help = "Path to the crashes folder to load",
56 | name = "CRASHFOLDER",
57 | default_value = ""
58 | )]
59 | pub crashfolder: String,
60 |
61 | #[arg(
62 | long,
63 | help = "Path to the inputs file to load",
64 | name = "INPUTFILE",
65 | default_value = ""
66 | )]
67 | pub inputfile: String,
68 |
69 | #[arg(
70 | long,
71 | help = "Path to the crashes file to load",
72 | name = "CRASHFILE",
73 | default_value = ""
74 | )]
75 | pub crashfile: String,
76 |
77 | #[arg(
78 | long,
79 | help = "Path to the dictionnary file to load",
80 | name = "DICT",
81 | default_value = ""
82 | )]
83 | pub dict: String,
84 |
85 | #[arg(
86 | long,
87 | help = "Enable fuzzer logs in file",
88 | name = "LOGS",
89 | default_value = "false"
90 | )]
91 | pub logs: bool,
92 |
93 | #[arg(
94 | long,
95 | help = "Set a custom seed (only applicable for 1 core run)",
96 | name = "SEED"
97 | )]
98 | pub seed: Option,
99 |
100 | #[arg(
101 | long,
102 | help = "Number of seconds this fuzzing session will last",
103 | name = "RUN_TIME"
104 | )]
105 | pub run_time: Option,
106 |
107 | #[arg(long, help = "Load config file", name = "CONFIG")]
108 | pub config: Option,
109 |
110 | #[arg(
111 | long,
112 | help = "Replay the corpus folder",
113 | name = "REPLAY",
114 | default_value = "false"
115 | )]
116 | pub replay: bool,
117 | #[arg(
118 | long,
119 | help = "Minimize Corpora",
120 | name = "MINIMIZER",
121 | default_value = "false"
122 | )]
123 | pub minimizer: bool,
124 | #[arg(
125 | long,
126 | help = "Property Testing",
127 | name = "PROPTESTING",
128 | default_value = "false"
129 | )]
130 | pub proptesting: bool,
131 |
132 | #[arg(
133 | long,
134 | help = "Dump functions prototypes",
135 | name = "ANALYZE",
136 | default_value = "false"
137 | )]
138 | pub analyze: bool,
139 | #[arg(long, help = "Iteration Number", name = "ITER", default_value = "-1")]
140 | pub iter: i64,
141 | }
142 |
--------------------------------------------------------------------------------
/src/cli/config.rs:
--------------------------------------------------------------------------------
1 | use serde::{Deserialize, Serialize};
2 | use serde_json;
3 | use std::fs;
4 |
5 | /// Config struct to use instead of command line
6 | #[derive(Deserialize, Serialize, Clone, Default)]
7 | pub struct Config {
8 | pub workspace: String,
9 | pub contract_file: String,
10 | pub casm_file: String,
11 | pub function_name: String,
12 | pub input_file: String,
13 | pub crash_file: String,
14 | pub input_folder: String,
15 | pub crash_folder: String,
16 | pub dict: String,
17 | pub cores: i32,
18 | pub logs: bool,
19 | pub seed: Option,
20 | pub run_time: Option,
21 | pub replay: bool,
22 | pub minimizer: bool,
23 | pub proptesting: bool,
24 | pub iter: i64,
25 | }
26 |
27 | impl Config {
28 | /// Create a Config using the provided config file
29 | pub fn load_config(config_file: &String) -> Self {
30 | let config_string = fs::read_to_string(config_file).expect("Unable to read config file");
31 | return serde_json::from_str(&config_string).expect("Could not parse json config file");
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/cli/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod args;
2 | pub mod config;
3 |
--------------------------------------------------------------------------------
/src/custom_rand/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod rng;
2 |
--------------------------------------------------------------------------------
/src/custom_rand/rng.rs:
--------------------------------------------------------------------------------
1 | use std::cell::Cell;
2 |
3 | /// Random number generator implementation using xorshift64
4 | pub struct Rng {
5 | /// Interal xorshift seed
6 | seed: Cell,
7 | }
8 |
9 | impl Rng {
10 | /// Created a RNG with a fixed `seed` value
11 | pub fn seeded(seed: u64) -> Self {
12 | Rng {
13 | seed: Cell::new(seed),
14 | }
15 | }
16 |
17 | /// Get a random 64-bit number using xorshift
18 | pub fn rand(&self) -> u64 {
19 | let mut seed = self.seed.get();
20 | seed ^= seed << 13;
21 | seed ^= seed >> 17;
22 | seed ^= seed << 43;
23 | self.seed.set(seed);
24 | seed
25 | }
26 |
27 | /// Get a random usize number using xorshift
28 | pub fn rand_usize(&self) -> usize {
29 | self.rand() as usize
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/src/fuzzer/corpus_crash.rs:
--------------------------------------------------------------------------------
1 | //use crate::cairo_vm::cairo_types::Felt252;
2 | use crate::json::json_parser::Function;
3 | use chrono::DateTime;
4 | use chrono::Utc;
5 | use felt::Felt252;
6 | use serde::{Deserialize, Serialize};
7 | use serde_json::Value;
8 | use std::fs;
9 | use std::fs::create_dir;
10 | use std::fs::write;
11 | use std::path::Path;
12 | use std::process;
13 | use std::time::SystemTime;
14 |
15 | #[derive(Debug, Serialize, Deserialize, Clone, Default)]
16 | pub struct CrashFile {
17 | pub workspace: String,
18 | pub path: String,
19 | pub name: String,
20 | pub args: Vec,
21 | pub crashes: Vec>,
22 | }
23 |
24 | impl CrashFile {
25 | /// Init a new CrashFile using the Function object
26 | pub fn new_from_function(function: &Function, workspace: &String) -> Self {
27 | let d = SystemTime::now();
28 | // Create DateTime from SystemTime
29 | let datetime = DateTime::::from(d);
30 | // Formats the combined date and time with the specified format string.
31 | let timestamp_str = datetime.format("%Y-%m-%d--%H:%M:%S").to_string();
32 | CrashFile {
33 | workspace: workspace.to_string(),
34 | path: format!(
35 | "{}/{}/CRASHES_{}_{}.json",
36 | workspace.to_string(),
37 | function.name,
38 | function.name,
39 | timestamp_str
40 | ),
41 | name: function.name.clone(),
42 | args: function.inputs.clone(),
43 | crashes: Vec::>::new(),
44 | }
45 | }
46 |
47 | /// Function to load a crashes corpus
48 | pub fn load_from_file(filename: &String, workspace: &String) -> Self {
49 | // Try to load the file
50 | let contents =
51 | fs::read_to_string(filename).expect("Should have been able to read the file");
52 | // Extract json data
53 | let data: Value = serde_json::from_str(&contents).expect("JSON was not well-formatted");
54 | // Load old crashes to prevent overwriting and to use it as a dictionary for the mutator
55 | let mut crashes_vec: Vec> = Vec::new();
56 | if let Some(inputs) = data.get("crashes") {
57 | if let Some(inputs_array) = inputs.as_array() {
58 | for input in inputs_array {
59 | if let Some(input_array) = input.as_array() {
60 | let mut felt_vec: Vec = Vec::new();
61 | for element in input_array {
62 | let value: Felt252 = serde_json::from_value(element.clone())
63 | .expect("Could not get values");
64 | felt_vec.push(value);
65 | }
66 | crashes_vec.push(felt_vec.clone());
67 | }
68 | }
69 | }
70 | }
71 |
72 | return CrashFile {
73 | workspace: workspace.to_string(),
74 | path: filename.clone(),
75 | name: data["name"]
76 | .as_str()
77 | .expect("Failed to get name from crashfile")
78 | .to_string(),
79 | args: data["args"]
80 | .as_array()
81 | .expect("Failed to get args from input file as array")
82 | .iter()
83 | .map(|input_array| {
84 | input_array
85 | .as_str()
86 | .expect("Failed to get input array as string")
87 | .to_string()
88 | })
89 | .collect(),
90 | crashes: crashes_vec,
91 | };
92 | }
93 |
94 | /// Load all the old corpora
95 | pub fn load_from_folder(foldername: &String, workspace: &String) -> Self {
96 | let folder = Path::new(&foldername);
97 | let function_name = foldername
98 | .clone()
99 | .split('/')
100 | .last()
101 | .expect("Failed to split foldername")
102 | .to_string();
103 | let mut args: Option> = None;
104 | let mut inputs: Vec> = Vec::new();
105 | // Check if the path is a directory
106 | if folder.is_dir() {
107 | // Iterate over the entries in the directory
108 | for entry in fs::read_dir(folder).expect("Failed to read directory") {
109 | let entry = entry.expect("Failed to get entry");
110 | let path = entry.path();
111 | // Check if the entry is a file
112 | if path.is_file() {
113 | // Read the file and do something with its contents
114 | let contents =
115 | fs::read_to_string(&path).expect("Failed to read string from the file");
116 | let data: Value =
117 | serde_json::from_str(&contents).expect("JSON was not well-formatted");
118 | let args_data: Vec = data["args"]
119 | .as_array()
120 | .expect("Failed to get args from input file as array")
121 | .iter()
122 | .map(|input_array| {
123 | input_array
124 | .as_str()
125 | .expect("Failed to get input array as string")
126 | .to_string()
127 | })
128 | .collect();
129 | if args.is_none() {
130 | args = Some(args_data);
131 | } else {
132 | if let Some(args_to_compare) = args.clone() {
133 | if args_to_compare != args_data {
134 | println!("Uncompatible inputs files");
135 | process::exit(1);
136 | }
137 | }
138 | }
139 | let mut crashes_vec: Vec> = Vec::new();
140 | if let Some(inputs) = data.get("crashes") {
141 | if let Some(inputs_array) = inputs.as_array() {
142 | for input in inputs_array {
143 | if let Some(input_array) = input.as_array() {
144 | let mut felt_vec: Vec = Vec::new();
145 | for element in input_array {
146 | let value: Felt252 =
147 | serde_json::from_value(element.clone())
148 | .expect("Could not get values");
149 | felt_vec.push(value);
150 | }
151 | crashes_vec.push(felt_vec.clone());
152 | }
153 | }
154 | }
155 | }
156 | inputs.append(&mut crashes_vec);
157 | }
158 | }
159 | }
160 | let d = SystemTime::now();
161 | // Create DateTime from SystemTime
162 | let datetime = DateTime::::from(d);
163 | // Formats the combined date and time with the specified format string.
164 | let timestamp_str = datetime.format("%Y-%m-%d--%H:%M:%S").to_string();
165 | let data_args = if let Some(content) = args {
166 | content
167 | } else {
168 | Vec::new()
169 | };
170 | return CrashFile {
171 | workspace: workspace.to_string(),
172 | path: format!("{}_{}.json", function_name.clone(), timestamp_str),
173 | name: function_name.clone(),
174 | args: data_args,
175 | crashes: inputs,
176 | };
177 | }
178 |
179 | /// Function to dump the crashes corpus
180 | pub fn dump_json(&self) {
181 | let _ = create_dir(&self.workspace);
182 | let _ = create_dir(format!("{}/{}", &self.workspace, self.name.clone()));
183 | let buf = Vec::new();
184 | let formatter = serde_json::ser::PrettyFormatter::with_indent(b" ");
185 |
186 | let mut crashes_ser =
187 | serde_json::Serializer::with_formatter(buf.clone(), formatter.clone());
188 | self.serialize(&mut crashes_ser)
189 | .expect("Failed to serialize");
190 | let dump_file = format!("{}", self.path);
191 | write(
192 | &dump_file,
193 | String::from_utf8(crashes_ser.into_inner()).expect("Failed to dump string as utf8"),
194 | )
195 | .expect("Failed to save input to disk");
196 | }
197 | }
198 |
--------------------------------------------------------------------------------
/src/fuzzer/corpus_input.rs:
--------------------------------------------------------------------------------
1 | //use crate::cairo_vm::cairo_types::Felt252;
2 | use crate::json::json_parser::Function;
3 | use chrono::DateTime;
4 | use chrono::Utc;
5 | use felt::Felt252;
6 | use serde::{Deserialize, Serialize};
7 | use serde_json::Value;
8 | use std::fs;
9 | use std::fs::create_dir;
10 | use std::fs::write;
11 | use std::path::Path;
12 | use std::process;
13 | use std::time::SystemTime;
14 |
15 | #[derive(Debug, Serialize, Deserialize, Clone, Default)]
16 | pub struct InputFile {
17 | pub workspace: String,
18 | pub path: String,
19 | pub name: String,
20 | pub args: Vec,
21 | pub inputs: Vec>,
22 | }
23 |
24 | impl InputFile {
25 | /// Init a new InputFile using the Function object
26 | pub fn new_from_function(function: &Function, workspace: &String) -> Self {
27 | let d = SystemTime::now();
28 | // Create DateTime from SystemTime
29 | let datetime = DateTime::::from(d);
30 | // Formats the combined date and time with the specified format string.
31 | let timestamp_str = datetime.format("%Y-%m-%d--%H:%M:%S").to_string();
32 | InputFile {
33 | workspace: workspace.to_string(),
34 | path: format!(
35 | "{}/{}/inputs/{}_{}.json",
36 | workspace.to_string(),
37 | function.name,
38 | function.name,
39 | timestamp_str
40 | ),
41 | name: function.name.clone(),
42 | args: function.inputs.clone(),
43 | inputs: Vec::>::new(),
44 | }
45 | }
46 |
47 | /// Function to load the previous corpus if it exists
48 | pub fn load_from_file(filename: &String, workspace: &String) -> Self {
49 | // Try to load the file
50 | let contents =
51 | fs::read_to_string(filename).expect("Should have been able to read the file");
52 | // Extract json data
53 | let data: Value = serde_json::from_str(&contents).expect("JSON was not well-formatted");
54 | // Load inputs
55 | let mut inputs_vec: Vec> = Vec::new();
56 | if let Some(inputs) = data.get("inputs") {
57 | if let Some(inputs_array) = inputs.as_array() {
58 | for input in inputs_array {
59 | if let Some(input_array) = input.as_array() {
60 | let mut felt_vec: Vec = Vec::new();
61 | for element in input_array {
62 | let value: Felt252 = serde_json::from_value(element.clone())
63 | .expect("Could not get values");
64 | felt_vec.push(value);
65 | }
66 | inputs_vec.push(felt_vec.clone());
67 | }
68 | }
69 | }
70 | }
71 |
72 | return InputFile {
73 | workspace: workspace.to_string(),
74 | path: filename.clone(),
75 | name: data["name"]
76 | .as_str()
77 | .expect("Failed to get name from inputfile")
78 | .to_string(),
79 | args: data["args"]
80 | .as_array()
81 | .expect("Failed to get args from input file as array")
82 | .iter()
83 | .map(|input_array| {
84 | input_array
85 | .as_str()
86 | .expect("Failed to get input array as string")
87 | .to_string()
88 | })
89 | .collect(),
90 | inputs: inputs_vec,
91 | };
92 | }
93 |
94 | /// Load all the old corpora
95 | pub fn load_from_folder(foldername: &String, workspace: &String) -> Self {
96 | let folder = Path::new(&foldername);
97 | let function_name = foldername
98 | .clone()
99 | .split('/')
100 | .last()
101 | .expect("Failed to split foldername")
102 | .to_string();
103 | let mut args: Option> = None;
104 | let mut inputs: Vec> = Vec::new();
105 | // Check if the path is a directory
106 | if folder.is_dir() {
107 | // Iterate over the entries in the directory
108 | for entry in fs::read_dir(folder).expect("Failed to read directory") {
109 | let entry = entry.expect("Failed to get entry");
110 | let path = entry.path();
111 | // Check if the entry is a file
112 | if path.is_file() {
113 | // Read the file and do something with its contents
114 | let contents =
115 | fs::read_to_string(&path).expect("Failed to read string from the file");
116 | let data: Value =
117 | serde_json::from_str(&contents).expect("JSON was not well-formatted");
118 | let args_data: Vec = data["args"]
119 | .as_array()
120 | .expect("Failed to get args from input file as array")
121 | .iter()
122 | .map(|input_array| {
123 | input_array
124 | .as_str()
125 | .expect("Failed to get input array as string")
126 | .to_string()
127 | })
128 | .collect();
129 | if args.is_none() {
130 | args = Some(args_data);
131 | } else {
132 | if let Some(args_to_compare) = args.clone() {
133 | if args_to_compare != args_data {
134 | println!("Uncompatible inputs files");
135 | process::exit(1);
136 | }
137 | }
138 | }
139 | let mut inputs_vec: Vec> = Vec::new();
140 | if let Some(inputs) = data.get("inputs") {
141 | if let Some(inputs_array) = inputs.as_array() {
142 | for input in inputs_array {
143 | if let Some(input_array) = input.as_array() {
144 | let mut felt_vec: Vec = Vec::new();
145 | for element in input_array {
146 | let value: Felt252 =
147 | serde_json::from_value(element.clone())
148 | .expect("Could not get values");
149 | felt_vec.push(value);
150 | }
151 | inputs_vec.push(felt_vec.clone());
152 | }
153 | }
154 | }
155 | }
156 | inputs.append(&mut inputs_vec);
157 | }
158 | }
159 | }
160 | let d = SystemTime::now();
161 | // Create DateTime from SystemTime
162 | let datetime = DateTime::::from(d);
163 | // Formats the combined date and time with the specified format string.
164 | let timestamp_str = datetime.format("%Y-%m-%d--%H:%M:%S").to_string();
165 | let data_args = if let Some(content) = args {
166 | content
167 | } else {
168 | Vec::new()
169 | };
170 | return InputFile {
171 | workspace: workspace.to_string(),
172 | path: format!("{}_{}.json", function_name.clone(), timestamp_str),
173 | name: function_name.clone(),
174 | args: data_args,
175 | inputs: inputs,
176 | };
177 | }
178 | /// Function to dump the inputs corpus
179 | pub fn dump_json(&self) {
180 | let _ = create_dir(&self.workspace);
181 | let _ = create_dir(format!("{}/{}", &self.workspace, self.name.clone()));
182 | let _ = create_dir(format!("{}/{}/inputs", &self.workspace, self.name.clone()));
183 | let buf = Vec::new();
184 | let formatter = serde_json::ser::PrettyFormatter::with_indent(b" ");
185 | let mut inputs_ser = serde_json::Serializer::with_formatter(buf.clone(), formatter.clone());
186 | self.serialize(&mut inputs_ser)
187 | .expect("Failed to serialize");
188 | let dump_file = format!("{}", self.path);
189 | write(
190 | &dump_file,
191 | String::from_utf8(inputs_ser.into_inner()).expect("Failed to dump string as utf8"),
192 | )
193 | .expect("Failed to save input to disk");
194 | }
195 | }
196 |
--------------------------------------------------------------------------------
/src/fuzzer/dict.rs:
--------------------------------------------------------------------------------
1 | use felt::Felt252;
2 | use std::fs;
3 |
4 | #[derive(Debug, Clone, Default)]
5 | pub struct Dict {
6 | pub inputs: Vec,
7 | }
8 | impl Dict {
9 | pub fn read_dict(path: &String) -> Dict {
10 | println!("\t\t\t\t\t\t\tReading and parsing dict: {}", path);
11 | let contents = fs::read_to_string(path).expect("Could not read dictionnary");
12 | let lines = contents.split('\n');
13 |
14 | let mut data: Vec = Vec::new();
15 |
16 | for line in lines {
17 | let mut parts = line.trim().split('=');
18 | if let Some(_) = parts.next() {
19 | if let Some(value) = parts.next() {
20 | let val: Result = value.to_owned().parse();
21 | data.push(Felt252::from(
22 | val.expect("could not get u128 from value in dict"),
23 | ));
24 | }
25 | }
26 | }
27 | return Dict { inputs: data };
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/src/fuzzer/mod.rs:
--------------------------------------------------------------------------------
1 | //pub mod cairo_worker;
2 | pub mod corpus_crash;
3 | pub mod corpus_input;
4 | pub mod dict;
5 | pub mod fuzzer;
6 | pub mod starknet_worker;
7 | pub mod stats;
8 | pub mod utils;
9 |
--------------------------------------------------------------------------------
/src/fuzzer/stats.rs:
--------------------------------------------------------------------------------
1 | use felt::Felt252;
2 | use std::collections::{HashMap, HashSet};
3 | pub type FuzzInput = Vec;
4 |
5 | /// Fuzz case statistics
6 | #[derive(Default, Debug)]
7 | pub struct Statistics {
8 | /// Number of fuzz cases
9 | pub fuzz_cases: u64,
10 |
11 | /// Coverage database. Maps (module, offset) to `FuzzInput`s
12 | pub coverage_db: HashMap,
13 |
14 | /// Counter of inputs
15 | pub input_len: usize,
16 |
17 | /// Set of all unique inputs
18 | pub input_db: HashSet,
19 |
20 | /// List of inputs
21 | /* pub input_list: Vec, */
22 |
23 | /// List of all unique fuzzer actions
24 |
25 | /// Counter of crashes
26 | pub crashes: u64,
27 |
28 | /// Set of all unique crashes
29 | pub crash_db: HashSet,
30 |
31 | /// Contains the hash of the trace vector to verify if the crash is unique or not
32 | pub crash_coverage: u64,
33 |
34 | /// Counter of crashes
35 | pub tx_crashes: u64,
36 |
37 | /// Set of all unique crashes
38 | pub tx_crash_db: HashSet,
39 |
40 | // Number of threads that finished to run
41 | pub threads_finished: u64,
42 | }
43 |
44 | impl Statistics {
45 | pub fn get_input_by_index(&self, index: usize) -> &FuzzInput {
46 | let mut iterator = self.input_db.iter();
47 | iterator
48 | .nth(index)
49 | .expect("Could not get element from input_db")
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/src/fuzzer/utils.rs:
--------------------------------------------------------------------------------
1 | use std::collections::hash_map::DefaultHasher;
2 | use std::hash::{Hash, Hasher};
3 |
4 | pub fn hash_vector(vector: &[T]) -> u64 {
5 | let mut hasher = DefaultHasher::new();
6 | vector.hash(&mut hasher);
7 | hasher.finish()
8 | }
9 |
--------------------------------------------------------------------------------
/src/json/json_parser.rs:
--------------------------------------------------------------------------------
1 | use serde_json::Value;
2 |
3 | #[derive(Debug, Clone)]
4 | pub struct Function {
5 | pub name: String,
6 | pub selector_idx: usize,
7 | pub inputs: Vec,
8 | pub outputs: Vec,
9 | }
10 | #[derive(Debug)]
11 | pub struct AbiFunction {
12 | pub name: String,
13 | pub inputs: Vec,
14 | pub outputs: Vec,
15 | }
16 |
17 | fn extract_function(tmp: &serde_json::Map) -> AbiFunction {
18 | let name = tmp
19 | .get("name")
20 | .expect("Could not get name of function from the abi")
21 | .as_str()
22 | .expect("Could not convert to str")
23 | .to_string();
24 | let inputs_data = tmp
25 | .get("inputs")
26 | .expect("Could not get inputs from the abi")
27 | .as_array()
28 | .expect("Could not convert inputs to array");
29 | let mut inputs: Vec = vec![];
30 | for input in inputs_data {
31 | inputs.push(
32 | input
33 | .get("type")
34 | .expect("Could not get type from input")
35 | .as_str()
36 | .expect("Could not convert to str")
37 | .to_string(),
38 | );
39 | }
40 | let outputs_data = tmp
41 | .get("outputs")
42 | .expect("Could not get outputs from the abi")
43 | .as_array()
44 | .expect("Could not convert outputs to array");
45 | let mut outputs: Vec = vec![];
46 | for output in outputs_data {
47 | outputs.push(
48 | output
49 | .get("type")
50 | .expect("Could not get type from input")
51 | .as_str()
52 | .expect("Could not convert to str")
53 | .to_string(),
54 | );
55 | }
56 | return AbiFunction {
57 | name: name,
58 | inputs: inputs,
59 | outputs: outputs,
60 | };
61 | }
62 |
63 | fn search_for_function(data: &Vec) -> Vec {
64 | let mut res: Vec = vec![];
65 | for obj in data {
66 | let tmp: &serde_json::Map = obj
67 | .as_object()
68 | .expect("could not convert abi obj to object");
69 | let obj_type = tmp
70 | .get("type")
71 | .expect("Could not get abi object type")
72 | .as_str()
73 | .expect("Could not convert to str");
74 | if obj_type == "function" {
75 | let state_mutability = tmp
76 | .get("state_mutability")
77 | .expect("Could not get state_mutability")
78 | .as_str()
79 | .expect("Could not convert to str");
80 | if state_mutability == "external" {
81 | res.push(extract_function(tmp));
82 | }
83 | }
84 | if obj_type == "interface" {
85 | let items = tmp
86 | .get("items")
87 | .expect("Could not get interface items")
88 | .as_array()
89 | .expect("Could not convert to str");
90 | res.append(&mut search_for_function(items));
91 | }
92 | }
93 | return res;
94 | }
95 |
96 | fn get_abi(data: &Value) -> Vec {
97 | let mut res: Vec = vec![];
98 | if let Some(abi) = data.get("abi") {
99 | let abi = abi.as_array().expect("Could not convert abi to array");
100 | res.append(&mut search_for_function(abi))
101 | }
102 | res
103 | }
104 |
105 | pub fn get_function_from_json(data: &String, function_name: &String) -> Option {
106 | let data: Value = serde_json::from_str(&data).expect("JSON was not well-formatted");
107 | let abi = get_abi(&data);
108 | if let Some(_types) = data.get("entry_points_by_type") {
109 | let mut idx: usize = 0;
110 | for function_abi in abi {
111 | if function_name == &*function_abi.name {
112 | return Some(Function {
113 | name: function_abi.name,
114 | selector_idx: idx,
115 | inputs: function_abi.inputs,
116 | outputs: function_abi.outputs,
117 | });
118 | }
119 | idx += 1;
120 | }
121 | };
122 | return None;
123 | }
124 |
125 | pub fn analyze_json(data: &String) {
126 | println!("Running json analyzer ... \n");
127 | let data: Value = serde_json::from_str(&data).expect("JSON was not well-formatted");
128 | let abi = get_abi(&data);
129 | if let Some(_types) = data.get("entry_points_by_type") {
130 | let mut idx: usize = 0;
131 | for function_abi in abi {
132 | let func = Function {
133 | name: function_abi.name,
134 | selector_idx: idx,
135 | inputs: function_abi.inputs,
136 | outputs: function_abi.outputs,
137 | };
138 | let mut prototype = "".to_string();
139 | prototype += &func.name;
140 | prototype += "(";
141 | let mut input_idx = 0;
142 | for input in &func.inputs {
143 | prototype += &input;
144 | if input_idx != func.inputs.len() - 1 {
145 | prototype += ", ";
146 | }
147 | input_idx += 1;
148 | }
149 | prototype += ")";
150 | if &func.outputs.len() > &0 {
151 | prototype += " -> ";
152 | }
153 | let mut output_idx = 0;
154 | for output in &func.outputs {
155 | prototype += &output;
156 | if output_idx != func.outputs.len() - 1 {
157 | prototype += " ,";
158 | }
159 | output_idx += 1;
160 | }
161 | println!("{}\n", prototype);
162 | idx += 1;
163 | }
164 | }
165 | }
166 |
167 | // To test before deploying on master
168 | pub fn get_proptesting_functions(data: &String) -> Vec {
169 | let content: Value = serde_json::from_str(&data).expect("JSON was not well-formatted");
170 | let mut functions: Vec = vec![];
171 | let abi = get_abi(&content);
172 | for func in abi {
173 | if func.name.starts_with("Fuzz_") {
174 | functions.push(func.name);
175 | }
176 | }
177 | functions
178 | }
179 |
--------------------------------------------------------------------------------
/src/json/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod json_parser;
2 |
--------------------------------------------------------------------------------
/src/lib.rs:
--------------------------------------------------------------------------------
1 | pub mod cli;
2 | pub mod custom_rand;
3 | pub mod fuzzer;
4 | pub mod json;
5 | pub mod mutator;
6 | pub mod runner;
7 |
--------------------------------------------------------------------------------
/src/main.rs:
--------------------------------------------------------------------------------
1 | use std::{fs, process};
2 |
3 | use clap::Parser;
4 |
5 | mod cli;
6 | mod custom_rand;
7 | mod fuzzer;
8 | mod json;
9 | mod mutator;
10 | mod runner;
11 |
12 | use cli::args::Opt;
13 | use cli::config::Config;
14 | use fuzzer::fuzzer::Fuzzer;
15 |
16 | use log::error;
17 |
18 | fn main() {
19 | // get cli args
20 | let opt = Opt::parse();
21 | if opt.analyze {
22 | let contents = fs::read_to_string(&opt.contract).unwrap();
23 | json::json_parser::analyze_json(&contents);
24 | return;
25 | }
26 | // create config file
27 | let mut config = match opt.config {
28 | // config file provided
29 | Some(config_file) => Config::load_config(&config_file),
30 | None => {
31 | if opt.contract.len() == 0 && opt.proptesting == false {
32 | error!("Fuzzer needs a contract path using --contract");
33 | process::exit(1);
34 | }
35 | if opt.function.len() == 0 && opt.proptesting == false {
36 | error!("Fuzzer needs a function name to fuzz using --function");
37 | process::exit(1);
38 | }
39 |
40 | Config {
41 | workspace: opt.workspace,
42 | contract_file: opt.contract,
43 | casm_file: opt.casm,
44 | function_name: opt.function,
45 | input_file: opt.inputfile,
46 | crash_file: opt.crashfile,
47 | input_folder: opt.inputfolder,
48 | crash_folder: opt.crashfolder,
49 | dict: opt.dict,
50 | cores: opt.cores,
51 | logs: opt.logs,
52 | seed: opt.seed,
53 | run_time: opt.run_time,
54 | replay: opt.replay,
55 | minimizer: opt.minimizer,
56 | proptesting: opt.proptesting,
57 | iter: opt.iter,
58 | }
59 | }
60 | };
61 | if config.proptesting {
62 | let contents = fs::read_to_string(&config.contract_file).unwrap();
63 | println!("\t\t\t\t\t\t\tSearching for Fuzzing functions ...");
64 | let functions = json::json_parser::get_proptesting_functions(&contents);
65 | if functions.len() == 0 {
66 | println!("\t\t\t\t\t\t\t!! No Fuzzing functions found !!");
67 | return;
68 | }
69 | for func in functions {
70 | println!("\n\t\t\t\t\t\t\tFunction found => {}", &func);
71 | config.function_name = func;
72 | let mut fuzzer = Fuzzer::new(&config);
73 | println!(
74 | "\t\t\t\t\t\t\t=== {} === is now running for {} iterations",
75 | config.function_name, config.iter
76 | );
77 | fuzzer.fuzz();
78 | }
79 | } else {
80 | // create the fuzzer
81 | let mut fuzzer = Fuzzer::new(&config);
82 |
83 | // replay, minimizer mode
84 | if opt.replay || opt.minimizer {
85 | fuzzer.replay();
86 | // launch fuzzing
87 | } else {
88 | fuzzer.fuzz();
89 | }
90 | }
91 | }
92 |
--------------------------------------------------------------------------------
/src/mutator/magic_values.rs:
--------------------------------------------------------------------------------
1 | //! A file containing a bunch of magic values, from honggfuzz
2 | /*
3 | *
4 | * Authors:
5 | * Robert Swiecki
6 | * Brandon Falk
7 | *
8 | * Copyright 2010-2018 by Google Inc. All Rights Reserved.
9 | * Copyright 2020 by Brandon Falk
10 | *
11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
12 | * not use this file except in compliance with the License. You may obtain
13 | * a copy of the License at
14 | *
15 | * http://www.apache.org/licenses/LICENSE-2.0
16 | *
17 | * Unless required by applicable law or agreed to in writing, software
18 | * distributed under the License is distributed on an "AS IS" BASIS,
19 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
20 | * implied. See the License for the specific language governing
21 | * permissions and limitations under the License.
22 | *
23 | */
24 |
25 | /// Magic values of various sizes and endiannesses
26 | pub const MAGIC_VALUES: &[&[u8]] = &[
27 | b"\x00",
28 | b"\x01",
29 | b"\x02",
30 | b"\x03",
31 | b"\x04",
32 | b"\x05",
33 | b"\x06",
34 | b"\x07",
35 | b"\x08",
36 | b"\x09",
37 | b"\x0a",
38 | b"\x0b",
39 | b"\x0c",
40 | b"\x0d",
41 | b"\x0e",
42 | b"\x0f",
43 | b"\x10",
44 | b"\x20",
45 | b"\x40",
46 | b"\x7e",
47 | b"\x7f",
48 | b"\x80",
49 | b"\x81",
50 | b"\xc0",
51 | b"\xfe",
52 | b"\xff",
53 | b"\x00\x00",
54 | b"\x01\x01",
55 | b"\x80\x80",
56 | b"\xff\xff",
57 | b"\x00\x01",
58 | b"\x00\x02",
59 | b"\x00\x03",
60 | b"\x00\x04",
61 | b"\x00\x05",
62 | b"\x00\x06",
63 | b"\x00\x07",
64 | b"\x00\x08",
65 | b"\x00\x09",
66 | b"\x00\x0a",
67 | b"\x00\x0b",
68 | b"\x00\x0c",
69 | b"\x00\x0d",
70 | b"\x00\x0e",
71 | b"\x00\x0f",
72 | b"\x00\x10",
73 | b"\x00\x20",
74 | b"\x00\x40",
75 | b"\x00\x7e",
76 | b"\x00\x7f",
77 | b"\x00\x80",
78 | b"\x00\x81",
79 | b"\x00\xc0",
80 | b"\x00\xfe",
81 | b"\x00\xff",
82 | b"\x7e\xff",
83 | b"\x7f\xff",
84 | b"\x80\x00",
85 | b"\x80\x01",
86 | b"\xff\xfe",
87 | b"\x00\x00",
88 | b"\x01\x00",
89 | b"\x02\x00",
90 | b"\x03\x00",
91 | b"\x04\x00",
92 | b"\x05\x00",
93 | b"\x06\x00",
94 | b"\x07\x00",
95 | b"\x08\x00",
96 | b"\x09\x00",
97 | b"\x0a\x00",
98 | b"\x0b\x00",
99 | b"\x0c\x00",
100 | b"\x0d\x00",
101 | b"\x0e\x00",
102 | b"\x0f\x00",
103 | b"\x10\x00",
104 | b"\x20\x00",
105 | b"\x40\x00",
106 | b"\x7e\x00",
107 | b"\x7f\x00",
108 | b"\x80\x00",
109 | b"\x81\x00",
110 | b"\xc0\x00",
111 | b"\xfe\x00",
112 | b"\xff\x00",
113 | b"\xff\x7e",
114 | b"\xff\x7f",
115 | b"\x00\x80",
116 | b"\x01\x80",
117 | b"\xfe\xff",
118 | b"\x00\x00\x00\x00",
119 | b"\x01\x01\x01\x01",
120 | b"\x80\x80\x80\x80",
121 | b"\xff\xff\xff\xff",
122 | b"\x00\x00\x00\x01",
123 | b"\x00\x00\x00\x02",
124 | b"\x00\x00\x00\x03",
125 | b"\x00\x00\x00\x04",
126 | b"\x00\x00\x00\x05",
127 | b"\x00\x00\x00\x06",
128 | b"\x00\x00\x00\x07",
129 | b"\x00\x00\x00\x08",
130 | b"\x00\x00\x00\x09",
131 | b"\x00\x00\x00\x0a",
132 | b"\x00\x00\x00\x0b",
133 | b"\x00\x00\x00\x0c",
134 | b"\x00\x00\x00\x0d",
135 | b"\x00\x00\x00\x0e",
136 | b"\x00\x00\x00\x0f",
137 | b"\x00\x00\x00\x10",
138 | b"\x00\x00\x00\x20",
139 | b"\x00\x00\x00\x40",
140 | b"\x00\x00\x00\x7e",
141 | b"\x00\x00\x00\x7f",
142 | b"\x00\x00\x00\x80",
143 | b"\x00\x00\x00\x81",
144 | b"\x00\x00\x00\xc0",
145 | b"\x00\x00\x00\xfe",
146 | b"\x00\x00\x00\xff",
147 | b"\x7e\xff\xff\xff",
148 | b"\x7f\xff\xff\xff",
149 | b"\x80\x00\x00\x00",
150 | b"\x80\x00\x00\x01",
151 | b"\xff\xff\xff\xfe",
152 | b"\x00\x00\x00\x00",
153 | b"\x01\x00\x00\x00",
154 | b"\x02\x00\x00\x00",
155 | b"\x03\x00\x00\x00",
156 | b"\x04\x00\x00\x00",
157 | b"\x05\x00\x00\x00",
158 | b"\x06\x00\x00\x00",
159 | b"\x07\x00\x00\x00",
160 | b"\x08\x00\x00\x00",
161 | b"\x09\x00\x00\x00",
162 | b"\x0a\x00\x00\x00",
163 | b"\x0b\x00\x00\x00",
164 | b"\x0c\x00\x00\x00",
165 | b"\x0d\x00\x00\x00",
166 | b"\x0e\x00\x00\x00",
167 | b"\x0f\x00\x00\x00",
168 | b"\x10\x00\x00\x00",
169 | b"\x20\x00\x00\x00",
170 | b"\x40\x00\x00\x00",
171 | b"\x7e\x00\x00\x00",
172 | b"\x7f\x00\x00\x00",
173 | b"\x80\x00\x00\x00",
174 | b"\x81\x00\x00\x00",
175 | b"\xc0\x00\x00\x00",
176 | b"\xfe\x00\x00\x00",
177 | b"\xff\x00\x00\x00",
178 | b"\xff\xff\xff\x7e",
179 | b"\xff\xff\xff\x7f",
180 | b"\x00\x00\x00\x80",
181 | b"\x01\x00\x00\x80",
182 | b"\xfe\xff\xff\xff",
183 | b"\x00\x00\x00\x00\x00\x00\x00\x00",
184 | b"\x01\x01\x01\x01\x01\x01\x01\x01",
185 | b"\x80\x80\x80\x80\x80\x80\x80\x80",
186 | b"\xff\xff\xff\xff\xff\xff\xff\xff",
187 | b"\x00\x00\x00\x00\x00\x00\x00\x01",
188 | b"\x00\x00\x00\x00\x00\x00\x00\x02",
189 | b"\x00\x00\x00\x00\x00\x00\x00\x03",
190 | b"\x00\x00\x00\x00\x00\x00\x00\x04",
191 | b"\x00\x00\x00\x00\x00\x00\x00\x05",
192 | b"\x00\x00\x00\x00\x00\x00\x00\x06",
193 | b"\x00\x00\x00\x00\x00\x00\x00\x07",
194 | b"\x00\x00\x00\x00\x00\x00\x00\x08",
195 | b"\x00\x00\x00\x00\x00\x00\x00\x09",
196 | b"\x00\x00\x00\x00\x00\x00\x00\x0a",
197 | b"\x00\x00\x00\x00\x00\x00\x00\x0b",
198 | b"\x00\x00\x00\x00\x00\x00\x00\x0c",
199 | b"\x00\x00\x00\x00\x00\x00\x00\x0d",
200 | b"\x00\x00\x00\x00\x00\x00\x00\x0e",
201 | b"\x00\x00\x00\x00\x00\x00\x00\x0f",
202 | b"\x00\x00\x00\x00\x00\x00\x00\x10",
203 | b"\x00\x00\x00\x00\x00\x00\x00\x20",
204 | b"\x00\x00\x00\x00\x00\x00\x00\x40",
205 | b"\x00\x00\x00\x00\x00\x00\x00\x7e",
206 | b"\x00\x00\x00\x00\x00\x00\x00\x7f",
207 | b"\x00\x00\x00\x00\x00\x00\x00\x80",
208 | b"\x00\x00\x00\x00\x00\x00\x00\x81",
209 | b"\x00\x00\x00\x00\x00\x00\x00\xc0",
210 | b"\x00\x00\x00\x00\x00\x00\x00\xfe",
211 | b"\x00\x00\x00\x00\x00\x00\x00\xff",
212 | b"\x7e\xff\xff\xff\xff\xff\xff\xff",
213 | b"\x7f\xff\xff\xff\xff\xff\xff\xff",
214 | b"\x80\x00\x00\x00\x00\x00\x00\x00",
215 | b"\x80\x00\x00\x00\x00\x00\x00\x01",
216 | b"\xff\xff\xff\xff\xff\xff\xff\xfe",
217 | b"\x00\x00\x00\x00\x00\x00\x00\x00",
218 | b"\x01\x00\x00\x00\x00\x00\x00\x00",
219 | b"\x02\x00\x00\x00\x00\x00\x00\x00",
220 | b"\x03\x00\x00\x00\x00\x00\x00\x00",
221 | b"\x04\x00\x00\x00\x00\x00\x00\x00",
222 | b"\x05\x00\x00\x00\x00\x00\x00\x00",
223 | b"\x06\x00\x00\x00\x00\x00\x00\x00",
224 | b"\x07\x00\x00\x00\x00\x00\x00\x00",
225 | b"\x08\x00\x00\x00\x00\x00\x00\x00",
226 | b"\x09\x00\x00\x00\x00\x00\x00\x00",
227 | b"\x0a\x00\x00\x00\x00\x00\x00\x00",
228 | b"\x0b\x00\x00\x00\x00\x00\x00\x00",
229 | b"\x0c\x00\x00\x00\x00\x00\x00\x00",
230 | b"\x0d\x00\x00\x00\x00\x00\x00\x00",
231 | b"\x0e\x00\x00\x00\x00\x00\x00\x00",
232 | b"\x0f\x00\x00\x00\x00\x00\x00\x00",
233 | b"\x10\x00\x00\x00\x00\x00\x00\x00",
234 | b"\x20\x00\x00\x00\x00\x00\x00\x00",
235 | b"\x40\x00\x00\x00\x00\x00\x00\x00",
236 | b"\x7e\x00\x00\x00\x00\x00\x00\x00",
237 | b"\x7f\x00\x00\x00\x00\x00\x00\x00",
238 | b"\x80\x00\x00\x00\x00\x00\x00\x00",
239 | b"\x81\x00\x00\x00\x00\x00\x00\x00",
240 | b"\xc0\x00\x00\x00\x00\x00\x00\x00",
241 | b"\xfe\x00\x00\x00\x00\x00\x00\x00",
242 | b"\xff\x00\x00\x00\x00\x00\x00\x00",
243 | b"\xff\xff\xff\xff\xff\xff\xff\x7e",
244 | b"\xff\xff\xff\xff\xff\xff\xff\x7f",
245 | b"\x00\x00\x00\x00\x00\x00\x00\x80",
246 | b"\x01\x00\x00\x00\x00\x00\x00\x80",
247 | b"\xfe\xff\xff\xff\xff\xff\xff\xff",
248 | ];
249 |
--------------------------------------------------------------------------------
/src/mutator/mod.rs:
--------------------------------------------------------------------------------
1 | mod magic_values;
2 | pub mod mutator_felt252;
3 | //pub mod mutator_u8;
4 | //mod mutator;
5 |
--------------------------------------------------------------------------------
/src/runner/mod.rs:
--------------------------------------------------------------------------------
1 | //pub mod cairo_runner;
2 | pub mod runner;
3 | pub mod starknet_runner;
4 |
--------------------------------------------------------------------------------
/src/runner/runner.rs:
--------------------------------------------------------------------------------
1 | use felt::Felt252;
2 | use starknet_rs::execution::CallInfo;
3 |
4 | pub trait Runner {
5 | fn run(self, data: &Vec) -> Result<(Self, CallInfo), String>
6 | where
7 | Self: Sized;
8 | }
9 |
--------------------------------------------------------------------------------
/src/runner/starknet_runner.rs:
--------------------------------------------------------------------------------
1 | use cairo_lang_starknet::casm_contract_class::CasmContractClass;
2 | use felt::Felt252;
3 | use num_bigint::BigUint;
4 | use num_traits::Zero;
5 | use starknet_rs::definitions::block_context::BlockContext;
6 | use starknet_rs::execution::CallInfo;
7 | use starknet_rs::state::cached_state::CachedState;
8 | use starknet_rs::state::state_cache::StateCache;
9 | use starknet_rs::EntryPointType;
10 | use starknet_rs::{
11 | definitions::constants::TRANSACTION_VERSION,
12 | execution::{
13 | execution_entry_point::ExecutionEntryPoint, CallType, TransactionExecutionContext,
14 | },
15 | state::{in_memory_state_reader::InMemoryStateReader, ExecutionResourcesManager},
16 | utils::{Address, ClassHash},
17 | };
18 |
19 | use std::{collections::HashMap, sync::Arc};
20 |
21 | use super::runner::Runner;
22 |
23 | #[derive(Clone, Debug)]
24 | pub struct RunnerStarknet {
25 | entrypoint_selector: BigUint,
26 | address: Address,
27 | class_hash: ClassHash,
28 | state: CachedState,
29 | caller_address: Address,
30 | entry_point_type: EntryPointType,
31 | tx_execution_context: TransactionExecutionContext,
32 | block_context: BlockContext,
33 | resources_manager: ExecutionResourcesManager,
34 | }
35 |
36 | impl RunnerStarknet {
37 | pub fn new(contract_class: &CasmContractClass, func_entrypoint_idx: usize) -> Self {
38 | let entrypoints = contract_class.clone().entry_points_by_type;
39 | let entrypoint_selector = &entrypoints
40 | .external
41 | .get(func_entrypoint_idx)
42 | .unwrap()
43 | .selector;
44 |
45 | // Create state reader with class hash data
46 | let mut contract_class_cache: HashMap<[u8; 32], CasmContractClass> = HashMap::new();
47 |
48 | let address = Address(1111.into()); //todo - make it configurable from the config
49 | let class_hash: ClassHash = [1; 32];
50 | let nonce = Felt252::zero(); //todo - make it configurable from the config
51 |
52 | contract_class_cache.insert(class_hash, contract_class.clone());
53 | let mut state_reader = InMemoryStateReader::default();
54 | state_reader
55 | .address_to_class_hash_mut()
56 | .insert(address.clone(), class_hash);
57 | state_reader
58 | .address_to_nonce_mut()
59 | .insert(address.clone(), nonce);
60 |
61 | // Create state from the state_reader and contract cache.
62 | let state = CachedState::new(Arc::new(state_reader), None, Some(contract_class_cache));
63 | let caller_address = Address(0000.into()); //todo - make it configurable from the config
64 | let entry_point_type = EntryPointType::External;
65 |
66 | let block_context = BlockContext::default();
67 | let tx_execution_context = TransactionExecutionContext::new(
68 | Address(0.into()),
69 | Felt252::zero(),
70 | Vec::new(),
71 | 0,
72 | 10.into(),
73 | block_context.invoke_tx_max_n_steps(),
74 | TRANSACTION_VERSION.clone(),
75 | );
76 | let resources_manager = ExecutionResourcesManager::default();
77 |
78 | let runner = RunnerStarknet {
79 | entrypoint_selector: entrypoint_selector.clone(),
80 | address: address,
81 | class_hash: class_hash,
82 | state: state,
83 | caller_address: caller_address,
84 | entry_point_type: entry_point_type,
85 | tx_execution_context: tx_execution_context,
86 | block_context: block_context,
87 | resources_manager: resources_manager,
88 | };
89 | runner
90 | }
91 | #[allow(dead_code)]
92 | pub fn get_state(self) -> CachedState {
93 | return self.state;
94 | }
95 | #[allow(dead_code)]
96 | pub fn set_state(mut self, state: StateCache) -> Self {
97 | self.state.cache = state;
98 | self
99 | }
100 | }
101 |
102 | impl Runner for RunnerStarknet {
103 | fn run(mut self, data: &Vec) -> Result<(Self, CallInfo), String> {
104 | // Create an execution entry point
105 | let calldata = data.to_vec();
106 | let exec_entry_point = ExecutionEntryPoint::new(
107 | self.address.clone(),
108 | calldata.clone(),
109 | Felt252::new(self.entrypoint_selector.clone()),
110 | self.caller_address.clone(),
111 | self.entry_point_type,
112 | Some(CallType::Delegate),
113 | Some(self.class_hash),
114 | 1000000,
115 | );
116 |
117 | // Execute the entrypoint
118 | match exec_entry_point.execute(
119 | &mut self.state,
120 | &self.block_context,
121 | &mut self.resources_manager,
122 | &mut self.tx_execution_context,
123 | false,
124 | self.block_context.invoke_tx_max_n_steps(),
125 | ) {
126 | Ok(exec_info) => {
127 | let call_info = exec_info
128 | .call_info
129 | .clone()
130 | .expect("Could not get call info");
131 | return Ok((self, call_info));
132 | }
133 | Err(e) => return Err(e.to_string()),
134 | };
135 | }
136 | }
137 |
--------------------------------------------------------------------------------
/test-generator/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "test-generator"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7 |
8 | [dependencies]
9 | serde = "1.0.209"
10 | serde_json = "1.0.127"
11 | sierra-analyzer-lib = { path = "./sierra-analyzer/lib" }
12 |
--------------------------------------------------------------------------------
/test-generator/README.md:
--------------------------------------------------------------------------------
1 | ## Input file generator for the Cairo Fuzzer
2 |
3 | List the functions for which test case generation is possible :
4 |
5 | ```bash
6 | cargo run --bin test-generator ./examples/sierra/symbolic_execution_test.sierra
7 |
8 | Available functions:
9 | - symbolic::symbolic::symbolic_execution_test
10 | ```
11 |
12 | Generate an inputfile for the cairo fuzzer :
13 |
14 | ```bash
15 | cargo run --bin test-generator ./examples/sierra/symbolic_execution_test.sierra symbolic::symbolic::symbolic_execution_test > inputfile.json
16 | ```
17 |
18 | It can now be used as an input file for the function we want to fuzz using the Cairo-fuzzer with the `--inputfile` parameter.
--------------------------------------------------------------------------------
/test-generator/src/main.rs:
--------------------------------------------------------------------------------
1 | use std::collections::HashSet;
2 | use std::env;
3 | use std::fs;
4 | use std::process;
5 | use std::str::FromStr;
6 |
7 | use serde::Serialize;
8 |
9 | use sierra_analyzer_lib::sierra_program::SierraProgram;
10 | use sierra_analyzer_lib::sym_exec::sym_exec::generate_test_cases_for_function;
11 |
12 | /// Struct representing the fuzzing data
13 | #[derive(Serialize)]
14 | struct FuzzingData {
15 | workspace: String,
16 | path: String,
17 | name: String,
18 | args: Vec,
19 | inputs: Vec>,
20 | }
21 |
22 | /// Struct representing a value in the fuzzing data
23 | #[derive(Serialize)]
24 | struct Value {
25 | value: ValueData,
26 | }
27 |
28 | /// Struct representing the value data
29 | #[derive(Serialize)]
30 | struct ValueData {
31 | val: Vec,
32 | }
33 |
34 | /// Prints the names of all available functions in the decompiler
35 | fn print_function_names(decompiler: &sierra_analyzer_lib::decompiler::decompiler::Decompiler) {
36 | println!("Available functions:");
37 | for function in &decompiler.functions {
38 | if let Some(prototype) = &function.prototype {
39 | let function_name = extract_function_name(prototype);
40 | println!("\t- {}", function_name);
41 | }
42 | }
43 | }
44 |
45 | /// Extracts the function name from the prototype string
46 | fn extract_function_name(prototype: &str) -> String {
47 | let stripped_prototype = &prototype[5..];
48 | if let Some(first_space_index) = stripped_prototype.find('(') {
49 | return stripped_prototype[..first_space_index].trim().to_string();
50 | }
51 | String::new()
52 | }
53 |
54 | /// Parses the result of generate_test_cases_for_function and returns a vector of vectors of integer inputs
55 | fn get_integers_inputs(test_cases: &str) -> Vec> {
56 | let unique_results: HashSet = test_cases.lines().map(|line| line.to_string()).collect();
57 | unique_results
58 | .iter()
59 | .map(|line| parse_line_inputs(line))
60 | .collect()
61 | }
62 |
63 | /// Parses a single line of test cases and returns a vector of integer inputs
64 | fn parse_line_inputs(line: &str) -> Vec {
65 | let parts: Vec<&str> = line.split(", ").collect();
66 | parts
67 | .iter()
68 | .filter_map(|part| {
69 | let key_value: Vec<&str> = part.split(": ").collect();
70 | if key_value.len() == 2 {
71 | if let Ok(value) = i64::from_str(key_value[1]) {
72 | return Some(value);
73 | }
74 | }
75 | None
76 | })
77 | .collect()
78 | }
79 |
80 | /// Generates the fuzzing data for a given function
81 | fn generate_fuzzing_data(
82 | function: &mut sierra_analyzer_lib::decompiler::function::Function,
83 | declared_libfuncs_names: Vec,
84 | workspace: &str,
85 | path: &str,
86 | name: &str,
87 | ) -> FuzzingData {
88 | let test_cases = generate_test_cases_for_function(function, declared_libfuncs_names);
89 | let integer_inputs = get_integers_inputs(&test_cases);
90 | let arg_count = function.arguments.len();
91 | let args = vec!["felt".to_string(); arg_count];
92 | let inputs = convert_integer_inputs_to_values(integer_inputs);
93 |
94 | FuzzingData {
95 | workspace: workspace.to_string(),
96 | path: path.to_string(),
97 | name: name.to_string(),
98 | args,
99 | inputs,
100 | }
101 | }
102 |
103 | /// Converts integer inputs to the desired JSON format
104 | fn convert_integer_inputs_to_values(integer_inputs: Vec>) -> Vec> {
105 | integer_inputs
106 | .iter()
107 | .map(|inputs| {
108 | inputs
109 | .iter()
110 | .map(|&input| Value {
111 | value: ValueData { val: vec![input] },
112 | })
113 | .collect()
114 | })
115 | .collect()
116 | }
117 |
118 | /// Main function to handle command-line arguments and generate fuzzing data
119 | fn main() {
120 | let args: Vec = env::args().collect();
121 |
122 | if args.len() < 2 {
123 | eprintln!("Error: Please provide a file path as an argument.");
124 | process::exit(1);
125 | }
126 |
127 | let file_path = &args[1];
128 |
129 | // Read the content of the Sierra program file
130 | let content = match fs::read_to_string(file_path) {
131 | Ok(content) => content,
132 | Err(e) => {
133 | eprintln!("Error reading file {}: {}", file_path, e);
134 | process::exit(1);
135 | }
136 | };
137 |
138 | // Initialize a new SierraProgram with the content of the .sierra file
139 | let program = SierraProgram::new(content);
140 |
141 | // Disable verbose output for the decompiler
142 | let verbose_output = false;
143 |
144 | // Create a decompiler instance for the Sierra program
145 | let mut decompiler = program.decompiler(verbose_output);
146 |
147 | // Decompile the Sierra program
148 | let use_color = false;
149 | decompiler.decompile(use_color);
150 |
151 | if args.len() == 2 {
152 | // No specific function specified, print all available functions
153 | print_function_names(&decompiler);
154 | } else {
155 | // Specific function specified, generate test cases for that function
156 | let function_name = &args[2];
157 | let mut found = false;
158 |
159 | for function in &mut decompiler.functions {
160 | if let Some(prototype) = &function.prototype {
161 | let name = extract_function_name(prototype);
162 | if name == *function_name {
163 | let fuzzing_data = generate_fuzzing_data(
164 | function,
165 | decompiler.declared_libfuncs_names.clone(),
166 | "fuzzer_workspace",
167 | "input_file",
168 | "Fuzz_one",
169 | );
170 |
171 | // Serialize the data to JSON and print it
172 | let json_output = serde_json::to_string_pretty(&fuzzing_data).unwrap();
173 | println!("{}", json_output);
174 |
175 | found = true;
176 | break;
177 | }
178 | }
179 | }
180 |
181 | if !found {
182 | eprintln!("Error: Function '{}' not found.", function_name);
183 | process::exit(1);
184 | }
185 | }
186 | }
187 |
--------------------------------------------------------------------------------
/tests1.0/config.json:
--------------------------------------------------------------------------------
1 | {
2 | "cores": 1,
3 | "logs": false,
4 | "replay": false,
5 | "minimizer": false,
6 | "contract_file": "tests1.0/fuzzinglabs.json",
7 | "casm_file": "tests1.0/fuzzinglabs.casm",
8 | "function_name": "Fuzz_symbolic_execution",
9 | "input_file": "",
10 | "crash_file": "",
11 | "input_folder": "",
12 | "crash_folder": "",
13 | "workspace": "fuzzer_workspace",
14 | "proptesting": false,
15 | "iter": -1,
16 | "dict": "tests1.0/dict"
17 | }
--------------------------------------------------------------------------------
/tests1.0/dict:
--------------------------------------------------------------------------------
1 | key1=9999999999999999999999999999999
2 | key2=8888888888888888888888888888888
3 | key3=7777777777777777777777777777777
4 | key4=5555555555555555555555555555555
--------------------------------------------------------------------------------
/tests1.0/fuzzinglabs.cairo:
--------------------------------------------------------------------------------
1 | use starknet::{
2 | Store, SyscallResult, StorageBaseAddress, storage_read_syscall, storage_write_syscall,
3 | storage_address_from_base_and_offset
4 | };
5 | use integer::{
6 | U128IntoFelt252, Felt252IntoU256, Felt252TryIntoU64, U256TryIntoFelt252, u256_from_felt252
7 | };
8 |
9 |
10 | #[starknet::contract]
11 | mod test_contract {
12 | #[storage]
13 | struct Storage {
14 | bal:u8
15 | }
16 | #[external(v0)]
17 | fn Fuzz_symbolic_execution(
18 | ref self: ContractState,
19 | f: felt252,
20 | u: felt252,
21 | z: u16,
22 | z2: u32,
23 | i: u64,
24 | n: u128,
25 | g: u128,
26 | l: u128,
27 | a: felt252,
28 | b: felt252,
29 | s: u8,
30 | ) {
31 | if (f == 'f') {
32 | if (u == 'u') {
33 | if (z == 'z') {
34 | if (z2 == 'z') {
35 | if (i == 'i') {
36 | if (n == 'n') {
37 | if (g == 'g') {
38 | if (l == 'l') {
39 | if (a == 'a') {
40 | if (b == 'b') {
41 | if (s == 's') {
42 | assert(1==0 , '!(f & t)');
43 | }
44 | }
45 | }
46 | }
47 | }
48 | }
49 | }
50 | }
51 | }
52 | }
53 | }
54 | return ();
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/tests1.0/fuzzinglabs_fuzz.cairo:
--------------------------------------------------------------------------------
1 | use starknet::{
2 | Store, SyscallResult, StorageBaseAddress, storage_read_syscall, storage_write_syscall,
3 | storage_address_from_base_and_offset
4 | };
5 | use integer::{
6 | U128IntoFelt252, Felt252IntoU256, Felt252TryIntoU64, U256TryIntoFelt252, u256_from_felt252
7 | };
8 |
9 | #[starknet::contract]
10 | mod test_contract {
11 | #[storage]
12 | struct Storage {
13 | bal:u128,
14 | }
15 | #[external(v0)]
16 | fn storage_test(ref self: ContractState) {
17 | let value = self.bal.read();
18 | assert(value < 100000, 'value sup to 100k');
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/tests1.0/fuzzinglabs_fuzz.casm:
--------------------------------------------------------------------------------
1 | {
2 | "prime": "0x800000000000011000000000000000000000000000000000000000000000001",
3 | "compiler_version": "2.2.0",
4 | "bytecode": [
5 | "0xa0680017fff8000",
6 | "0x7",
7 | "0x482680017ffa8000",
8 | "0xffffffffffffffffffffffffffffd3be",
9 | "0x400280007ff97fff",
10 | "0x10780017fff7fff",
11 | "0x56",
12 | "0x4825800180007ffa",
13 | "0x2c42",
14 | "0x400280007ff97fff",
15 | "0x48297ffc80007ffd",
16 | "0x482680017ff98000",
17 | "0x1",
18 | "0x4824800180007ffe",
19 | "0x0",
20 | "0x20680017fff7fff",
21 | "0x4",
22 | "0x10780017fff7fff",
23 | "0x10",
24 | "0x40780017fff7fff",
25 | "0x1",
26 | "0x480680017fff8000",
27 | "0x496e70757420746f6f206c6f6e6720666f7220617267756d656e7473",
28 | "0x400080007ffe7fff",
29 | "0x48127ffc7fff8000",
30 | "0x48127ff97fff8000",
31 | "0x480a7ffb7fff8000",
32 | "0x480680017fff8000",
33 | "0x1",
34 | "0x48127ffa7fff8000",
35 | "0x482480017ff98000",
36 | "0x1",
37 | "0x208b7fff7fff7ffe",
38 | "0x1104800180018000",
39 | "0x11e",
40 | "0x482480017fff8000",
41 | "0x11d",
42 | "0x480080007fff8000",
43 | "0xa0680017fff8000",
44 | "0x9",
45 | "0x4824800180007ff7",
46 | "0x0",
47 | "0x482480017fff8000",
48 | "0x100000000000000000000000000000000",
49 | "0x400080007ff77fff",
50 | "0x10780017fff7fff",
51 | "0x1f",
52 | "0x4824800180007ff7",
53 | "0x0",
54 | "0x400080007ff87fff",
55 | "0x482480017ff88000",
56 | "0x1",
57 | "0x48127ffe7fff8000",
58 | "0x480a7ffb7fff8000",
59 | "0x1104800180018000",
60 | "0x34",
61 | "0x20680017fff7ffd",
62 | "0xc",
63 | "0x40780017fff7fff",
64 | "0x1",
65 | "0x48127ff97fff8000",
66 | "0x48127ff97fff8000",
67 | "0x48127ff97fff8000",
68 | "0x480680017fff8000",
69 | "0x0",
70 | "0x48127ffb7fff8000",
71 | "0x48127ffa7fff8000",
72 | "0x208b7fff7fff7ffe",
73 | "0x48127ffa7fff8000",
74 | "0x48127ffa7fff8000",
75 | "0x48127ffa7fff8000",
76 | "0x480680017fff8000",
77 | "0x1",
78 | "0x48127ffa7fff8000",
79 | "0x48127ffa7fff8000",
80 | "0x208b7fff7fff7ffe",
81 | "0x40780017fff7fff",
82 | "0x1",
83 | "0x480680017fff8000",
84 | "0x4f7574206f6620676173",
85 | "0x400080007ffe7fff",
86 | "0x482480017ff58000",
87 | "0x1",
88 | "0x48127ff27fff8000",
89 | "0x480a7ffb7fff8000",
90 | "0x480680017fff8000",
91 | "0x1",
92 | "0x48127ffa7fff8000",
93 | "0x482480017ff98000",
94 | "0x1",
95 | "0x208b7fff7fff7ffe",
96 | "0x40780017fff7fff",
97 | "0x1",
98 | "0x480680017fff8000",
99 | "0x4f7574206f6620676173",
100 | "0x400080007ffe7fff",
101 | "0x482680017ff98000",
102 | "0x1",
103 | "0x480a7ffa7fff8000",
104 | "0x480a7ffb7fff8000",
105 | "0x480680017fff8000",
106 | "0x1",
107 | "0x48127ffa7fff8000",
108 | "0x482480017ff98000",
109 | "0x1",
110 | "0x208b7fff7fff7ffe",
111 | "0x480a7ffb7fff8000",
112 | "0x480a7ffc7fff8000",
113 | "0x480a7ffd7fff8000",
114 | "0x1104800180018000",
115 | "0x35",
116 | "0x20680017fff7ffd",
117 | "0x29",
118 | "0x480680017fff8000",
119 | "0x186a0",
120 | "0x48307fff80017ffe",
121 | "0xa0680017fff7fff",
122 | "0x7",
123 | "0x482480017fff8000",
124 | "0x100000000000000000000000000000000",
125 | "0x400080007ff67fff",
126 | "0x10780017fff7fff",
127 | "0x12",
128 | "0x400080007ff77fff",
129 | "0x40780017fff7fff",
130 | "0x1",
131 | "0x480680017fff8000",
132 | "0x76616c75652073757020746f20314d",
133 | "0x400080007ffe7fff",
134 | "0x482480017ff58000",
135 | "0x1",
136 | "0x48127ff57fff8000",
137 | "0x48127ff57fff8000",
138 | "0x480680017fff8000",
139 | "0x1",
140 | "0x48127ffa7fff8000",
141 | "0x482480017ff98000",
142 | "0x1",
143 | "0x208b7fff7fff7ffe",
144 | "0x40780017fff7fff",
145 | "0x1",
146 | "0x482480017ff58000",
147 | "0x1",
148 | "0x48127ff57fff8000",
149 | "0x48127ff57fff8000",
150 | "0x480680017fff8000",
151 | "0x0",
152 | "0x480680017fff8000",
153 | "0x0",
154 | "0x480680017fff8000",
155 | "0x0",
156 | "0x208b7fff7fff7ffe",
157 | "0x40780017fff7fff",
158 | "0x5",
159 | "0x48127ff57fff8000",
160 | "0x48127ff57fff8000",
161 | "0x48127ff57fff8000",
162 | "0x480680017fff8000",
163 | "0x1",
164 | "0x48127ff57fff8000",
165 | "0x48127ff57fff8000",
166 | "0x208b7fff7fff7ffe",
167 | "0x480a7ffb7fff8000",
168 | "0x480a7ffc7fff8000",
169 | "0x480a7ffd7fff8000",
170 | "0x480680017fff8000",
171 | "0x0",
172 | "0x480680017fff8000",
173 | "0x2a10db3aab796a1c695858beffa85328e3ef82b13eac0caa4213e0520cc6b6e",
174 | "0x1104800180018000",
175 | "0x26",
176 | "0x20680017fff7ffc",
177 | "0x1a",
178 | "0x48127ffd7fff8000",
179 | "0x48127ffd7fff8000",
180 | "0x48127ffd7fff8000",
181 | "0x1104800180018000",
182 | "0x5b",
183 | "0x20680017fff7ffd",
184 | "0xb",
185 | "0x48127ff17fff8000",
186 | "0x48127ff17fff8000",
187 | "0x48127ff17fff8000",
188 | "0x480680017fff8000",
189 | "0x0",
190 | "0x480680017fff8000",
191 | "0x0",
192 | "0x48127ffa7fff8000",
193 | "0x208b7fff7fff7ffe",
194 | "0x48127ff17fff8000",
195 | "0x48127ff17fff8000",
196 | "0x48127ff17fff8000",
197 | "0x480680017fff8000",
198 | "0x1",
199 | "0x48127ffa7fff8000",
200 | "0x48127ffa7fff8000",
201 | "0x208b7fff7fff7ffe",
202 | "0x40780017fff7fff",
203 | "0x8",
204 | "0x48127ff17fff8000",
205 | "0x48127ff17fff8000",
206 | "0x48127ff17fff8000",
207 | "0x480680017fff8000",
208 | "0x1",
209 | "0x48127ff27fff8000",
210 | "0x48127ff27fff8000",
211 | "0x208b7fff7fff7ffe",
212 | "0x480680017fff8000",
213 | "0x53746f7261676552656164",
214 | "0x400280007ffb7fff",
215 | "0x400380017ffb7ffa",
216 | "0x400380027ffb7ffc",
217 | "0x400380037ffb7ffd",
218 | "0x480280057ffb8000",
219 | "0x20680017fff7fff",
220 | "0x28",
221 | "0x480a7ff97fff8000",
222 | "0x480280067ffb8000",
223 | "0x1104800180018000",
224 | "0x3e",
225 | "0x480280047ffb8000",
226 | "0x482680017ffb8000",
227 | "0x7",
228 | "0x20680017fff7ffc",
229 | "0xf",
230 | "0x40780017fff7fff",
231 | "0x2",
232 | "0x48127ff97fff8000",
233 | "0x48127ffb7fff8000",
234 | "0x48127ffb7fff8000",
235 | "0x480680017fff8000",
236 | "0x0",
237 | "0x480680017fff8000",
238 | "0x0",
239 | "0x480680017fff8000",
240 | "0x0",
241 | "0x48127ff57fff8000",
242 | "0x208b7fff7fff7ffe",
243 | "0x40780017fff7fff",
244 | "0x1",
245 | "0x480680017fff8000",
246 | "0x53746f726555313238202d206e6f6e2075313238",
247 | "0x400080007ffe7fff",
248 | "0x48127ff97fff8000",
249 | "0x48127ffb7fff8000",
250 | "0x48127ffb7fff8000",
251 | "0x480680017fff8000",
252 | "0x1",
253 | "0x480680017fff8000",
254 | "0x0",
255 | "0x48127ff97fff8000",
256 | "0x482480017ff88000",
257 | "0x1",
258 | "0x208b7fff7fff7ffe",
259 | "0x40780017fff7fff",
260 | "0x11",
261 | "0x480a7ff97fff8000",
262 | "0x480280047ffb8000",
263 | "0x482680017ffb8000",
264 | "0x8",
265 | "0x480680017fff8000",
266 | "0x0",
267 | "0x480680017fff8000",
268 | "0x1",
269 | "0x480280067ffb8000",
270 | "0x480280077ffb8000",
271 | "0x208b7fff7fff7ffe",
272 | "0x20780017fff7ffb",
273 | "0x8",
274 | "0x480680017fff8000",
275 | "0x0",
276 | "0x480680017fff8000",
277 | "0x0",
278 | "0x480a7ffd7fff8000",
279 | "0x208b7fff7fff7ffe",
280 | "0x480680017fff8000",
281 | "0x1",
282 | "0x480a7ffc7fff8000",
283 | "0x480a7ffd7fff8000",
284 | "0x208b7fff7fff7ffe",
285 | "0xa0680017fff8000",
286 | "0x16",
287 | "0x480280007ffc8003",
288 | "0x480280017ffc8003",
289 | "0x4844800180017ffe",
290 | "0x100000000000000000000000000000000",
291 | "0x483180017ffd7ffd",
292 | "0x482480017fff7ffd",
293 | "0x800000000000010fffffffffffffffff7ffffffffffffef0000000000000001",
294 | "0x20680017fff7ffc",
295 | "0x6",
296 | "0x402480017fff7ffd",
297 | "0xffffffffffffffffffffffffffffffff",
298 | "0x10780017fff7fff",
299 | "0x4",
300 | "0x402480017ffe7ffd",
301 | "0xf7ffffffffffffef0000000000000000",
302 | "0x400280027ffc7ffd",
303 | "0x20680017fff7ffe",
304 | "0xe",
305 | "0x402780017fff7fff",
306 | "0x1",
307 | "0x400380007ffc7ffd",
308 | "0x40780017fff7fff",
309 | "0x5",
310 | "0x482680017ffc8000",
311 | "0x1",
312 | "0x480680017fff8000",
313 | "0x0",
314 | "0x480a7ffd7fff8000",
315 | "0x10780017fff7fff",
316 | "0x8",
317 | "0x482680017ffc8000",
318 | "0x3",
319 | "0x480680017fff8000",
320 | "0x1",
321 | "0x480680017fff8000",
322 | "0x0",
323 | "0x208b7fff7fff7ffe"
324 | ],
325 | "hints": [
326 | [
327 | 0,
328 | [
329 | {
330 | "TestLessThanOrEqual": {
331 | "lhs": {
332 | "Immediate": "0x2c42"
333 | },
334 | "rhs": {
335 | "Deref": {
336 | "register": "FP",
337 | "offset": -6
338 | }
339 | },
340 | "dst": {
341 | "register": "AP",
342 | "offset": 0
343 | }
344 | }
345 | }
346 | ]
347 | ],
348 | [
349 | 19,
350 | [
351 | {
352 | "AllocSegment": {
353 | "dst": {
354 | "register": "AP",
355 | "offset": 0
356 | }
357 | }
358 | }
359 | ]
360 | ],
361 | [
362 | 38,
363 | [
364 | {
365 | "TestLessThanOrEqual": {
366 | "lhs": {
367 | "Immediate": "0x0"
368 | },
369 | "rhs": {
370 | "Deref": {
371 | "register": "AP",
372 | "offset": -8
373 | }
374 | },
375 | "dst": {
376 | "register": "AP",
377 | "offset": 0
378 | }
379 | }
380 | }
381 | ]
382 | ],
383 | [
384 | 58,
385 | [
386 | {
387 | "AllocSegment": {
388 | "dst": {
389 | "register": "AP",
390 | "offset": 0
391 | }
392 | }
393 | }
394 | ]
395 | ],
396 | [
397 | 76,
398 | [
399 | {
400 | "AllocSegment": {
401 | "dst": {
402 | "register": "AP",
403 | "offset": 0
404 | }
405 | }
406 | }
407 | ]
408 | ],
409 | [
410 | 91,
411 | [
412 | {
413 | "AllocSegment": {
414 | "dst": {
415 | "register": "AP",
416 | "offset": 0
417 | }
418 | }
419 | }
420 | ]
421 | ],
422 | [
423 | 116,
424 | [
425 | {
426 | "TestLessThan": {
427 | "lhs": {
428 | "Deref": {
429 | "register": "AP",
430 | "offset": 0
431 | }
432 | },
433 | "rhs": {
434 | "Immediate": "0x100000000000000000000000000000000"
435 | },
436 | "dst": {
437 | "register": "AP",
438 | "offset": -1
439 | }
440 | }
441 | }
442 | ]
443 | ],
444 | [
445 | 124,
446 | [
447 | {
448 | "AllocSegment": {
449 | "dst": {
450 | "register": "AP",
451 | "offset": 0
452 | }
453 | }
454 | }
455 | ]
456 | ],
457 | [
458 | 213,
459 | [
460 | {
461 | "SystemCall": {
462 | "system": {
463 | "Deref": {
464 | "register": "FP",
465 | "offset": -5
466 | }
467 | }
468 | }
469 | }
470 | ]
471 | ],
472 | [
473 | 238,
474 | [
475 | {
476 | "AllocSegment": {
477 | "dst": {
478 | "register": "AP",
479 | "offset": 0
480 | }
481 | }
482 | }
483 | ]
484 | ],
485 | [
486 | 280,
487 | [
488 | {
489 | "TestLessThan": {
490 | "lhs": {
491 | "Deref": {
492 | "register": "FP",
493 | "offset": -3
494 | }
495 | },
496 | "rhs": {
497 | "Immediate": "0x100000000000000000000000000000000"
498 | },
499 | "dst": {
500 | "register": "AP",
501 | "offset": 0
502 | }
503 | }
504 | }
505 | ]
506 | ],
507 | [
508 | 282,
509 | [
510 | {
511 | "DivMod": {
512 | "lhs": {
513 | "Deref": {
514 | "register": "FP",
515 | "offset": -3
516 | }
517 | },
518 | "rhs": {
519 | "Immediate": "0x100000000000000000000000000000000"
520 | },
521 | "quotient": {
522 | "register": "AP",
523 | "offset": 3
524 | },
525 | "remainder": {
526 | "register": "AP",
527 | "offset": 4
528 | }
529 | }
530 | }
531 | ]
532 | ]
533 | ],
534 | "entry_points_by_type": {
535 | "EXTERNAL": [
536 | {
537 | "selector": "0x19ec9be9cba2d97da4914097b2de75268bcbe67521cb538faada1f29e55a68c",
538 | "offset": 0,
539 | "builtins": [
540 | "range_check"
541 | ]
542 | }
543 | ],
544 | "L1_HANDLER": [],
545 | "CONSTRUCTOR": []
546 | }
547 | }
--------------------------------------------------------------------------------
/tests1.0/fuzzinglabs_fuzz.json:
--------------------------------------------------------------------------------
1 | {
2 | "sierra_program": [
3 | "0x1",
4 | "0x3",
5 | "0x0",
6 | "0x2",
7 | "0x2",
8 | "0x0",
9 | "0xab",
10 | "0x55",
11 | "0x1b",
12 | "0x52616e6765436865636b",
13 | "0x800000000000000100000000000000000000000000000000",
14 | "0x75313238",
15 | "0x800000000000000700000000000000000000000000000000",
16 | "0x537472756374",
17 | "0x800000000000000f00000000000000000000000000000001",
18 | "0x0",
19 | "0x2ee1e2b1b89f8c495f200e4956278a4d47395fe262f27b52e5865c9524c08c3",
20 | "0x456e756d",
21 | "0x800000000000000700000000000000000000000000000003",
22 | "0x1909a2057b9c1373b889e003e050a09f431d8108e0659d03444ced99a6eea68",
23 | "0x1",
24 | "0x2",
25 | "0x53746f7261676541646472657373",
26 | "0x4172726179",
27 | "0x800000000000000300000000000000000000000000000001",
28 | "0x18",
29 | "0x800000000000000300000000000000000000000000000003",
30 | "0x2cf4ead4392e987c9b56754a10f0a8e0f13776791e096fa6503893f05582c51",
31 | "0x5",
32 | "0x800000000000000300000000000000000000000000000002",
33 | "0x6",
34 | "0x16a4c8d7c05909052238a862d8cc3e7975bf05a07b3a69c6b28951083a6d672",
35 | "0x8",
36 | "0x35db377e57ca049334bdd283ee9a74d991b437ea21f0760006234ec7e529d20",
37 | "0x7",
38 | "0x9",
39 | "0x53746f726167654261736541646472657373",
40 | "0x800000000000000700000000000000000000000000000002",
41 | "0x2f23416cc60464d4158423619ba713070eb82b686c9d621a22c67bd37f6e0a9",
42 | "0xc",
43 | "0x536e617073686f74",
44 | "0x800000000000000700000000000000000000000000000001",
45 | "0x1baeba72e79e9db2587cf44fedb2f3700b2075a5e8e39a562584862c4b71f62",
46 | "0xe",
47 | "0xf",
48 | "0x20b344ee54e810f64421478e4dc6610fe6b4d0f1bf3a17af2389e95cc2e0de7",
49 | "0x800000000000000f00000000000000000000000000000002",
50 | "0x36c77f6d738cd3037c32e94b35462101591be306241bc47e28cd53c854521ad",
51 | "0x11",
52 | "0x800000000000000f00000000000000000000000000000003",
53 | "0x12",
54 | "0x36c37b0ce29121c5b124193262d61c3bc46b30c28d5d427ce95d8cf178e26bb",
55 | "0x13",
56 | "0x4275696c74696e436f737473",
57 | "0x53797374656d",
58 | "0x9931c641b913035ae674b400b61a51476d506bbe8bba2ff8a6272790aba9e6",
59 | "0x10",
60 | "0x66656c74323532",
61 | "0x753332",
62 | "0x4761734275696c74696e",
63 | "0x56",
64 | "0x7265766f6b655f61705f747261636b696e67",
65 | "0x77697468647261775f676173",
66 | "0x6272616e63685f616c69676e",
67 | "0x7374727563745f6465636f6e737472756374",
68 | "0x61727261795f6c656e",
69 | "0x736e617073686f745f74616b65",
70 | "0x19",
71 | "0x64726f70",
72 | "0x7533325f636f6e7374",
73 | "0x72656e616d65",
74 | "0x73746f72655f74656d70",
75 | "0x7533325f6571",
76 | "0x61727261795f6e6577",
77 | "0x66656c743235325f636f6e7374",
78 | "0x496e70757420746f6f206c6f6e6720666f7220617267756d656e7473",
79 | "0x61727261795f617070656e64",
80 | "0x7374727563745f636f6e737472756374",
81 | "0x656e756d5f696e6974",
82 | "0x17",
83 | "0x1a",
84 | "0x16",
85 | "0x6765745f6275696c74696e5f636f737473",
86 | "0x15",
87 | "0x77697468647261775f6761735f616c6c",
88 | "0x66756e6374696f6e5f63616c6c",
89 | "0x3",
90 | "0x656e756d5f6d61746368",
91 | "0x14",
92 | "0x4f7574206f6620676173",
93 | "0xd",
94 | "0x753132385f636f6e7374",
95 | "0x186a0",
96 | "0x753132385f6f766572666c6f77696e675f737562",
97 | "0x76616c75652073757020746f20314d",
98 | "0x73746f726167655f626173655f616464726573735f636f6e7374",
99 | "0x2a10db3aab796a1c695858beffa85328e3ef82b13eac0caa4213e0520cc6b6e",
100 | "0xb",
101 | "0xa",
102 | "0x4",
103 | "0x73746f726167655f616464726573735f66726f6d5f62617365",
104 | "0x73746f726167655f726561645f73797363616c6c",
105 | "0x53746f726555313238202d206e6f6e2075313238",
106 | "0x75313238735f66726f6d5f66656c74323532",
107 | "0x6a756d70",
108 | "0xf2",
109 | "0xffffffffffffffff",
110 | "0x4a",
111 | "0x1c",
112 | "0x1d",
113 | "0x3d",
114 | "0x1e",
115 | "0x1f",
116 | "0x20",
117 | "0x21",
118 | "0x26",
119 | "0x27",
120 | "0x28",
121 | "0x29",
122 | "0x22",
123 | "0x23",
124 | "0x24",
125 | "0x25",
126 | "0x2a",
127 | "0x36",
128 | "0x2b",
129 | "0x2c",
130 | "0x2d",
131 | "0x2e",
132 | "0x2f",
133 | "0x30",
134 | "0x31",
135 | "0x32",
136 | "0x33",
137 | "0x34",
138 | "0x35",
139 | "0x37",
140 | "0x38",
141 | "0x39",
142 | "0x3a",
143 | "0x3b",
144 | "0x3c",
145 | "0x3e",
146 | "0x3f",
147 | "0x40",
148 | "0x41",
149 | "0x42",
150 | "0x43",
151 | "0x44",
152 | "0x45",
153 | "0x46",
154 | "0x47",
155 | "0x48",
156 | "0x49",
157 | "0x4b",
158 | "0x4c",
159 | "0x4d",
160 | "0x4e",
161 | "0x7f",
162 | "0x74",
163 | "0xa6",
164 | "0x9f",
165 | "0xcd",
166 | "0xbf",
167 | "0xdc",
168 | "0x4f",
169 | "0xe8",
170 | "0x50",
171 | "0x51",
172 | "0x52",
173 | "0xef",
174 | "0x53",
175 | "0x54",
176 | "0x55",
177 | "0x58",
178 | "0x87",
179 | "0xad",
180 | "0xd6",
181 | "0xe2",
182 | "0x999",
183 | "0x140c0c0c13071209110c100f040e0d0c0c0c0b070a09080706050403020100",
184 | "0x71d05041c1b0c1a0c19071209140c180c0807120517070605160c08071505",
185 | "0x25070605240c08071d05230c22071d05140c21201b0c1f0c1e0712090c0c08",
186 | "0xc2f071209022e042d1b0c2c0c2b0712090d0c2a0c08072905280c27072605",
187 | "0xc0c3c3b0c0c3a110c0c39240c0c38073707360735340233043204311b0c30",
188 | "0x110c0c3f430d0c42110c0c410740070c0c3f3b0c0c3f3b0c0c3e070d0c3d3b",
189 | "0x4a470c0c3f490c0c3f480c0c3f0c0d470c0d461b0c0c45180c0c45110c0c44",
190 | "0x2c0c0c3c500c0c4f0c4e0c4d2a0c0c3f2a0c0c45280c0c45074c4b0c0c3f07",
191 | "0x38240c0c3c510d0c42070d470c0d46300c0c45240c0c45140c0c3c140c0c3a",
192 | "0xc0c0c3f540d0c531f0c0c38520c0c4f0d4e0c4d280c0c3f280c0c3a2a0c0c",
193 | "0xc0c450d0c0c45500c0c3f0c0d500c0d46560d0c42280c0c3c0c0c0c3c0755",
194 | "0x160c0c3f1a0c0c385a0c0c4f4e4e0c4d590c0c3f580d0c57070d500c0d462c",
195 | "0x4e0c4d075d075c0c0d520c0d46520c0c3f070d520c0d461f0c0c455b4e0c4d",
196 | "0xc420d0c0c3c5a0c0c3f070d5a0c0d461a0c0c45070d160c0d464e0c0c4f14",
197 | "0x604e0c0c3f070d4e0c0d46075f160c0c4f0c0d160c0d460c0d5a0c0d465e0d",
198 | "0x5b0d620d0c070d0c0707620c070707614e0c0c3e070c0c3e0c0d4e0c0d4607",
199 | "0x1b0c14071b0c620c180c5b07180c620c4e0c4e0707620c070d071a160d6314",
200 | "0xc160723520d620c1f0c14071f0c620c071a0707620c5a0c1607595a0d620c",
201 | "0xc5a07240c620c240c1b07300c620c230c1807240c620c590c180707620c52",
202 | "0x75207280c620c071f0707620c070d07076407620d30240d59075b0c620c5b",
203 | "0xd2807500c620c0730072c0c620c2a280d24072a0c620c2a0c23072a0c620c",
204 | "0x7110c620c140c2c07470c620c5b0c5a07490c620c4b0c2a074b0c620c2c50",
205 | "0xc07490707620c070d07483b11475b0c480c620c490c4b073b0c620c0d0c50",
206 | "0x620c070d0768670d6665640d620d00145b4e1107000c620c000c4707000c62",
207 | "0xc620c650c2c076b0c620c640c5a076a0c620c690c4807690c620c073b0707",
208 | "0x7271706f5b620c6e6d6c6b5b64076e0c620c6a0c00076d0c620c0d0c50076c",
209 | "0x760c620c071f0707620c730c670707620c070d07750c74730c620d720c6507",
210 | "0xc620c790c6f07790c620c780c6a0707620c770c690778770d620c760c6807",
211 | "0x620c710c50077d0c620c700c2c077c0c620c6f0c5a077b0c620c7a0c70077a",
212 | "0x7740c620c750c2a0707620c070d077f7e7d7c5b0c7f0c620c7b0c4b077e0c",
213 | "0x830c620c740c4b07820c620c710c5007810c620c700c2c07800c620c6f0c5a",
214 | "0xc850c2307850c620c077107840c620c071f0707620c070d07838281805b0c",
215 | "0xc2a07870c620c66860d2807860c620c073007660c620c85840d2407850c62",
216 | "0x4b078b0c620c0d0c50078a0c620c680c2c07890c620c670c5a07880c620c87",
217 | "0xc620c071f0707620c4e0c720707620c070d078c8b8a895b0c8c0c620c880c",
218 | "0xc620c0730078f0c620c8e8d0d24078e0c620c8e0c23078e0c620c0771078d",
219 | "0xc1a0c2c07920c620c160c5a07630c620c910c2a07910c620c8f900d280790",
220 | "0x620c4e0c6b07959493925b0c950c620c630c4b07940c620c0d0c5007930c62",
221 | "0xd0c50071f0c620c0c0c2c07590c620c070c5a0716140d620c5b0c6c075b0c",
222 | "0xd5a0c73075a1b181a5b620c23521f595b6e07230c620c160c6d07520c620c",
223 | "0x2a0c77072a0c620c077607280c620c240c750707620c070d07300c96240c62",
224 | "0x620c500c790707620c070d07494b0d97502c0d620d2a281a4e78072a0c620c",
225 | "0x7110c620c110c2307110c620c077b07470c620c071f0707620c140c7a0707",
226 | "0xc620c000c7c07000c620c3b480d2807480c620c0730073b0c620c11470d24",
227 | "0x620c640c7d07680c620c1b0c5007670c620c180c2c07650c620c2c0c5a0764",
228 | "0xc48076a0c620c077e0707620c490c790707620c070d07696867655b0c690c",
229 | "0x7720c620c4b0c5a07710c620c700c7407700c620c6a6f0d7f076f0c620c14",
230 | "0xd076d6c6b725b0c6d0c620c710c7d076c0c620c1b0c50076b0c620c180c2c",
231 | "0x180c2c07730c620c1a0c5a076e0c620c300c7c0707620c140c7a0707620c07",
232 | "0xc4e0c7a07777675735b0c770c620c6e0c7d07760c620c1b0c5007750c620c",
233 | "0xc620c0c0c2c075a0c620c070c5a07140c620c071a075b0c620c0780070762",
234 | "0x1f595a148207230c620c5b0c8107520c620c140c1b071f0c620c0d0c500759",
235 | "0xc240c840707620c070d07300c98240c620d1b0c83071b181a165b620c2352",
236 | "0x74b0c99500c620d2a0c73072a0c620c2c0c66072c0c620c280c8507280c62",
237 | "0x5a07110c620c470c8707470c620c490c8607490c620c500c750707620c070d",
238 | "0xc640c620c110c8807000c620c180c5007480c620c1a0c2c073b0c620c160c",
239 | "0x1a0c2c07670c620c160c5a07650c620c4b0c890707620c070d076400483b5b",
240 | "0x620c070d076a6968675b0c6a0c620c650c8807690c620c180c5007680c620c",
241 | "0x620c180c5007710c620c1a0c2c07700c620c160c5a076f0c620c300c890707",
242 | "0x144e0d0c5b8b07140c620c5b0c8a076b7271705b0c6b0c620c6f0c8807720c",
243 | "0x620c180c2307230c620c070c5a0707620c070d07595a1b4e9a181a164e620d",
244 | "0xc8d071a0c620c1a0c5007160c620c160c2c07521f0d620c24230d8c07240c",
245 | "0x72c0c620c2a0c8f072a0c620c300c8e0707620c070d07280c9b300c620d52",
246 | "0x470c620c1a0c5007490c620c160c2c074b0c620c1f0c5a07500c620c2c0c90",
247 | "0xc071f0707620c280c630707620c070d071147494b5b0c110c620c500c9107",
248 | "0xc073007000c620c483b0d2407480c620c480c2307480c620c0792073b0c62",
249 | "0xc2c07680c620c1f0c5a07670c620c650c9307650c620c00640d2807640c62",
250 | "0xc070d076f6a69685b0c6f0c620c670c91076a0c620c1a0c5007690c620c16",
251 | "0xc070c5a07720c620c710c9007710c620c700c8f07700c620c590c94070762",
252 | "0x6c6b5b0c6e0c620c720c91076d0c620c5a0c50076c0c620c1b0c2c076b0c62",
253 | "0x4e0c87074e0c620c0c0c860707620c070d070d0c9c0c0c620d070c95076e6d",
254 | "0xd2807160c620c07300707620c070d07140c0c140c620c5b0c88075b0c620c",
255 | "0xd0c070d9d071b0c0c1b0c620c180c8807180c620c1a0c89071a0c620c0d16",
256 | "0x180c620c0d0c5a071a0c620c4e0c9f0707620c070d0716145b4e9e4e0d0d62",
257 | "0x160c790707620c140c790707620c070d0707a20c07a1071b0c620c1a0ca007",
258 | "0xc590ca007180c620c5b0c5a07590c620c5a0ca3075a0c620c077e0707620c",
259 | "0x75b244948075b16521f0d0c520c620c1b0ca5071f0c620c180ca4071b0c62",
260 | "0x48075b284948075ba64e0d0c07504948075b2a4948075b074e0d0c07474948",
261 | "0xda907520c160ca85b4e0d0c075a4948075b593b49480714a74e0d0c075249",
262 | "0xaa0c074e070d1107"
263 | ],
264 | "sierra_program_debug_info": {
265 | "type_names": [],
266 | "libfunc_names": [],
267 | "user_func_names": []
268 | },
269 | "contract_class_version": "0.1.0",
270 | "entry_points_by_type": {
271 | "EXTERNAL": [
272 | {
273 | "selector": "0x19ec9be9cba2d97da4914097b2de75268bcbe67521cb538faada1f29e55a68c",
274 | "function_idx": 0
275 | }
276 | ],
277 | "L1_HANDLER": [],
278 | "CONSTRUCTOR": []
279 | },
280 | "abi": [
281 | {
282 | "type": "function",
283 | "name": "storage_test",
284 | "inputs": [],
285 | "outputs": [],
286 | "state_mutability": "external"
287 | },
288 | {
289 | "type": "event",
290 | "name": "fuzzinglabs_fuzz::fuzzinglabs_fuzz::test_contract::Event",
291 | "kind": "enum",
292 | "variants": []
293 | }
294 | ]
295 | }
--------------------------------------------------------------------------------
/tests1.0/fuzzinglabs_init.cairo:
--------------------------------------------------------------------------------
1 | use starknet::{
2 | Store, SyscallResult, StorageBaseAddress, storage_read_syscall, storage_write_syscall,
3 | storage_address_from_base_and_offset
4 | };
5 | use integer::{
6 | U128IntoFelt252, Felt252IntoU256, Felt252TryIntoU64, U256TryIntoFelt252, u256_from_felt252
7 | };
8 |
9 |
10 | #[starknet::contract]
11 | mod test_contract {
12 | #[storage]
13 | struct Storage {
14 | bal: u128
15 | }
16 |
17 | #[external(v0)]
18 | fn init(ref self: ContractState, value: u128) {
19 | self.bal.write(value);
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/tests1.0/fuzzinglabs_init.casm:
--------------------------------------------------------------------------------
1 | {
2 | "prime": "0x800000000000011000000000000000000000000000000000000000000000001",
3 | "compiler_version": "2.2.0",
4 | "bytecode": [
5 | "0xa0680017fff8000",
6 | "0x7",
7 | "0x482680017ffa8000",
8 | "0xffffffffffffffffffffffffffffd4d6",
9 | "0x400280007ff97fff",
10 | "0x10780017fff7fff",
11 | "0x6b",
12 | "0x4825800180007ffa",
13 | "0x2b2a",
14 | "0x400280007ff97fff",
15 | "0x482680017ff98000",
16 | "0x1",
17 | "0x480a7ffc7fff8000",
18 | "0x480a7ffd7fff8000",
19 | "0x1104800180018000",
20 | "0x71",
21 | "0x20680017fff7ffe",
22 | "0x52",
23 | "0x48307ffc80007ffd",
24 | "0x4824800180007fff",
25 | "0x0",
26 | "0x20680017fff7fff",
27 | "0x4",
28 | "0x10780017fff7fff",
29 | "0x10",
30 | "0x40780017fff7fff",
31 | "0x1",
32 | "0x480680017fff8000",
33 | "0x496e70757420746f6f206c6f6e6720666f7220617267756d656e7473",
34 | "0x400080007ffe7fff",
35 | "0x48127ff77fff8000",
36 | "0x48127fdc7fff8000",
37 | "0x480a7ffb7fff8000",
38 | "0x480680017fff8000",
39 | "0x1",
40 | "0x48127ffa7fff8000",
41 | "0x482480017ff98000",
42 | "0x1",
43 | "0x208b7fff7fff7ffe",
44 | "0x1104800180018000",
45 | "0x10e",
46 | "0x482480017fff8000",
47 | "0x10d",
48 | "0x480080007fff8000",
49 | "0xa0680017fff8000",
50 | "0x9",
51 | "0x4824800180007fda",
52 | "0x0",
53 | "0x482480017fff8000",
54 | "0x100000000000000000000000000000000",
55 | "0x400080007ff27fff",
56 | "0x10780017fff7fff",
57 | "0x20",
58 | "0x4824800180007fda",
59 | "0x0",
60 | "0x400080007ff37fff",
61 | "0x48127fff7fff8000",
62 | "0x480a7ffb7fff8000",
63 | "0x48127ff57fff8000",
64 | "0x1104800180018000",
65 | "0x7a",
66 | "0x482480017fd18000",
67 | "0x1",
68 | "0x20680017fff7ffc",
69 | "0xc",
70 | "0x40780017fff7fff",
71 | "0x1",
72 | "0x48127ffe7fff8000",
73 | "0x48127ff87fff8000",
74 | "0x48127ff87fff8000",
75 | "0x480680017fff8000",
76 | "0x0",
77 | "0x48127ffb7fff8000",
78 | "0x48127ffa7fff8000",
79 | "0x208b7fff7fff7ffe",
80 | "0x48127fff7fff8000",
81 | "0x48127ff97fff8000",
82 | "0x48127ff97fff8000",
83 | "0x480680017fff8000",
84 | "0x1",
85 | "0x48127ff97fff8000",
86 | "0x48127ff97fff8000",
87 | "0x208b7fff7fff7ffe",
88 | "0x40780017fff7fff",
89 | "0x1",
90 | "0x480680017fff8000",
91 | "0x4f7574206f6620676173",
92 | "0x400080007ffe7fff",
93 | "0x482480017ff08000",
94 | "0x1",
95 | "0x48127fd57fff8000",
96 | "0x480a7ffb7fff8000",
97 | "0x480680017fff8000",
98 | "0x1",
99 | "0x48127ffa7fff8000",
100 | "0x482480017ff98000",
101 | "0x1",
102 | "0x208b7fff7fff7ffe",
103 | "0x40780017fff7fff",
104 | "0x1",
105 | "0x480680017fff8000",
106 | "0x4661696c656420746f20646573657269616c697a6520706172616d202331",
107 | "0x400080007ffe7fff",
108 | "0x48127ff97fff8000",
109 | "0x48127fde7fff8000",
110 | "0x480a7ffb7fff8000",
111 | "0x480680017fff8000",
112 | "0x1",
113 | "0x48127ffa7fff8000",
114 | "0x482480017ff98000",
115 | "0x1",
116 | "0x208b7fff7fff7ffe",
117 | "0x40780017fff7fff",
118 | "0x1",
119 | "0x480680017fff8000",
120 | "0x4f7574206f6620676173",
121 | "0x400080007ffe7fff",
122 | "0x482680017ff98000",
123 | "0x1",
124 | "0x480a7ffa7fff8000",
125 | "0x480a7ffb7fff8000",
126 | "0x480680017fff8000",
127 | "0x1",
128 | "0x48127ffa7fff8000",
129 | "0x482480017ff98000",
130 | "0x1",
131 | "0x208b7fff7fff7ffe",
132 | "0x48297ffc80007ffd",
133 | "0x20680017fff7fff",
134 | "0x4",
135 | "0x10780017fff7fff",
136 | "0xa",
137 | "0x482680017ffc8000",
138 | "0x1",
139 | "0x480a7ffd7fff8000",
140 | "0x480680017fff8000",
141 | "0x0",
142 | "0x480a7ffc7fff8000",
143 | "0x10780017fff7fff",
144 | "0x8",
145 | "0x480a7ffc7fff8000",
146 | "0x480a7ffd7fff8000",
147 | "0x480680017fff8000",
148 | "0x1",
149 | "0x480680017fff8000",
150 | "0x0",
151 | "0x48127ffc7fff8000",
152 | "0x48127ffc7fff8000",
153 | "0x20680017fff7ffc",
154 | "0x17",
155 | "0x480a7ffb7fff8000",
156 | "0x480080007ffc8000",
157 | "0x1104800180018000",
158 | "0x34",
159 | "0x20680017fff7ffe",
160 | "0x9",
161 | "0x48127ffd7fff8000",
162 | "0x48127ff07fff8000",
163 | "0x48127ff07fff8000",
164 | "0x480680017fff8000",
165 | "0x0",
166 | "0x48127ffb7fff8000",
167 | "0x208b7fff7fff7ffe",
168 | "0x48127ffd7fff8000",
169 | "0x48127ff07fff8000",
170 | "0x48127ff07fff8000",
171 | "0x480680017fff8000",
172 | "0x1",
173 | "0x480680017fff8000",
174 | "0x0",
175 | "0x208b7fff7fff7ffe",
176 | "0x40780017fff7fff",
177 | "0xd",
178 | "0x480a7ffb7fff8000",
179 | "0x48127ff07fff8000",
180 | "0x48127ff07fff8000",
181 | "0x480680017fff8000",
182 | "0x1",
183 | "0x480680017fff8000",
184 | "0x0",
185 | "0x208b7fff7fff7ffe",
186 | "0x480a7ffb7fff8000",
187 | "0x480a7ffc7fff8000",
188 | "0x480a7ffd7fff8000",
189 | "0x1104800180018000",
190 | "0x3b",
191 | "0x20680017fff7ffd",
192 | "0xb",
193 | "0x48127ffb7fff8000",
194 | "0x48127ffb7fff8000",
195 | "0x480680017fff8000",
196 | "0x0",
197 | "0x480680017fff8000",
198 | "0x0",
199 | "0x480680017fff8000",
200 | "0x0",
201 | "0x208b7fff7fff7ffe",
202 | "0x48127ffb7fff8000",
203 | "0x48127ffb7fff8000",
204 | "0x480680017fff8000",
205 | "0x1",
206 | "0x48127ffb7fff8000",
207 | "0x48127ffb7fff8000",
208 | "0x208b7fff7fff7ffe",
209 | "0xa0680017fff8000",
210 | "0x16",
211 | "0x480280007ffc8003",
212 | "0x480280017ffc8003",
213 | "0x4844800180017ffe",
214 | "0x100000000000000000000000000000000",
215 | "0x483180017ffd7ffd",
216 | "0x482480017fff7ffd",
217 | "0x800000000000010fffffffffffffffff7ffffffffffffef0000000000000001",
218 | "0x20680017fff7ffc",
219 | "0x6",
220 | "0x402480017fff7ffd",
221 | "0xffffffffffffffffffffffffffffffff",
222 | "0x10780017fff7fff",
223 | "0x4",
224 | "0x402480017ffe7ffd",
225 | "0xf7ffffffffffffef0000000000000000",
226 | "0x400280027ffc7ffd",
227 | "0x20680017fff7ffe",
228 | "0xe",
229 | "0x402780017fff7fff",
230 | "0x1",
231 | "0x400380007ffc7ffd",
232 | "0x40780017fff7fff",
233 | "0x5",
234 | "0x482680017ffc8000",
235 | "0x1",
236 | "0x480680017fff8000",
237 | "0x0",
238 | "0x480a7ffd7fff8000",
239 | "0x10780017fff7fff",
240 | "0x8",
241 | "0x482680017ffc8000",
242 | "0x3",
243 | "0x480680017fff8000",
244 | "0x1",
245 | "0x480680017fff8000",
246 | "0x0",
247 | "0x208b7fff7fff7ffe",
248 | "0x480680017fff8000",
249 | "0x0",
250 | "0x480680017fff8000",
251 | "0x2a10db3aab796a1c695858beffa85328e3ef82b13eac0caa4213e0520cc6b6e",
252 | "0x480680017fff8000",
253 | "0x53746f726167655772697465",
254 | "0x400280007ffc7fff",
255 | "0x400380017ffc7ffb",
256 | "0x400280027ffc7ffd",
257 | "0x400280037ffc7ffe",
258 | "0x400380047ffc7ffd",
259 | "0x480280067ffc8000",
260 | "0x20680017fff7fff",
261 | "0xd",
262 | "0x480280057ffc8000",
263 | "0x482680017ffc8000",
264 | "0x7",
265 | "0x480680017fff8000",
266 | "0x0",
267 | "0x480680017fff8000",
268 | "0x0",
269 | "0x480680017fff8000",
270 | "0x0",
271 | "0x10780017fff7fff",
272 | "0x9",
273 | "0x480280057ffc8000",
274 | "0x482680017ffc8000",
275 | "0x9",
276 | "0x480680017fff8000",
277 | "0x1",
278 | "0x480280077ffc8000",
279 | "0x480280087ffc8000",
280 | "0x1104800180018000",
281 | "0x14",
282 | "0x20680017fff7ffd",
283 | "0xb",
284 | "0x48127ff67fff8000",
285 | "0x48127ff67fff8000",
286 | "0x480680017fff8000",
287 | "0x0",
288 | "0x480680017fff8000",
289 | "0x0",
290 | "0x480680017fff8000",
291 | "0x0",
292 | "0x208b7fff7fff7ffe",
293 | "0x48127ff67fff8000",
294 | "0x48127ff67fff8000",
295 | "0x480680017fff8000",
296 | "0x1",
297 | "0x48127ffb7fff8000",
298 | "0x48127ffb7fff8000",
299 | "0x208b7fff7fff7ffe",
300 | "0x20780017fff7ffb",
301 | "0x9",
302 | "0x480680017fff8000",
303 | "0x0",
304 | "0x480680017fff8000",
305 | "0x0",
306 | "0x480680017fff8000",
307 | "0x0",
308 | "0x208b7fff7fff7ffe",
309 | "0x480680017fff8000",
310 | "0x1",
311 | "0x480a7ffc7fff8000",
312 | "0x480a7ffd7fff8000",
313 | "0x208b7fff7fff7ffe"
314 | ],
315 | "hints": [
316 | [
317 | 0,
318 | [
319 | {
320 | "TestLessThanOrEqual": {
321 | "lhs": {
322 | "Immediate": "0x2b2a"
323 | },
324 | "rhs": {
325 | "Deref": {
326 | "register": "FP",
327 | "offset": -6
328 | }
329 | },
330 | "dst": {
331 | "register": "AP",
332 | "offset": 0
333 | }
334 | }
335 | }
336 | ]
337 | ],
338 | [
339 | 25,
340 | [
341 | {
342 | "AllocSegment": {
343 | "dst": {
344 | "register": "AP",
345 | "offset": 0
346 | }
347 | }
348 | }
349 | ]
350 | ],
351 | [
352 | 44,
353 | [
354 | {
355 | "TestLessThanOrEqual": {
356 | "lhs": {
357 | "Immediate": "0x0"
358 | },
359 | "rhs": {
360 | "Deref": {
361 | "register": "AP",
362 | "offset": -37
363 | }
364 | },
365 | "dst": {
366 | "register": "AP",
367 | "offset": 0
368 | }
369 | }
370 | }
371 | ]
372 | ],
373 | [
374 | 65,
375 | [
376 | {
377 | "AllocSegment": {
378 | "dst": {
379 | "register": "AP",
380 | "offset": 0
381 | }
382 | }
383 | }
384 | ]
385 | ],
386 | [
387 | 83,
388 | [
389 | {
390 | "AllocSegment": {
391 | "dst": {
392 | "register": "AP",
393 | "offset": 0
394 | }
395 | }
396 | }
397 | ]
398 | ],
399 | [
400 | 98,
401 | [
402 | {
403 | "AllocSegment": {
404 | "dst": {
405 | "register": "AP",
406 | "offset": 0
407 | }
408 | }
409 | }
410 | ]
411 | ],
412 | [
413 | 112,
414 | [
415 | {
416 | "AllocSegment": {
417 | "dst": {
418 | "register": "AP",
419 | "offset": 0
420 | }
421 | }
422 | }
423 | ]
424 | ],
425 | [
426 | 204,
427 | [
428 | {
429 | "TestLessThan": {
430 | "lhs": {
431 | "Deref": {
432 | "register": "FP",
433 | "offset": -3
434 | }
435 | },
436 | "rhs": {
437 | "Immediate": "0x100000000000000000000000000000000"
438 | },
439 | "dst": {
440 | "register": "AP",
441 | "offset": 0
442 | }
443 | }
444 | }
445 | ]
446 | ],
447 | [
448 | 206,
449 | [
450 | {
451 | "DivMod": {
452 | "lhs": {
453 | "Deref": {
454 | "register": "FP",
455 | "offset": -3
456 | }
457 | },
458 | "rhs": {
459 | "Immediate": "0x100000000000000000000000000000000"
460 | },
461 | "quotient": {
462 | "register": "AP",
463 | "offset": 3
464 | },
465 | "remainder": {
466 | "register": "AP",
467 | "offset": 4
468 | }
469 | }
470 | }
471 | ]
472 | ],
473 | [
474 | 254,
475 | [
476 | {
477 | "SystemCall": {
478 | "system": {
479 | "Deref": {
480 | "register": "FP",
481 | "offset": -4
482 | }
483 | }
484 | }
485 | }
486 | ]
487 | ]
488 | ],
489 | "entry_points_by_type": {
490 | "EXTERNAL": [
491 | {
492 | "selector": "0x3b6771b04b068edcfb8c265b21ed5c6a5748d427138f776f3f164cc45f75b31",
493 | "offset": 0,
494 | "builtins": [
495 | "range_check"
496 | ]
497 | }
498 | ],
499 | "L1_HANDLER": [],
500 | "CONSTRUCTOR": []
501 | }
502 | }
--------------------------------------------------------------------------------
/tests1.0/fuzzinglabs_init.json:
--------------------------------------------------------------------------------
1 | {
2 | "sierra_program": [
3 | "0x1",
4 | "0x3",
5 | "0x0",
6 | "0x2",
7 | "0x2",
8 | "0x0",
9 | "0xb6",
10 | "0x4a",
11 | "0x1d",
12 | "0x52616e6765436865636b",
13 | "0x800000000000000100000000000000000000000000000000",
14 | "0x537472756374",
15 | "0x800000000000000f00000000000000000000000000000001",
16 | "0x0",
17 | "0x2ee1e2b1b89f8c495f200e4956278a4d47395fe262f27b52e5865c9524c08c3",
18 | "0x800000000000000f00000000000000000000000000000002",
19 | "0x1",
20 | "0x16a4c8d7c05909052238a862d8cc3e7975bf05a07b3a69c6b28951083a6d672",
21 | "0x4172726179",
22 | "0x800000000000000300000000000000000000000000000001",
23 | "0x18",
24 | "0x800000000000000300000000000000000000000000000003",
25 | "0x3",
26 | "0x4",
27 | "0x456e756d",
28 | "0xcc5e86243f861d2d64b08c35db21013e773ac5cf10097946fe0011304886d5",
29 | "0x2",
30 | "0x5",
31 | "0x101dc0399934cc08fa0d6f6f2daead4e4a38cabeea1c743e1fc28d2d6e58e99",
32 | "0x53746f7261676541646472657373",
33 | "0x800000000000000700000000000000000000000000000000",
34 | "0x53746f726167654261736541646472657373",
35 | "0x2319107e9cde7340fc7bad9d37b9a5891f874bff98bd6e4a519ea0dee617c0b",
36 | "0x800000000000000f00000000000000000000000000000003",
37 | "0xa",
38 | "0x181ae002815ae6ff4f9122cbe78832b609f4942e7ffd195b2863d4f3a70612e",
39 | "0xb",
40 | "0x426f78",
41 | "0x800000000000000700000000000000000000000000000001",
42 | "0x800000000000000700000000000000000000000000000003",
43 | "0x29d7d57c04a880978e7b3689f6218e507f3be17588744b58dc17762447ad0e7",
44 | "0xd",
45 | "0x536e617073686f74",
46 | "0x800000000000000700000000000000000000000000000002",
47 | "0x1baeba72e79e9db2587cf44fedb2f3700b2075a5e8e39a562584862c4b71f62",
48 | "0xf",
49 | "0x10",
50 | "0x2f9ae1aedc658c3db03ab4e4574048a48b4118db89759581bac5d38cfa5dcde",
51 | "0x12",
52 | "0x39656d08c62b3f56c7f79ba90cc3d06e15c32fab5578a108c8c2c0b014dc44d",
53 | "0x13",
54 | "0x4275696c74696e436f737473",
55 | "0x53797374656d",
56 | "0x9931c641b913035ae674b400b61a51476d506bbe8bba2ff8a6272790aba9e6",
57 | "0x11",
58 | "0x66656c74323532",
59 | "0x753332",
60 | "0x75313238",
61 | "0x1909a2057b9c1373b889e003e050a09f431d8108e0659d03444ced99a6eea68",
62 | "0x1a",
63 | "0x4761734275696c74696e",
64 | "0x5e",
65 | "0x7265766f6b655f61705f747261636b696e67",
66 | "0x77697468647261775f676173",
67 | "0x6272616e63685f616c69676e",
68 | "0x73746f72655f74656d70",
69 | "0x66756e6374696f6e5f63616c6c",
70 | "0x656e756d5f6d61746368",
71 | "0x1b",
72 | "0x7374727563745f6465636f6e737472756374",
73 | "0x61727261795f6c656e",
74 | "0x736e617073686f745f74616b65",
75 | "0x19",
76 | "0x64726f70",
77 | "0x7533325f636f6e7374",
78 | "0x72656e616d65",
79 | "0x7533325f6571",
80 | "0x61727261795f6e6577",
81 | "0x66656c743235325f636f6e7374",
82 | "0x496e70757420746f6f206c6f6e6720666f7220617267756d656e7473",
83 | "0x61727261795f617070656e64",
84 | "0x7374727563745f636f6e737472756374",
85 | "0x656e756d5f696e6974",
86 | "0x17",
87 | "0x1c",
88 | "0x16",
89 | "0x6765745f6275696c74696e5f636f737473",
90 | "0x15",
91 | "0x77697468647261775f6761735f616c6c",
92 | "0x14",
93 | "0x4f7574206f6620676173",
94 | "0x4661696c656420746f20646573657269616c697a6520706172616d202331",
95 | "0x61727261795f736e617073686f745f706f705f66726f6e74",
96 | "0xe",
97 | "0x6a756d70",
98 | "0x756e626f78",
99 | "0xc",
100 | "0x75313238735f66726f6d5f66656c74323532",
101 | "0x73746f726167655f626173655f616464726573735f636f6e7374",
102 | "0x2a10db3aab796a1c695858beffa85328e3ef82b13eac0caa4213e0520cc6b6e",
103 | "0x753132385f746f5f66656c74323532",
104 | "0x73746f726167655f616464726573735f66726f6d5f62617365",
105 | "0x8",
106 | "0x73746f726167655f77726974655f73797363616c6c",
107 | "0x7",
108 | "0x6",
109 | "0xf3",
110 | "0xffffffffffffffff",
111 | "0x60",
112 | "0x9",
113 | "0x51",
114 | "0x21",
115 | "0x1e",
116 | "0x1f",
117 | "0x20",
118 | "0x22",
119 | "0x23",
120 | "0x24",
121 | "0x43",
122 | "0x25",
123 | "0x26",
124 | "0x27",
125 | "0x28",
126 | "0x2c",
127 | "0x2d",
128 | "0x2e",
129 | "0x2f",
130 | "0x29",
131 | "0x2a",
132 | "0x2b",
133 | "0x30",
134 | "0x3c",
135 | "0x31",
136 | "0x32",
137 | "0x33",
138 | "0x34",
139 | "0x35",
140 | "0x36",
141 | "0x37",
142 | "0x38",
143 | "0x39",
144 | "0x3a",
145 | "0x3b",
146 | "0x3d",
147 | "0x3e",
148 | "0x3f",
149 | "0x40",
150 | "0x41",
151 | "0x42",
152 | "0x44",
153 | "0x45",
154 | "0x46",
155 | "0x47",
156 | "0x48",
157 | "0x49",
158 | "0x4a",
159 | "0x4b",
160 | "0x4c",
161 | "0x4d",
162 | "0x4e",
163 | "0x4f",
164 | "0x50",
165 | "0x52",
166 | "0x53",
167 | "0x54",
168 | "0x55",
169 | "0x56",
170 | "0x57",
171 | "0x58",
172 | "0x59",
173 | "0x5a",
174 | "0x5b",
175 | "0x5c",
176 | "0x5d",
177 | "0x75",
178 | "0x7a",
179 | "0x90",
180 | "0x8a",
181 | "0xaa",
182 | "0xb6",
183 | "0xbd",
184 | "0xd0",
185 | "0xd5",
186 | "0xe0",
187 | "0xed",
188 | "0x6e",
189 | "0x98",
190 | "0xb0",
191 | "0xc0",
192 | "0xe7",
193 | "0x9b6",
194 | "0xd100f080e0806050d030c080b0a0905040308080605070306050403020100",
195 | "0x1008081a080605190318050403161716150f08080814050d10130812081105",
196 | "0x23032508240523030f081e220808210820051f100c081e1d13081c081b050d",
197 | "0x10022c162b13082a0829050d1008082808060519031a082705070326080605",
198 | "0x390538053705363502340808330832051f1016311630162f13082e082d050d",
199 | "0x400808414008083f0c08083e2608083d3c08083b080e083a26080839050808",
200 | "0x480c080839471208460c080845330808410544400808394008084305120842",
201 | "0x54e4b0808394d0808394c08083908124b08124a130808490e0808490c0808",
202 | "0x415108083b120e083a3308083928080839280808491a08084905504f080839",
203 | "0x8415212084605124b08124a2e080849260808490f0808410f08083f2a0808",
204 | "0x490556550808392508083905125508124a0c08085453120846260808410808",
205 | "0x5123c08124a0e0e083a0c0808430c0808575508083b08125508124a080808",
206 | "0x491c08083d5808083b0f0e083a1a0808392808083d08123c08124a3c080839",
207 | "0x85a3c08084305080843055908125108124a5108083905125108124a2a0808",
208 | "0x4a6008083905126008124a055f5e0808391a0808411a08083f055d055c5b12",
209 | "0x5125808124a1c0808491208083d6108083b130e083a600808430812600812",
210 | "0x8124a6108083905126108124a120808496008083b08125808124a58080839",
211 | "0x505630805120560611264130f126312080512080505630805050562081261",
212 | "0x121a0861051a655e0e6308581c121305580863080e080f051c0863080f080e",
213 | "0x865052608630825085e052508630865086005056308051205550866210863",
214 | "0x1a054f511263082a0865052a086308051c050563082e081a05282e12630826",
215 | "0x55054d0863084d0821054b0863084f0858054d086308280858050563085108",
216 | "0x52e050c0863080526050563082108250505630805120505670563124b4d12",
217 | "0x124f053c08630805510533086308400c122a05400863084008280540086308",
218 | "0x56908630813084b05680863085e080e05000863084c084d054c086308333c",
219 | "0x8053305056308051205676a69680f0867086308000840056a08630812080c",
220 | "0x6308051205706f126e6d6c1263126b135e0e4c056b0863086b083c056b0863",
221 | "0x8630812080c05730863086d084b0572086308710868057108630805000505",
222 | "0x57978770e6308767574730f67057608630821086a05750863087208690574",
223 | "0x563087a086c050563080512057c087b7a08631279086b056c0863086c080e",
224 | "0x800863087f0870050563087e086f057f7e1263087d086d057d086308052605",
225 | "0x8630877084b05830863086c080e0582086308810872058108630880087105",
226 | "0x4d05056308051205868584830f0886086308820840058508630878080c0584",
227 | "0x58908630878080c058808630877084b05870863086c080e057b0863087c08",
228 | "0x6308052605056308210825050563080512058a8988870f088a0863087b0840",
229 | "0x63080551056e0863088c8b122a058c0863088c0828058c0863080577058b08",
230 | "0x70084b05900863086f080e058f0863088e084d058e0863086e8d124f058d08",
231 | "0x6308051205939291900f08930863088f0840059208630812080c0591086308",
232 | "0x28059508630805730594086308052605056308650879050563085508780505",
233 | "0x980863089697124f0597086308055105960863089594122a05950863089508",
234 | "0x8630812080c059a08630813084b05660863085e080e059908630898084d05",
235 | "0x526050563080e0879050563080512059c9b9a660f089c086308990840059b",
236 | "0x551059f0863089e9d122a059e0863089e0828059e0863080577059d086308",
237 | "0x4b05a308630861080e05a2086308a1084d05a10863089fa0124f05a0086308",
238 | "0x8600535a5a4a30f0835086308a2084005a508630812080c05a40863086008",
239 | "0x610863080f0875050563080512051308a60f0e126312120874051208630808",
240 | "0x57d0505630805120505a708057c055e08630861087a05600863080e087605",
241 | "0x870055e0863081a087a0560086308130876051a08630865087e0565086308",
242 | "0x50563080512052108a8580863125e087f051c0863081c080f051c08630860",
243 | "0x2a086308250828052808630805080e05250863085508810555086308580880",
244 | "0x510883050563080512054f08a9510863122e0861052e261263082a28128205",
245 | "0x4b0e08400863084d0884050c0863081c080f054b08630826080e054d086308",
246 | "0x863081c080f053c08630826080e05330863084f088505056308051205400c",
247 | "0x8057d0505630821087805056308051205004c3c0e0800086308330884054c",
248 | "0x69088405670863081c080f056a08630805080e056908630868088505680863",
249 | "0x630808080c055e08630805084b050f086308120886056b676a0e086b086308",
250 | "0x6061130e63081c1a655e0f87051c0863080e086a051a0863080f087b056508",
251 | "0x8250878052555126308580889050563080512052108aa5808631260088805",
252 | "0x828088b0528086308262e128a052e0863085508680526086308057d050563",
253 | "0x4f510e084d0863082a088c054f08630861080c055108630813084b052a0863",
254 | "0x4008630861080c050c08630813084b054b08630821086e050563080512054d",
255 | "0x5120561130f0eab0e121263120805128d0533400c0e08330863084b088c05",
256 | "0x8057c0565086308600884055e08630812080e05600863080e088305056308",
257 | "0x85051a086308057d05056308610825050563081308250505630805120505ac",
258 | "0x5580863085e088e05650863081c0884055e0863080f080e051c0863081a08",
259 | "0x80f089205130863080e0891050f086308059005215812082108630865088f",
260 | "0x86008210505630865089405655e1263081208930560086308051c05610863",
261 | "0x12055521580ead1c1a12631213616008051396056108630861089505600863",
262 | "0x1c080c052e0863081a084b05260863082508970525086308057d0505630805",
263 | "0x863085508990505630805120505ae08057c052a0863082608980528086308",
264 | "0x63082a0866052a086308510898052808630821080c052e08630858084b0551",
265 | "0x4b089c050563080512050c08af4b0863124f089b054f0863084d089a054d08",
266 | "0xc054c0863082e084b053c08630833089e0533086308405e129d0540086308",
267 | "0x63085e08940505630805120568004c0e08680863083c089f05000863082808",
268 | "0x630869089f056708630828080c056a0863082e084b05690863080c08a00505",
269 | "0x863080808a2050563080512051208b0080863120508a1056b676a0e086b08",
270 | "0x6308055105056308051205130808130863080f08a4050f0863080e08a3050e",
271 | "0x61650808650863085e08a4055e0863086008a505600863081261124f056108",
272 | "0xe33284d4c0fb108053c26050e260512050e1208054b4d4c050f264d4c050f",
273 | "0xb40e120805584d4c0e331a4d4c0fb308053c05120c0512b20e120805514d4c",
274 | "0xb50561086008"
275 | ],
276 | "sierra_program_debug_info": {
277 | "type_names": [],
278 | "libfunc_names": [],
279 | "user_func_names": []
280 | },
281 | "contract_class_version": "0.1.0",
282 | "entry_points_by_type": {
283 | "EXTERNAL": [
284 | {
285 | "selector": "0x3b6771b04b068edcfb8c265b21ed5c6a5748d427138f776f3f164cc45f75b31",
286 | "function_idx": 0
287 | }
288 | ],
289 | "L1_HANDLER": [],
290 | "CONSTRUCTOR": []
291 | },
292 | "abi": [
293 | {
294 | "type": "function",
295 | "name": "init",
296 | "inputs": [
297 | {
298 | "name": "value",
299 | "type": "core::integer::u128"
300 | }
301 | ],
302 | "outputs": [],
303 | "state_mutability": "external"
304 | },
305 | {
306 | "type": "event",
307 | "name": "fuzzinglabs_init::fuzzinglabs_init::test_contract::Event",
308 | "kind": "enum",
309 | "variants": []
310 | }
311 | ]
312 | }
--------------------------------------------------------------------------------
/tests1.0/fuzzinglabs_starknet_2023-04-04--12:38:47.json:
--------------------------------------------------------------------------------
1 | {
2 | "workspace": "fuzzer_workspace",
3 | "path": "fuzzinglabs_starknet_2023-04-04--13:39:25.json",
4 | "name": "fuzzinglabs_starknet",
5 | "args": [
6 | "felt",
7 | "felt",
8 | "felt",
9 | "felt",
10 | "felt",
11 | "felt",
12 | "felt",
13 | "felt",
14 | "felt",
15 | "felt",
16 | "felt"
17 | ],
18 | "inputs": [
19 | [
20 | {
21 | "value": {
22 | "val": [
23 | 0,
24 | 0,
25 | 0,
26 | 0,
27 | 0,
28 | 0,
29 | 17,
30 | 134217728
31 | ]
32 | }
33 | },
34 | {
35 | "value": {
36 | "val": [
37 | 127
38 | ]
39 | }
40 | },
41 | {
42 | "value": {
43 | "val": []
44 | }
45 | },
46 | {
47 | "value": {
48 | "val": []
49 | }
50 | },
51 | {
52 | "value": {
53 | "val": []
54 | }
55 | },
56 | {
57 | "value": {
58 | "val": []
59 | }
60 | },
61 | {
62 | "value": {
63 | "val": []
64 | }
65 | },
66 | {
67 | "value": {
68 | "val": []
69 | }
70 | },
71 | {
72 | "value": {
73 | "val": []
74 | }
75 | },
76 | {
77 | "value": {
78 | "val": []
79 | }
80 | },
81 | {
82 | "value": {
83 | "val": []
84 | }
85 | }
86 | ],
87 | [
88 | {
89 | "value": {
90 | "val": [
91 | 102
92 | ]
93 | }
94 | },
95 | {
96 | "value": {
97 | "val": [
98 | 129
99 | ]
100 | }
101 | },
102 | {
103 | "value": {
104 | "val": [
105 | 241
106 | ]
107 | }
108 | },
109 | {
110 | "value": {
111 | "val": []
112 | }
113 | },
114 | {
115 | "value": {
116 | "val": []
117 | }
118 | },
119 | {
120 | "value": {
121 | "val": []
122 | }
123 | },
124 | {
125 | "value": {
126 | "val": []
127 | }
128 | },
129 | {
130 | "value": {
131 | "val": []
132 | }
133 | },
134 | {
135 | "value": {
136 | "val": []
137 | }
138 | },
139 | {
140 | "value": {
141 | "val": []
142 | }
143 | },
144 | {
145 | "value": {
146 | "val": []
147 | }
148 | }
149 | ],
150 | [
151 | {
152 | "value": {
153 | "val": [
154 | 102
155 | ]
156 | }
157 | },
158 | {
159 | "value": {
160 | "val": [
161 | 117
162 | ]
163 | }
164 | },
165 | {
166 | "value": {
167 | "val": [
168 | 4294967056,
169 | 4294967295,
170 | 4294967295,
171 | 4294967295,
172 | 4294967295,
173 | 4294967295,
174 | 16,
175 | 134217728
176 | ]
177 | }
178 | },
179 | {
180 | "value": {
181 | "val": []
182 | }
183 | },
184 | {
185 | "value": {
186 | "val": []
187 | }
188 | },
189 | {
190 | "value": {
191 | "val": []
192 | }
193 | },
194 | {
195 | "value": {
196 | "val": [
197 | 108
198 | ]
199 | }
200 | },
201 | {
202 | "value": {
203 | "val": []
204 | }
205 | },
206 | {
207 | "value": {
208 | "val": []
209 | }
210 | },
211 | {
212 | "value": {
213 | "val": []
214 | }
215 | },
216 | {
217 | "value": {
218 | "val": []
219 | }
220 | }
221 | ],
222 | [
223 | {
224 | "value": {
225 | "val": [
226 | 102
227 | ]
228 | }
229 | },
230 | {
231 | "value": {
232 | "val": [
233 | 117
234 | ]
235 | }
236 | },
237 | {
238 | "value": {
239 | "val": [
240 | 122
241 | ]
242 | }
243 | },
244 | {
245 | "value": {
246 | "val": [
247 | 171
248 | ]
249 | }
250 | },
251 | {
252 | "value": {
253 | "val": [
254 | 122
255 | ]
256 | }
257 | },
258 | {
259 | "value": {
260 | "val": [
261 | 171
262 | ]
263 | }
264 | },
265 | {
266 | "value": {
267 | "val": [
268 | 122
269 | ]
270 | }
271 | },
272 | {
273 | "value": {
274 | "val": [
275 | 171
276 | ]
277 | }
278 | },
279 | {
280 | "value": {
281 | "val": []
282 | }
283 | },
284 | {
285 | "value": {
286 | "val": []
287 | }
288 | },
289 | {
290 | "value": {
291 | "val": []
292 | }
293 | }
294 | ],
295 | [
296 | {
297 | "value": {
298 | "val": [
299 | 102
300 | ]
301 | }
302 | },
303 | {
304 | "value": {
305 | "val": [
306 | 117
307 | ]
308 | }
309 | },
310 | {
311 | "value": {
312 | "val": [
313 | 122
314 | ]
315 | }
316 | },
317 | {
318 | "value": {
319 | "val": [
320 | 122
321 | ]
322 | }
323 | },
324 | {
325 | "value": {
326 | "val": [
327 | 122
328 | ]
329 | }
330 | },
331 | {
332 | "value": {
333 | "val": [
334 | 122
335 | ]
336 | }
337 | },
338 | {
339 | "value": {
340 | "val": [
341 | 158
342 | ]
343 | }
344 | },
345 | {
346 | "value": {
347 | "val": [
348 | 122
349 | ]
350 | }
351 | },
352 | {
353 | "value": {
354 | "val": [
355 | 1042
356 | ]
357 | }
358 | },
359 | {
360 | "value": {
361 | "val": []
362 | }
363 | },
364 | {
365 | "value": {
366 | "val": []
367 | }
368 | }
369 | ],
370 | [
371 | {
372 | "value": {
373 | "val": [
374 | 102
375 | ]
376 | }
377 | },
378 | {
379 | "value": {
380 | "val": [
381 | 117
382 | ]
383 | }
384 | },
385 | {
386 | "value": {
387 | "val": [
388 | 122
389 | ]
390 | }
391 | },
392 | {
393 | "value": {
394 | "val": [
395 | 122
396 | ]
397 | }
398 | },
399 | {
400 | "value": {
401 | "val": [
402 | 105
403 | ]
404 | }
405 | },
406 | {
407 | "value": {
408 | "val": [
409 | 123
410 | ]
411 | }
412 | },
413 | {
414 | "value": {
415 | "val": [
416 | 159
417 | ]
418 | }
419 | },
420 | {
421 | "value": {
422 | "val": [
423 | 122
424 | ]
425 | }
426 | },
427 | {
428 | "value": {
429 | "val": [
430 | 1042
431 | ]
432 | }
433 | },
434 | {
435 | "value": {
436 | "val": []
437 | }
438 | },
439 | {
440 | "value": {
441 | "val": []
442 | }
443 | }
444 | ],
445 | [
446 | {
447 | "value": {
448 | "val": [
449 | 102
450 | ]
451 | }
452 | },
453 | {
454 | "value": {
455 | "val": [
456 | 117
457 | ]
458 | }
459 | },
460 | {
461 | "value": {
462 | "val": [
463 | 122
464 | ]
465 | }
466 | },
467 | {
468 | "value": {
469 | "val": [
470 | 122
471 | ]
472 | }
473 | },
474 | {
475 | "value": {
476 | "val": [
477 | 105
478 | ]
479 | }
480 | },
481 | {
482 | "value": {
483 | "val": [
484 | 110
485 | ]
486 | }
487 | },
488 | {
489 | "value": {
490 | "val": [
491 | 159
492 | ]
493 | }
494 | },
495 | {
496 | "value": {
497 | "val": [
498 | 122
499 | ]
500 | }
501 | },
502 | {
503 | "value": {
504 | "val": [
505 | 1029
506 | ]
507 | }
508 | },
509 | {
510 | "value": {
511 | "val": []
512 | }
513 | },
514 | {
515 | "value": {
516 | "val": []
517 | }
518 | }
519 | ]
520 | ]
521 | }
--------------------------------------------------------------------------------
/tests1.0/test_symbolic_execution_2022-12-22--10:18:57.json:
--------------------------------------------------------------------------------
1 | {
2 | "workspace": "fuzzer_workspace",
3 | "path": "Fuzz_one_2023-03-20--15:47:04.json",
4 | "name": "Fuzz_one",
5 | "args": [
6 | "felt",
7 | "felt",
8 | "felt",
9 | "felt",
10 | "felt",
11 | "felt",
12 | "felt",
13 | "felt",
14 | "felt",
15 | "felt",
16 | "felt"
17 | ],
18 | "inputs": [
19 | [
20 | {
21 | "value": {
22 | "val": [
23 | 0,
24 | 0,
25 | 0,
26 | 0,
27 | 0,
28 | 0,
29 | 17,
30 | 134217728
31 | ]
32 | }
33 | },
34 | {
35 | "value": {
36 | "val": [
37 | 15
38 | ]
39 | }
40 | },
41 | {
42 | "value": {
43 | "val": []
44 | }
45 | },
46 | {
47 | "value": {
48 | "val": []
49 | }
50 | },
51 | {
52 | "value": {
53 | "val": []
54 | }
55 | },
56 | {
57 | "value": {
58 | "val": []
59 | }
60 | },
61 | {
62 | "value": {
63 | "val": []
64 | }
65 | },
66 | {
67 | "value": {
68 | "val": []
69 | }
70 | },
71 | {
72 | "value": {
73 | "val": []
74 | }
75 | },
76 | {
77 | "value": {
78 | "val": []
79 | }
80 | },
81 | {
82 | "value": {
83 | "val": []
84 | }
85 | }
86 | ],
87 | [
88 | {
89 | "value": {
90 | "val": [
91 | 102
92 | ]
93 | }
94 | },
95 | {
96 | "value": {
97 | "val": []
98 | }
99 | },
100 | {
101 | "value": {
102 | "val": []
103 | }
104 | },
105 | {
106 | "value": {
107 | "val": []
108 | }
109 | },
110 | {
111 | "value": {
112 | "val": []
113 | }
114 | },
115 | {
116 | "value": {
117 | "val": [
118 | 102
119 | ]
120 | }
121 | },
122 | {
123 | "value": {
124 | "val": [
125 | 83
126 | ]
127 | }
128 | },
129 | {
130 | "value": {
131 | "val": []
132 | }
133 | },
134 | {
135 | "value": {
136 | "val": []
137 | }
138 | },
139 | {
140 | "value": {
141 | "val": []
142 | }
143 | },
144 | {
145 | "value": {
146 | "val": []
147 | }
148 | }
149 | ],
150 | [
151 | {
152 | "value": {
153 | "val": [
154 | 102
155 | ]
156 | }
157 | },
158 | {
159 | "value": {
160 | "val": [
161 | 117
162 | ]
163 | }
164 | },
165 | {
166 | "value": {
167 | "val": [
168 | 248
169 | ]
170 | }
171 | },
172 | {
173 | "value": {
174 | "val": [
175 | 70
176 | ]
177 | }
178 | },
179 | {
180 | "value": {
181 | "val": [
182 | 117
183 | ]
184 | }
185 | },
186 | {
187 | "value": {
188 | "val": [
189 | 23
190 | ]
191 | }
192 | },
193 | {
194 | "value": {
195 | "val": [
196 | 35
197 | ]
198 | }
199 | },
200 | {
201 | "value": {
202 | "val": [
203 | 34
204 | ]
205 | }
206 | },
207 | {
208 | "value": {
209 | "val": []
210 | }
211 | },
212 | {
213 | "value": {
214 | "val": []
215 | }
216 | },
217 | {
218 | "value": {
219 | "val": [
220 | 4294967283,
221 | 4294967295,
222 | 4294967295,
223 | 4294967295,
224 | 4294967295,
225 | 4294967295,
226 | 16,
227 | 134217728
228 | ]
229 | }
230 | }
231 | ],
232 | [
233 | {
234 | "value": {
235 | "val": [
236 | 102
237 | ]
238 | }
239 | },
240 | {
241 | "value": {
242 | "val": [
243 | 117
244 | ]
245 | }
246 | },
247 | {
248 | "value": {
249 | "val": [
250 | 122
251 | ]
252 | }
253 | },
254 | {
255 | "value": {
256 | "val": [
257 | 70
258 | ]
259 | }
260 | },
261 | {
262 | "value": {
263 | "val": [
264 | 116
265 | ]
266 | }
267 | },
268 | {
269 | "value": {
270 | "val": [
271 | 3337
272 | ]
273 | }
274 | },
275 | {
276 | "value": {
277 | "val": [
278 | 35
279 | ]
280 | }
281 | },
282 | {
283 | "value": {
284 | "val": [
285 | 34
286 | ]
287 | }
288 | },
289 | {
290 | "value": {
291 | "val": []
292 | }
293 | },
294 | {
295 | "value": {
296 | "val": []
297 | }
298 | },
299 | {
300 | "value": {
301 | "val": [
302 | 4294967283,
303 | 4294967295,
304 | 4294967295,
305 | 4294967295,
306 | 4294967295,
307 | 4294967295,
308 | 16,
309 | 134217728
310 | ]
311 | }
312 | }
313 | ],
314 | [
315 | {
316 | "value": {
317 | "val": [
318 | 102
319 | ]
320 | }
321 | },
322 | {
323 | "value": {
324 | "val": [
325 | 117
326 | ]
327 | }
328 | },
329 | {
330 | "value": {
331 | "val": [
332 | 122
333 | ]
334 | }
335 | },
336 | {
337 | "value": {
338 | "val": [
339 | 122
340 | ]
341 | }
342 | },
343 | {
344 | "value": {
345 | "val": [
346 | 122
347 | ]
348 | }
349 | },
350 | {
351 | "value": {
352 | "val": [
353 | 6
354 | ]
355 | }
356 | },
357 | {
358 | "value": {
359 | "val": [
360 | 122
361 | ]
362 | }
363 | },
364 | {
365 | "value": {
366 | "val": [
367 | 34
368 | ]
369 | }
370 | },
371 | {
372 | "value": {
373 | "val": []
374 | }
375 | },
376 | {
377 | "value": {
378 | "val": []
379 | }
380 | },
381 | {
382 | "value": {
383 | "val": [
384 | 4294967283,
385 | 4294967295,
386 | 4294967295,
387 | 4294967295,
388 | 4294967295,
389 | 4294967295,
390 | 16,
391 | 134217728
392 | ]
393 | }
394 | }
395 | ],
396 | [
397 | {
398 | "value": {
399 | "val": [
400 | 102
401 | ]
402 | }
403 | },
404 | {
405 | "value": {
406 | "val": [
407 | 117
408 | ]
409 | }
410 | },
411 | {
412 | "value": {
413 | "val": [
414 | 122
415 | ]
416 | }
417 | },
418 | {
419 | "value": {
420 | "val": [
421 | 122
422 | ]
423 | }
424 | },
425 | {
426 | "value": {
427 | "val": [
428 | 105
429 | ]
430 | }
431 | },
432 | {
433 | "value": {
434 | "val": [
435 | 6
436 | ]
437 | }
438 | },
439 | {
440 | "value": {
441 | "val": [
442 | 66
443 | ]
444 | }
445 | },
446 | {
447 | "value": {
448 | "val": [
449 | 34
450 | ]
451 | }
452 | },
453 | {
454 | "value": {
455 | "val": [
456 | 11
457 | ]
458 | }
459 | },
460 | {
461 | "value": {
462 | "val": [
463 | 1
464 | ]
465 | }
466 | },
467 | {
468 | "value": {
469 | "val": [
470 | 4294967283,
471 | 4294967295,
472 | 4294967295,
473 | 4294967295,
474 | 4294967295,
475 | 4294967295,
476 | 16,
477 | 134217728
478 | ]
479 | }
480 | }
481 | ],
482 | [
483 | {
484 | "value": {
485 | "val": [
486 | 102
487 | ]
488 | }
489 | },
490 | {
491 | "value": {
492 | "val": [
493 | 117
494 | ]
495 | }
496 | },
497 | {
498 | "value": {
499 | "val": [
500 | 122
501 | ]
502 | }
503 | },
504 | {
505 | "value": {
506 | "val": [
507 | 122
508 | ]
509 | }
510 | },
511 | {
512 | "value": {
513 | "val": [
514 | 105
515 | ]
516 | }
517 | },
518 | {
519 | "value": {
520 | "val": [
521 | 110
522 | ]
523 | }
524 | },
525 | {
526 | "value": {
527 | "val": [
528 | 66
529 | ]
530 | }
531 | },
532 | {
533 | "value": {
534 | "val": [
535 | 4294967263,
536 | 4294967295,
537 | 4294967295,
538 | 4294967295,
539 | 4294967295,
540 | 4294967295,
541 | 16,
542 | 134217728
543 | ]
544 | }
545 | },
546 | {
547 | "value": {
548 | "val": [
549 | 4294967286,
550 | 4294967295,
551 | 4294967295,
552 | 4294967295,
553 | 4294967295,
554 | 4294967295,
555 | 16,
556 | 134217728
557 | ]
558 | }
559 | },
560 | {
561 | "value": {
562 | "val": [
563 | 1
564 | ]
565 | }
566 | },
567 | {
568 | "value": {
569 | "val": [
570 | 4294967283,
571 | 4294967295,
572 | 4294967295,
573 | 4294967295,
574 | 4294967295,
575 | 4294967295,
576 | 16,
577 | 134217728
578 | ]
579 | }
580 | }
581 | ]
582 | ]
583 | }
--------------------------------------------------------------------------------
/tests1.0/teststorage.cairo:
--------------------------------------------------------------------------------
1 | use starknet::{
2 | Store, SyscallResult, StorageBaseAddress, storage_read_syscall, storage_write_syscall,
3 | storage_address_from_base_and_offset
4 | };
5 | use integer::{
6 | U128IntoFelt252, Felt252IntoU256, Felt252TryIntoU64, U256TryIntoFelt252, u256_from_felt252
7 | };
8 |
9 |
10 |
11 | #[starknet::contract]
12 | mod test_contract {
13 | #[storage]
14 | struct Storage {
15 | bal:u8,
16 | test:u128
17 | }
18 | #[external(v0)]
19 | fn storage_test(ref self: ContractState) {
20 | let value = self.test.read();
21 | self.test.write(value + 1);
22 | assert(value < 100000, 'value sup to 1M');
23 | }
24 | }
25 |
--------------------------------------------------------------------------------