Discusson on Upstream Belobog/Movy Fork #18372
Description
Hey Aptos team,
I'm one of the builders of the Belobog/Movy, a type-guided efficient Move fuzzing framework that finds bugs and reproduces real-world incidents of millions of dollars. We also posted a paper for review.
The tool itself currently only supports the Sui Move flavor, and we would like to extend it to the Aptos Move. We already had several private forks but still felt hard to figure out the correct ways and thus need feedback and help from the Aptos team.
Our initial attempt: YsielX@69ddd27 (we can break this down if necessary)
In general, we need features including:
- zero-overhead tracing, like https://github.com/bluealloy/revm/blob/main/crates/inspector/src/inspector.rs#L17-L123 Note we need to access a lot of information, like the frame opened for each call, current bytecode and current runtime values on stack. This allows us to do symbolic execution and collect additonal information beyond code coverage. The tracing itself should also have minimal overhead, ideally just a pointer dereference of an
ifcheck to see if a tracer is present. For instance, I boosted the Sui Move tracing for 150x more performance by removing lots of unnecessary operations, which increased the execution speed from 2-3 seed/s to 200+ seed/s. Execution speed is crucial for any efficient and meaningful fuzzing. - script executing, because we compose a move call sequence to test contracts.
- historical access. One of the design goal of Belobog/Movy is to test smart contracts deployed onchain, for instance, we can reproduce the recent cetus and nemo incidents. Technically speaking, the means of accessing objects (and their resources, of course) at any given block, i.e., archival access. I can't see any good public service for this. Building an index manually is feasible, but too painful for just testing contracts.
Let me know any thoughts from the Aptos team, especially if our fork aligns with the Aptos development, and I appreciate your advice and open mind in advance. =)
Ping @zi0Black