Fix #208: move_fuzzer supports generic structs (#243)

* Fix #208: move_fuzzer support generic structs

* Fix #208: move_fuzzer support generic structs

.gitignore

@@ -16,4 +16,6 @@ work_dir
 .z3-trace
 *.code-workspace
 *.txt
-combined.json
+combined.json
+/**/build/
+Move.lock

src/move/corpus_initializer.rs

@@ -305,7 +305,7 @@ where
                     Type::U256 => { wrap!(VecU256, vec![U256::zero()]) }
                     Type::Address => { wrap!(VecAddress, vec![state.get_rand_address()]) }
                     Type::Signer => { unreachable!("cannot initialize signer vector") }
-                    Type::Reference(_) | Type::MutableReference(_) | Type::Vector(_) | Type::Struct(_) => {
+                    Type::Reference(_) | Type::MutableReference(_) | Type::Struct(_) | Type::StructInstantiation(_, _) => {
                         let default_inner = Self::gen_default_value(state, v);
                         if let MoveInputStatus::Complete(Value(inner)) = default_inner {
                             wrap!(Vec, vec![inner])
@@ -323,43 +323,15 @@ where
                     _ => unreachable!()
                 }
             }
-
-
-            Type::Struct(_) => {
+            Type::Struct(_) | Type::StructInstantiation(_, _) => {
                 MoveInputStatus::DependentOnStructs(
                     Value(ValueImpl::Container(
                         Container::Struct(Rc::new(RefCell::new(vec![])))
                     )),
                     vec![*ty]
                 )
             }
-            Type::Reference(ty) => {
-                let default_inner = Self::gen_default_value(state, ty);
-                if let MoveInputStatus::Complete(Value(inner)) = default_inner {
-                    if let ValueImpl::Container(inner_v) = inner {
-                        MoveInputStatus::Complete(Value(ValueImpl::ContainerRef(
-                            ContainerRef::Local(inner_v)
-                        )))
-                    } else {
-                        MoveInputStatus::Complete(Value(ValueImpl::IndexedRef(
-                            IndexedRef {
-                                idx: 0,
-                                container_ref: ContainerRef::Local(Container::Locals(Rc::new(RefCell::new(vec![inner]))))
-                            }
-                        )))
-                    }
-                } else if let MoveInputStatus::DependentOnStructs(Value(ValueImpl::Container(cont)), deps) = default_inner {
-                    MoveInputStatus::DependentOnStructs(
-                        Value(ValueImpl::ContainerRef(
-                            ContainerRef::Local(cont)
-                        )),
-                        deps
-                    )
-                } else {
-                    unreachable!()
-                }
-            }
-            Type::MutableReference(ty)  => {
+            Type::Reference(ty) | Type::MutableReference(ty) => {
                 let default_inner = Self::gen_default_value(state, ty);
                 if let MoveInputStatus::Complete(Value(inner)) = default_inner {
                     if let ValueImpl::Container(inner_v) = inner {
@@ -385,7 +357,7 @@ where
                     unreachable!()
                 }
             }
-            _ => unreachable!()
+            ty => todo!("gen_default_value failed: {:?}", ty)
         }
     }
 
@@ -472,6 +444,7 @@ where
                 }
             }
         }
+
         let input = MoveFunctionInput {
             module: module_id.clone(),
             function: function.name.clone(),

src/move/input.rs

@@ -300,7 +300,7 @@ impl MoveFunctionInputT for MoveFunctionInput {
                         final_ty = inner_ty;
                     }
                     match *final_ty {
-                        Type::Struct(_) | Type::MutableReference(_) | Type::Reference(_) => {
+                        Type::Struct(_) | Type::StructInstantiation(_, _) | Type::MutableReference(_) | Type::Reference(_) => {
                             if let Value(ValueImpl::Container(Container::Vec(inner))) = &mut arg.value {
                                 (**inner).borrow_mut().clear()
                             } else {
@@ -311,7 +311,7 @@ impl MoveFunctionInputT for MoveFunctionInput {
                     }
                 }
                 // resample all the structs in the input
-                Type::Struct(_) => {
+                Type::Struct(_) | Type::StructInstantiation(_, _) => {
                     let new_struct = self.vm_state.state.sample_value(state, ty, &Gate::Own);
                     arg.value = new_struct;
                 }
@@ -323,7 +323,6 @@ impl MoveFunctionInputT for MoveFunctionInput {
                     let new_struct = self.vm_state.state.sample_value(state, inner_ty.as_ref(), &Gate::MutRef);
                     arg.value = convert_ref(new_struct);
                 }
-                Type::StructInstantiation(_, _) => todo!("StructInstantiation"),
                 _ => {}
             }
 

src/move/oracles/typed_bug.rs

@@ -42,16 +42,16 @@ for TypedBugOracle {
         stage: u64,
     ) -> Vec<u64> {
         if ctx.post_state.typed_bug.len() > 0 {
-            unsafe {
-                let msg = json!({
-                        "typed_bug": ctx.post_state.typed_bug,
-                        "module": ctx.input.module,
-                });
-                ORACLE_OUTPUT.push(msg);
-            }
             ctx.post_state.typed_bug.iter().map(|bug_id| {
                 let mut hasher = DefaultHasher::new();
                 bug_id.hash(&mut hasher);
+                let msg = json!({
+                    "bug_type": ctx.post_state.typed_bug,
+                    "bug_info": format!("{:?} violated", bug_id),
+                    "module": ctx.input.module,
+                });
+                unsafe { ORACLE_OUTPUT.push(msg); }
+
                 (hasher.finish() as u64) << 8 + TYPED_BUG_BUG_IDX
             }).collect_vec()
         } else {

src/move/vm_state.rs

@@ -153,7 +153,7 @@ impl MoveVMState {
                 }
                 unreachable!("Should not be a vector");
             }
-            Type::Struct(_) => {}
+            Type::Struct(_) | Type::StructInstantiation(_, _) => {}
             Type::Reference(_) | Type::MutableReference(_) => unreachable!("Should not be a reference"),
             _ => {
                 return false;

tests/move/generic_struct/Move.toml

@@ -0,0 +1,9 @@
+[package]
+name = "generic_struct"
+version = "0.0.1"
+
+[dependencies]
+Sui = { git = "https://github.com/MystenLabs/sui.git", subdir = "crates/sui-framework/packages/sui-framework", rev = "framework/testnet" }
+
+[addresses]
+generic_struct = "0x0"

tests/move/generic_struct/sources/test.move

@@ -0,0 +1,21 @@
+module generic_struct::test {
+    use sui::event;
+
+    struct AAAA__fuzzland_move_bug has drop, copy, store {
+        info: u64
+    }
+
+    struct Token<T: store + drop> has store, drop {
+        amount: T,
+    }
+
+    public fun mint(amount: u256): Token<u256> {
+        Token { amount }
+    }
+
+    public fun check(token1: Token<u256>, token2: Token<u256>) {
+        if (token1.amount == 8301237461249124 && token2.amount == 338913231) {
+            event::emit(AAAA__fuzzland_move_bug { info: 1 });
+        }
+    }
+}

tests/move/helloworld/Move.toml

@@ -1,5 +1,5 @@
 [package]
-name = "hw"
+name = "hello_world"
 version = "0.0.1"
 
 [dependencies]

tests/move/helloworld/sources/test.move

@@ -1,4 +1,4 @@
-module hello_world::hello_world {
+module hello_world::test {
     use sui::event;
 
     struct AAAA__fuzzland_move_bug has drop, copy, store {
@@ -10,4 +10,4 @@ module hello_world::hello_world {
             event::emit(AAAA__fuzzland_move_bug { info: 1 });
         }
     }
-}
+}

tests/move/share_object/Move.toml

@@ -0,0 +1,9 @@
+[package]
+name = "share_object"
+version = "0.0.1"
+
+[dependencies]
+Sui = { git = "https://github.com/MystenLabs/sui.git", subdir = "crates/sui-framework/packages/sui-framework", rev = "framework/testnet" }
+
+[addresses]
+share_object = "0x0"

tests/move/share_object/sources/test.move

@@ -1,8 +1,8 @@
-module hello_world::hello_world {
-    use sui::object::{Self, ID, UID};
+module share_object::test {
+    use sui::object::{Self, UID};
     use sui::event;
     use sui::transfer;
-    use sui::tx_context::{Self, TxContext};
+    use sui::tx_context::TxContext;
 
     struct AAAA__fuzzland_move_bug has drop, copy, store {
         info: u64
@@ -23,4 +23,4 @@ module hello_world::hello_world {
             event::emit(AAAA__fuzzland_move_bug { info: 1 });
         }
     }
-}
+}

tests/move/struct_tests/Move.toml

@@ -1,9 +1,9 @@
 [package]
-name = "hw"
+name = "struct_tests"
 version = "0.0.1"
 
 [dependencies]
 Sui = { git = "https://github.com/MystenLabs/sui.git", subdir = "crates/sui-framework/packages/sui-framework", rev = "framework/testnet" }
 
 [addresses]
-hello_world = "0x0"
+struct_tests = "0x0"

tests/move/struct_tests/sources/test.move

@@ -1,4 +1,4 @@
-module hello_world::hello_world {
+module struct_tests::test {
     use sui::event;
 
     struct AAAA__fuzzland_move_bug has drop, copy, store {
@@ -13,9 +13,9 @@ module hello_world::hello_world {
         return Token { amount: amount }
     }
 
-    public fun check(token1: Token, token2: Token, token3: Token, token4: Token, token5: Token, token6: Token, token7: Token, token8: Token) {
+    public fun check(token1: Token, token2: Token, _token3: Token, _token4: Token, _token5: Token, _token6: Token, _token7: Token, _token8: Token) {
         if (token1.amount == 8301237461249124 && token2.amount == 338913231) {
             event::emit(AAAA__fuzzland_move_bug { info: 1 });
         }
     }
-}
+}