feat(avm): avm fuzzer bytecode mutation #19378
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jan 7, 2026
Contributor
Author
This stack of pull requests is managed by Graphite. Learn more about stacking. |
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
from
93eb5a8 to
aa96990
Compare
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
2 times, most recently
from
52b4d03 to
fdd48ce
Compare
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
2 times, most recently
from
3700f20 to
3d86939
Compare
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
from
fdd48ce to
1b2d92c
Compare
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
from
3d86939 to
d39d11f
Compare
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
from
1b2d92c to
e6d52ef
Compare
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
from
d39d11f to
4168739
Compare
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
from
e6d52ef to
84fa05f
Compare
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
from
4168739 to
6f984cd
Compare
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
from
84fa05f to
1a64875
Compare
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
from
6f984cd to
fbabbed
Compare
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
2 times, most recently
from
5481b98 to
dd4e396
Compare
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
from
fbabbed to
ac33049
Compare
IlyasRidhuan
changed the base branch from
ir/01-05-feat_avm_gas_mutations
to
graphite-base/19378
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
from
dd4e396 to
d5a76af
Compare
IlyasRidhuan
force-pushed
the
graphite-base/19378
branch
from
ac33049 to
3faa9e2
Compare
IlyasRidhuan
changed the base branch from
graphite-base/19378
to
ir/01-05-feat_avm_gas_mutations
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
from
d5a76af to
a9f59ee
Compare
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
from
3faa9e2 to
35ef4be
Compare
This was referenced Jan 12, 2026
IlyasRidhuan
force-pushed
the
ir/01-06-feat_avm_avm_fuzzer_bytecode_mutation
branch
from
a9f59ee to
5962f63
Compare
IlyasRidhuan
force-pushed
the
ir/01-05-feat_avm_gas_mutations
branch
from
35ef4be to
a4be5dc
Compare
IlyasRidhuan
commented
Jan 12, 2026
| std::function<void(T&, std::mt19937_64&)> mutate_element_function, | ||
| std::function<T(std::mt19937_64&)> generate_random_element_function, | ||
| const std::function<void(T&, std::mt19937_64&)>& mutate_element_function, | ||
| const std::function<T(std::mt19937_64&)>& generate_random_element_function, |
Contributor
Author
There was a problem hiding this comment.
these were missing from an earlier pr
Collaborator
Flakey Tests🤖 says: This CI run detected 2 tests that failed, but were tolerated due to a .test_patterns.yml entry. |
sirasistant
approved these changes
Jan 13, 2026
| } | ||
|
|
||
| // Apply public data tree writes (e.g., for contract instance upgrades) | ||
| if (!tx_data.public_data_writes.empty()) { |
Contributor
There was a problem hiding this comment.
We can do just
for (const auto& write : tx_data.public_data_writes) {
ws_mgr.public_data_write(write);
}
Base automatically changed from
ir/01-05-feat_avm_gas_mutations
to
merge-train/avm
January 13, 2026 09:26
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduces bytecode mutation using the standard
LLVMFuzzerMutate. We allow the mutated bytecode to expand up to 2x the original size.The mutation itself then utilises the contract upgrade path, this way we do not need to modify other classes or instances that may be used by other enqueued calls.
This does require the addition of public data writes as part of the setup to the fuzzer state (that also needs to happen in TS)