foundry_config/
fuzz.rs

1//! Configuration for fuzz testing.
2
3use alloy_primitives::U256;
4use foundry_compilers::utils::canonicalized;
5use serde::{Deserialize, Serialize};
6use std::path::PathBuf;
7
8/// Contains for fuzz testing
9#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
10pub struct FuzzConfig {
11    /// The number of test cases that must execute for each property test
12    pub runs: u32,
13    /// Fails the fuzzed test if a revert occurs.
14    pub fail_on_revert: bool,
15    /// The maximum number of test case rejections allowed by proptest, to be
16    /// encountered during usage of `vm.assume` cheatcode. This will be used
17    /// to set the `max_global_rejects` value in proptest test runner config.
18    /// `max_local_rejects` option isn't exposed here since we're not using
19    /// `prop_filter`.
20    pub max_test_rejects: u32,
21    /// Optional seed for the fuzzing RNG algorithm
22    pub seed: Option<U256>,
23    /// The fuzz dictionary configuration
24    #[serde(flatten)]
25    pub dictionary: FuzzDictionaryConfig,
26    /// Number of runs to execute and include in the gas report.
27    pub gas_report_samples: u32,
28    /// The fuzz corpus configuration.
29    #[serde(flatten)]
30    pub corpus: FuzzCorpusConfig,
31    /// Path where fuzz failures are recorded and replayed.
32    pub failure_persist_dir: Option<PathBuf>,
33    /// show `console.log` in fuzz test, defaults to `false`
34    pub show_logs: bool,
35    /// Optional timeout (in seconds) for each property test
36    pub timeout: Option<u32>,
37}
38
39impl Default for FuzzConfig {
40    fn default() -> Self {
41        Self {
42            runs: 256,
43            fail_on_revert: true,
44            max_test_rejects: 65536,
45            seed: None,
46            dictionary: FuzzDictionaryConfig::default(),
47            gas_report_samples: 256,
48            corpus: FuzzCorpusConfig::default(),
49            failure_persist_dir: None,
50            show_logs: false,
51            timeout: None,
52        }
53    }
54}
55
56impl FuzzConfig {
57    /// Creates fuzz configuration to write failures in `{PROJECT_ROOT}/cache/fuzz` dir.
58    pub fn new(cache_dir: PathBuf) -> Self {
59        Self { failure_persist_dir: Some(cache_dir), ..Default::default() }
60    }
61}
62
63/// Contains for fuzz testing
64#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
65pub struct FuzzDictionaryConfig {
66    /// The weight of the dictionary
67    #[serde(deserialize_with = "crate::deserialize_stringified_percent")]
68    pub dictionary_weight: u32,
69    /// The flag indicating whether to include values from storage
70    pub include_storage: bool,
71    /// The flag indicating whether to include push bytes values
72    pub include_push_bytes: bool,
73    /// How many addresses to record at most.
74    /// Once the fuzzer exceeds this limit, it will start evicting random entries
75    ///
76    /// This limit is put in place to prevent memory blowup.
77    #[serde(deserialize_with = "crate::deserialize_usize_or_max")]
78    pub max_fuzz_dictionary_addresses: usize,
79    /// How many values to record at most.
80    /// Once the fuzzer exceeds this limit, it will start evicting random entries
81    #[serde(deserialize_with = "crate::deserialize_usize_or_max")]
82    pub max_fuzz_dictionary_values: usize,
83    /// How many literal values to seed from the AST, at most.
84    ///
85    /// This value is independent from the max amount of addresses and values.
86    #[serde(deserialize_with = "crate::deserialize_usize_or_max")]
87    pub max_fuzz_dictionary_literals: usize,
88}
89
90impl Default for FuzzDictionaryConfig {
91    fn default() -> Self {
92        const MB: usize = 1024 * 1024;
93
94        Self {
95            dictionary_weight: 40,
96            include_storage: true,
97            include_push_bytes: true,
98            max_fuzz_dictionary_addresses: 300 * MB / 20,
99            max_fuzz_dictionary_values: 300 * MB / 32,
100            max_fuzz_dictionary_literals: 200 * MB / 32,
101        }
102    }
103}
104
105#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
106pub struct FuzzCorpusConfig {
107    // Path to corpus directory, enabled coverage guided fuzzing mode.
108    // If not set then sequences producing new coverage are not persisted and mutated.
109    pub corpus_dir: Option<PathBuf>,
110    // Whether corpus to use gzip file compression and decompression.
111    pub corpus_gzip: bool,
112    // Number of mutations until entry marked as eligible to be flushed from in-memory corpus.
113    // Mutations will be performed at least `corpus_min_mutations` times.
114    pub corpus_min_mutations: usize,
115    // Number of corpus that won't be evicted from memory.
116    pub corpus_min_size: usize,
117    /// Whether to collect and display edge coverage metrics.
118    pub show_edge_coverage: bool,
119}
120
121impl FuzzCorpusConfig {
122    pub fn with_test(&mut self, contract: &str, test: &str) {
123        if let Some(corpus_dir) = &self.corpus_dir {
124            self.corpus_dir = Some(canonicalized(corpus_dir.join(contract).join(test)));
125        }
126    }
127
128    /// Whether edge coverage should be collected and displayed.
129    pub fn collect_edge_coverage(&self) -> bool {
130        self.corpus_dir.is_some() || self.show_edge_coverage
131    }
132
133    /// Whether coverage guided fuzzing is enabled.
134    pub fn is_coverage_guided(&self) -> bool {
135        self.corpus_dir.is_some()
136    }
137}
138
139impl Default for FuzzCorpusConfig {
140    fn default() -> Self {
141        Self {
142            corpus_dir: None,
143            corpus_gzip: true,
144            corpus_min_mutations: 5,
145            corpus_min_size: 0,
146            show_edge_coverage: false,
147        }
148    }
149}
foundry_config/fuzz.rs

foundry_config/
fuzz.rs
