feat: int support

0xrusowsky · 0xrusowsky · commit dc1b2877caf2 · 2025-10-10T07:37:38.000+02:00
diff --git a/crates/evm/fuzz/src/strategies/param.rs b/crates/evm/fuzz/src/strategies/param.rs
@@ -225,11 +225,22 @@ pub fn fuzz_param_from_state(
                 .boxed(),
             1..=31 => value()
                 .prop_map(move |value| {
-                    // Generate a uintN in the correct range, then shift it to the range of intN
-                    // by subtracting 2^(N-1)
-                    let uint = U256::from_be_bytes(value.0) % U256::from(1).wrapping_shl(n);
-                    let max_int_plus1 = U256::from(1).wrapping_shl(n - 1);
-                    let num = I256::from_raw(uint.wrapping_sub(max_int_plus1));
+                    // Extract lower N bits
+                    let uint_n = U256::from_be_bytes(value.0) % U256::from(1).wrapping_shl(n);
+
+                    // Interpret as signed integer (two's complement)
+                    // Check if the sign bit (bit N-1) is set
+                    let sign_bit = U256::from(1) << (n - 1);
+                    let num = if uint_n >= sign_bit {
+                        // Negative number in two's complement
+                        // Map [2^(N-1), 2^N) to [-2^(N-1), 0) by subtracting 2^N
+                        let modulus = U256::from(1) << n;
+                        I256::from_raw(uint_n.wrapping_sub(modulus))
+                    } else {
+                        // Positive number
+                        I256::from_raw(uint_n)
+                    };
+
                     DynSolValue::Int(num, n)
                 })
                 .boxed(),
diff --git a/crates/evm/fuzz/src/strategies/state.rs b/crates/evm/fuzz/src/strategies/state.rs
@@ -550,6 +550,37 @@ impl<'ast> ast::Visit<'ast> for LiteralsCollector {
             return ControlFlow::Break(());
         }
 
+        // Handle unary negation of number literals
+        if let ast::ExprKind::Unary(un_op, inner_expr) = &expr.kind
+            && un_op.kind == ast::UnOpKind::Neg
+            && let ast::ExprKind::Lit(lit, _) = &inner_expr.kind
+            && let ast::LitKind::Number(n) = &lit.kind
+        {
+            // Compute the negative I256 value
+            if let Ok(pos_i256) = I256::try_from(*n) {
+                let neg_value = -pos_i256;
+                let neg_b256 = B256::from(neg_value.into_raw());
+
+                // Store under all intN sizes that can represent this value
+                for bits in [16, 32, 64, 128, 256] {
+                    if can_fit_in_int(neg_value, bits) {
+                        if self
+                            .output
+                            .words
+                            .entry(DynSolType::Int(bits))
+                            .or_default()
+                            .insert(neg_b256)
+                        {
+                            self.total_values += 1;
+                        }
+                    }
+                }
+            }
+
+            // Continue walking the expression
+            return self.walk_expr(expr);
+        }
+
         if let ast::ExprKind::Lit(lit, _) = &expr.kind
             && let Some((ty, value)) = convert_literal(lit)
         {
@@ -589,6 +620,17 @@ impl<'ast> ast::Visit<'ast> for LiteralsCollector {
     }
 }
 
+/// Checks if a signed integer value can fit in intN type.
+fn can_fit_in_int(value: I256, bits: usize) -> bool {
+    // Calculate the maximum positive value for intN: 2^(N-1) - 1
+    let max_val = I256::try_from((U256::from(1) << (bits - 1)) - U256::from(1))
+        .expect("max value should fit in I256");
+    // Calculate the minimum negative value for intN: -2^(N-1)
+    let min_val = -max_val - I256::ONE;
+
+    value >= min_val && value <= max_val
+}
+
 fn convert_literal(lit: &ast::Lit<'_>) -> Option<(DynSolType, LitTy)> {
     use ast::LitKind;
 
diff --git a/crates/forge/tests/cli/test_cmd.rs b/crates/forge/tests/cli/test_cmd.rs
@@ -4176,8 +4176,8 @@ forgetest_init!(should_fuzz_literals, |prj, cmd| {
             function checkWord(bytes32 v) external pure { assert(v != MAGIC_WORD); }
             function checkNumber(uint256 v) external pure { assert(v != MAGIC_NUMBER); }
             function checkInteger(int32 v) external pure { assert(v != MAGIC_INT); }
-            function checkBytes(bytes memory v) external pure { assert(keccak256(v) != keccak256(MAGIC_BYTES)); }
             function checkString(string memory v) external pure { assert(keccak256(abi.encodePacked(v)) != keccak256(abi.encodePacked(MAGIC_STRING))); }
+            function checkBytesFromHex(bytes memory v) external pure { assert(keccak256(v) != keccak256(MAGIC_BYTES)); }
             function checkBytesFromString(bytes memory v) external pure { assert(keccak256(v) != keccak256(abi.encodePacked(MAGIC_STRING))); }
         }
         "#,
@@ -4197,9 +4197,9 @@ forgetest_init!(should_fuzz_literals, |prj, cmd| {
                 function testFuzz_Number(uint256 v) public view { magic.checkNumber(v); }
                 function testFuzz_Integer(int32 v) public view { magic.checkInteger(v); }
                 function testFuzz_Word(bytes32 v) public view { magic.checkWord(v); }
-                function testFuzz_BytesFromHex(bytes memory v) public view { magic.checkBytes(v); }
-                function testFuzz_BytesFromString(bytes memory v) public view { magic.checkBytesFromString(v); }
                 function testFuzz_String(string memory v) public view { magic.checkString(v); }
+                function testFuzz_BytesFromHex(bytes memory v) public view { magic.checkBytesFromHex(v); }
+                function testFuzz_BytesFromString(bytes memory v) public view { magic.checkBytesFromString(v); }
             }
         "#,
     );
@@ -4231,7 +4231,7 @@ Encountered a total of 1 failing tests, 0 tests succeeded
                             expected_runs: u32| {
         prj.clear_cache_dir();
 
-        // the fuzzer is UNABLE to find a breaking input when NOT seeding from the AST
+        // the fuzzer is UNABLE to find a breaking input (fast) when NOT seeding from the AST
         prj.update_config(|config| {
             config.fuzz.runs = 100;
             config.fuzz.dictionary.max_fuzz_dictionary_literals = 0;
@@ -4253,7 +4253,7 @@ Encountered a total of 1 failing tests, 0 tests succeeded
 
     test_literal(100, "testFuzz_Addr", "address", "0x6B175474E89094C44Da98b954EedeAC495271d0F", 28);
     test_literal(200, "testFuzz_Number", "uint256", "1122334455 [1.122e9]", 5);
-    // test_literal(300, "testFuzz_Integer", "int32", "-777", 4);
+    test_literal(300, "testFuzz_Integer", "int32", "-777", 0);
     test_literal(
         400,
         "testFuzz_Word",
