alpharush

icon indicating a website link https://0xalpharush.github.io/ icon indicating an email [email protected]

icon company @asymmetric-research

Results 393 comments of alpharush

enable loading state from forge script ran against anvil

The primitive of loading alloc's produced by `forge test` is done e.g. https://github.com/0xalpharush/foundry-dumpstate/blob/e18fe00b9d783ae99f4b0777a4491cf8e950c6d5/test/Counter.t.sol#L15 You can also use anvil for rmm-core as shown [here](https://github.com/0xalpharush/rmm-core/commit/cf2c349d0eec8a6ab2ffc173940eac38434eb202). First, start anvil: `anvil --dump-state dump-state.json`. Then...

tracking: performance optimizations

Looking at the CPU report of pprof the most notable improvement we can make is probably memoizing this https://github.com/crytic/medusa/blob/3a9b0fae7888b1c1972c1178ca5022ebd51f5414/fuzzing/coverage/coverage_tracer.go#L164-L168 EDIT: This is done https://github.com/crytic/medusa/pull/472

feat(`Vm`): add deterministic shuffling `vm.shuffle(salt)`

You can add an arg to make a test a fuzz test and use that as the seed

feat(fuzz): create initial seed corpus from `forge test` traces

This should also happen during generation/mutation. That is, we should hoist inner calls from traces to top level and check if they are in the allowed selector list. That way,...

following cargo-fuzz tutorial seems to produce recursive build command

If I downgrade, I get ``` error: failed to run custom build command for `autarkie_libfuzzer v0.9.2` Caused by: process didn't exit successfully: `/home/fuzzer/target/release/build/autarkie_libfuzzer-91cb79226fc379c9/build-script-build` (exit status: 1) --- stdout cargo:rerun-if-changed=autarkie_libfuzzer_runtime/src cargo:rerun-if-changed=autarkie_libfuzzer_runtime/build.rs...

following cargo-fuzz tutorial seems to produce recursive build command

Creating a new library and not sharing the binary/library in the same crate seems to fix this

feat(invariant): assert all invariants on `continuous_run`

> invariants that already have persisted failure are not picked up / asserted Not to say this can't be done, but this isn't how Medusa/Echidna do it. The "pro" that...

libafl_libfuzzer fails to build with error: 'sanitizer/allocator_interface.h' file not found

I ran `rustup component add llvm-tools-preview --toolchain nightly && apt install clang pkg-config libssl-dev` and get this assertion failure now: https://github.com/AFLplusplus/LibAFL/blob/2c676f0352ad81e741a8c506678b335247d58983/libafl_libfuzzer/build.rs#L137-L140 ``` Caused by: process didn't exit successfully: `/root/fuzz/fuzz/target/release/build/libafl_libfuzzer-a21e2b403b9f0c1b/build-script-build` (exit...

libafl_libfuzzer fails to build with error: 'sanitizer/allocator_interface.h' file not found

How much memory is expected to be required? ``` Command exited with non-zero status 1 Command being timed: "cargo fuzz build" User time (seconds): 26.33 System time (seconds): 0.71 Percent...

Fuzzing components with wasm-smith needs to be updated

How would you propose generating components that conform to a given WIT? I am thinking of using wasm-smith to generate modules with the available imports/necessary exports and then embedding the...