Output Format
Describe output format of sFuzz
sFuzz reports outputs to two destinations: Terminal and Files. Terminal displays overall progress and Files provides extra data.
1. Terminal output
processing time
run time: total execution time of process
last new path: duration from the latest path have been discovered till now
stage progress
now trying: current mutation operator applying to generate more test cases
stage execs: the number of executed test case per total number of generated test case for now trying mutation operator. Whenever percentage is 100%, sfuzz will move to next mutation operator.
total execs: total number of executed test cases.
exec speed: speed of fuzzing process, it equal to number of executed test cases / run time
cycle prog: all test seeds of current contract are stored in a queue, sfuzz will fuzz one by one and move from the beginning to the end of that queue. Whenever sFuzz reaches to the last element, it jumps back to the beginning element, at this time one sFuzz finishes one cycle. The number describes its position in queue
overall results
cycles done: the number of cycles sFuzz has completed.
tuples: N/A
branches: total number of discovered branches
bit/tuples: N/A
coverage: branch coverage
fuzzing yields
bit flips: there are 3 pairs: 0/0, 0/0, 0/0. Each pair is the number of generated test cases per expected number of test cases in a child stage of bit flip, e.g: single walking bit, two walking bit, four walking bit
byte flips, arithmetics, known ints, dictionary, havoc, random are similar to bit flips but different stage mutation operator
call order: N/A
path geometry
pending: how many test seeds left in current queue cycle.
pending fav: same as pending but test seeds haven't been fuzzed by sFuzz
max depth: when a test case is generated from a test seed, its depth will be depth of that test seed + 1
except type: how many exception types occur. There are many types such as
BadInstructionuniq except: N/A
predicates: N/A
oracle yields: List of all supported vulnerabilities, found means vulnerable
2. Files
sFuzz creates many file formats to keep track of running contract, all of them are stored in a folder. The table below describes file name and its corresponding meaning. It is noted that: X is a number.
Pattern
Description
__TEST__X__.json
contain a list of functions and account system, values are encoded in hex format. Account system is a list of address and balance tuples, 0xf0 is sender address. Empty function name is constructor.
__TEST__X__.order
E.g: a contract contains 3 functions: deposit, withdraw, destroy. Index of each function should be deposit = 0, withdraw = 1 and destroy = 2. If we execute them by this order: destroy -> deposit -> withdraw. An suitable array to describe that other is: [2, 1, 0]
__TEST__X__.out
N/A
__TEST__X__.storage
N/A
__TEST__X__.address
N/A
__TEST__X__.bin
N/A
stats.csv
N/A
{
"functions": [
{
"name": "transferBounty",
"inputs": [
{
"type": "address",
"value": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"type": "uint256",
"value": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
]
},
{
"name": "grantBounty",
"inputs": [
{
"type": "address",
"value": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"type": "uint256",
"value": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
]
},
{
"name": "claimBounty",
"inputs": ""
}
],
"accounts": [
{
"address": "0x00000000000000000000000000000000000000f0",
"balance": "78918677504442992524819169280"
},
{
"address": "0x0000000000000000000000000000000000000000",
"balance": "0"
}
]
}Notice: N/A indicates that it is temporary file for other projects, the format is unstable and will be changed in future.
Last updated
Was this helpful?