echidna icon indicating copy to clipboard operation
echidna copied to clipboard

Published 20 hours ago verified publisher icon crytic

Coverage is reported for function/contract names

Open tuturu-tech opened this issue 1 year ago • 1 comments

When generating coverage with Echidna the resulting coverage file reports function and contract names as found/hit:

 15 | found    | contract BitLock is ChallengeBase {
 16 | found*   |     uint256 public flag = 0x0000000100010011;
 17 | found    |     uint256 private key = 0x1000101001010010;
 18 |          | 
 19 | found*   |     function flipBit(uint8 slot) public {
 20 |          |         // only using 16 bits/slots
 21 | found*   |         uint256 bit = 1 << ((uint256(slot) & 0xf) * 4);
 22 | found*   |         flag = flag ^ bit;
 23 |          |     }
 24 |          | 
 25 |          |     /* ------------- invariant ------------- */
 26 |          | 
 27 | found*   |     function invariant() public view override returns (bool) {
 28 | found*   |         return flag ^ key != 0;
 29 |          |     }
 30 |          | }

Additionally, certain information is missing from the file, including total lines found/hit, total functions found/hit/details.

    {
        "lines": {
            "found": 0,
            "hit": 0,
            "details": [
                // correctly lists lines
            ]
        },
        "functions": {
            "hit": 0,
            "found": 0,
            "details": []
        },
        // ...
    },

tuturu-tech avatar Aug 01 '23 16:08 tuturu-tech

I think contract name are labeled as hit when the code reaches the solidity dispatcher. In the case of function, it could signal certain cases were the fuzzer send value to a function, and it revered (e.g. it was non-payable).

ggrieco-tob avatar Aug 29 '23 11:08 ggrieco-tob