npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@__haoyang__/erwin

v1.1.2

Published

<p align="center"> <img src="https://raw.githubusercontent.com/haoyang9804/haoyang9804.github.io/master/Erwin_icon.png" alt="erwin" width="200"/> </p> <p align="center"> <a href="https://www.npmjs.com/package/@__haoyang__/erwin"> <img alt="NPM Versi

Downloads

229

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

__haoyang____haoyang__

Keywords

Random Program GenerationSoliditySmart ContractBug DetectionCompiler Verifier

Readme

Erwin is an academic attempt on introducing bounded exhaustive instantiation in random program generator to mitigate opportunism. Different from Csmith-family tools that generate a test program in one go, Erwin separates the generation process into two sub-steps: 1) randomly generate a type/loc/vis-agnostic IR (i.e., a program without type, storage location, and visibility), and 2) conducts bounded exhaustive instantiation to instantiate the IR into a swarm of real-word test programs. By masking out bug-related langauge features, such as type, storage location, and visibility in the IR, Erwin shrinks the search space into a highly bug-related subspace. This way, Erwin reduce opportunism in random program generations.

Erwin is still under development, any suggestion and collaboration is welcomed.

How to play it?

The simplest way is npm install @__haoyang__/erwin it and npx erwin generate with different generation flags. npx erwin generate is the trivial generation, in which Erwin will not explore the search space of the IR, but perform just like Csmith, generate a test program in one go.

To utilize Erwin's features in program generation, you can use -m to specify the bug-related features you want to mask in the IR, and use -max to specify the maximum test programs you want to instantiation from the generated IR.

To directly use Erwin to fuzz the Solidity compiler, you can invoke --enable_test.

Below is an example command to fuzz the Solidity compiler:

npx erwin generate -m type -d  --enable_test --compiler_path=../solidity/build/solc/solc --refresh_folder --generation_rounds 10000 -max 100

For more flags, please refer to npx erwin generation -h.

Detected Bugs

  1. https://github.com/ethereum/solidity/issues/14719 (medium impact, confirmed, fixed, type) ✅
  2. https://github.com/ethereum/solidity/issues/14720 (duplicate of 14719) 🤡
  3. https://github.com/ethereum/solidity/issues/15223 (error handling) ✅
  4. https://github.com/ethereum/solidity/issues/15236 (a probable duplicate, confirmed, fixed, type) ✅🤡
  5. https://github.com/ethereum/solidity/issues/15219 (low effort, low impact, confirmed) ✅
  6. https://github.com/ethereum/solidity/issues/15468 (low effort, low impact, confirmed, a probable duplicate) ✅🤡
  7. https://github.com/ethereum/solidity/issues/15469 (smt) ✅
  8. https://github.com/ethereum/solidity/issues/15469 (smt, two bugs in a thread) ✅
  9. https://github.com/ethereum/solidity/issues/15483 (not a bug, but a workaround)
  10. https://github.com/ethereum/solidity/issues/15525 (documentation error, workaround) ✅
  11. https://github.com/ethereum/solidity/issues/15483 (documentation error) ✅
  12. https://github.com/ethereum/solidity/issues/15565 (error handling)
  13. https://github.com/ethereum/solidity/issues/15564 (error handling)
  14. https://github.com/ethereum/solidity/issues/15567 (error handling)
  15. https://github.com/ethereum/solidity/pull/15566 (documentation error)
  16. https://github.com/ethereum/solidity/issues/15583 (error handling,low effort low impact must have eventually should report better error) ✅
  17. https://github.com/ethereum/solidity/issues/15645 (ICE, duplicate) 🤡
  18. https://github.com/ethereum/solidity/issues/15646 (error handling) ✅
  19. https://github.com/ethereum/solidity/issues/15647 (ICE, smt) ✅
  20. https://github.com/ethereum/solidity/issues/15649 (ICE)
  21. https://github.com/ethereum/solidity/issues/15651 (ICE)
  22. https://github.com/crytic/slither/issues/2619 (hang)

Weird Language Features

Besides bugs, Erwin only plays a role of examining the design of language features. Until now, Erwin has found the following features that may be confusing to Solidity users.

  1. Solidity has a weird type inference on int_const, int, and uint. Many intuitive operations on int literals and (u)int variables are forbidden.
     int8 var21;
 false ? var21 : 62;
    The second line raises an type error: TypeError: True expression's type int8 does not match false expression's type uint8..

TODO

  • [ ] Support byte and bytes (similar to array).
  • [ ] Support contract inheritance.
  • [ ] support global constant variable, functions, and structs
  • [ ] support variable shallowing
  • [ ] support function type
  • [ ] Support inline assembly.
  • [ ] Mutate Solidity programs.