migrate move_vm_stack to TraceState

crates/movy-fuzz/src/executor.rs

@@ -9,6 +9,7 @@ use libafl::{
 use libafl_bolts::tuples::{Handle, MatchNameRef, RefIndexable};
 use movy_replay::{
     db::{ObjectStoreInfo, ObjectStoreMintObject},
+    event::{ModuleProvider, NotifierTracer},
     exec::{ExecutionTracedResults, SuiExecutor},
     tracer::{concolic::ConcolicState, fuzz::SuiFuzzTracer, op::Log, oracle::SuiGeneralOracle},
 };
@@ -17,6 +18,8 @@ use movy_types::{
     input::{FunctionIdent, MoveAddress},
     oracle::{Event, OracleFinding},
 };
+use move_core_types::account_address::AccountAddress;
+use movy_types::error::MovyError;
 use serde::{Deserialize, Serialize};
 use sui_types::{
     effects::TransactionEffectsAPI,
@@ -33,6 +36,51 @@ use crate::{
 
 pub const CODE_OBSERVER_NAME: &str = "code_observer";
 
+pub struct FuzzModuleProvider<'a, E> {
+    env: &'a E,
+}
+
+impl<'a, E> FuzzModuleProvider<'a, E>
+where
+    E: ObjectStore,
+{
+    pub fn new(env: &'a E) -> Self {
+        Self { env }
+    }
+}
+
+impl<'a, E> ModuleProvider for FuzzModuleProvider<'a, E>
+where
+    E: ObjectStore,
+{
+    fn get_module(
+        &mut self,
+        address: AccountAddress,
+        name: &str,
+    ) -> Result<Option<move_binary_format::CompiledModule>, MovyError> {
+        use sui_types::base_types::ObjectID;
+
+        let db = self.env;
+        let package_id = ObjectID::from(address);
+
+        let package_obj = match db.get_object(&package_id) {
+            Some(obj) => obj,
+            None => return Ok(None),
+        };
+
+        if let Some(pkg) = package_obj.data.try_as_package() {
+            for (module_name, bytes) in pkg.serialized_module_map() {
+                if module_name.as_str() == name {
+                    let module = move_binary_format::CompiledModule::deserialize_with_defaults(bytes)?;
+                    return Ok(Some(module));
+                }
+            }
+        }
+
+        Ok(None)
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct ExecutionExtraOutcome {
     pub logs: BTreeMap<FunctionIdent, Vec<Log>>,
@@ -98,6 +146,7 @@ where
         + ObjectStoreInfo
         + Clone
         + 'static,
+    E: ObjectStore,
     OT: ObserversTuple<I, S>,
     RT: for<'a> SuiGeneralOracle<CachedStore<&'a T>, S>,
     I: MoveInput,
@@ -133,8 +182,16 @@ where
         trace!("Executing input: {}", input.sequence());
         state.executions_mut().add_assign(1);
         let gas_id = state.fuzz_state().gas_id;
-        let tracer = SuiFuzzTracer::new(&mut self.ob, state, &mut self.oracles, CODE_OBSERVER_NAME);
-
+        let provider = FuzzModuleProvider::new(&self.executor.db);
+        let tracer = NotifierTracer::with_provider(
+            SuiFuzzTracer::new(
+                &mut self.ob,
+                state,
+                &mut self.oracles,
+                CODE_OBSERVER_NAME,
+            ),
+            provider,
+        );
         let result = self.executor.run_ptb_with_gas(
             input.sequence().to_ptb()?,
             epoch,
@@ -152,6 +209,7 @@ where
 
         let mut trace_outcome = tracer
             .expect("tracer should be present when tracing is enabled")
+            .into_inner()
             .outcome();
 
         trace!("Execution finished with status: {:?}", effects.status());

crates/movy-fuzz/src/oracles/sui/bool_judgement.rs

@@ -1,6 +1,5 @@
 use move_binary_format::file_format::Bytecode;
 use move_trace_format::format::TraceEvent;
-use move_vm_stack::Stack;
 use serde_json::json;
 use sui_types::effects::TransactionEffects;
 use z3::{
@@ -11,6 +10,7 @@ use z3::{
 use movy_replay::tracer::{
     concolic::{ConcolicState, SymbolValue},
     oracle::SuiGeneralOracle,
+    trace::TraceState,
 };
 use movy_types::{
     error::MovyError,
@@ -36,13 +36,13 @@ impl<T, S> SuiGeneralOracle<T, S> for BoolJudgementOracle {
     fn event(
         &mut self,
         event: &TraceEvent,
-        _stack: Option<&Stack>,
+        _trace_state: &TraceState,
         symbol_stack: &ConcolicState,
         current_function: Option<&movy_types::input::FunctionIdent>,
         _state: &mut S,
     ) -> Result<Vec<OracleFinding>, MovyError> {
         match event {
-            TraceEvent::BeforeInstruction {
+            TraceEvent::Instruction {
                 pc, instruction, ..
             } => {
                 let stack_syms = &symbol_stack.stack;

crates/movy-fuzz/src/oracles/sui/infinite_loop.rs

@@ -2,12 +2,12 @@ use std::collections::BTreeMap;
 
 use move_binary_format::file_format::Bytecode;
 use move_trace_format::format::TraceEvent;
-use move_vm_stack::Stack;
 use serde_json::json;
 
 use movy_replay::tracer::{
     concolic::{ConcolicState, SymbolValue},
     oracle::SuiGeneralOracle,
+    trace::TraceState,
 };
 use movy_types::{
     error::MovyError,
@@ -38,7 +38,7 @@ impl<T, S> SuiGeneralOracle<T, S> for InfiniteLoopOracle {
     fn event(
         &mut self,
         event: &TraceEvent,
-        _stack: Option<&Stack>,
+        _trace_state: &TraceState,
         symbol_stack: &ConcolicState,
         current_function: Option<&movy_types::input::FunctionIdent>,
         _state: &mut S,
@@ -49,7 +49,7 @@ impl<T, S> SuiGeneralOracle<T, S> for InfiniteLoopOracle {
                 let key = hash_to_u64(&key);
                 self.branch_counts.remove(&key);
             }
-            TraceEvent::BeforeInstruction {
+            TraceEvent::Instruction {
                 pc, instruction, ..
             } => {
                 match instruction {

crates/movy-fuzz/src/oracles/sui/overflow.rs

@@ -1,12 +1,12 @@
 use move_binary_format::file_format::Bytecode;
 use move_core_types::u256::U256;
-use move_trace_format::format::TraceEvent;
-use move_vm_stack::Stack;
+use move_trace_format::format::{TraceEvent, TraceValue};
 use serde_json::json;
 
 use movy_replay::tracer::{
     concolic::{ConcolicState, value_bitwidth, value_to_u256},
     oracle::SuiGeneralOracle,
+    trace::TraceState,
 };
 use movy_types::{
     error::MovyError,
@@ -19,7 +19,7 @@ use sui_types::effects::TransactionEffects;
 pub struct OverflowOracle;
 
 /// Count the number of significant bits in the concrete value (0 => 0 bits).
-fn value_sig_bits(v: &move_vm_types::values::Value) -> u32 {
+fn value_sig_bits(v: &TraceValue) -> u32 {
     let as_u256 = value_to_u256(v);
     if as_u256 == U256::zero() {
         0
@@ -41,27 +41,24 @@ impl<T, S> SuiGeneralOracle<T, S> for OverflowOracle {
     fn event(
         &mut self,
         event: &TraceEvent,
-        stack: Option<&Stack>,
+        trace_state: &TraceState,
         _symbol_stack: &ConcolicState,
         current_function: Option<&movy_types::input::FunctionIdent>,
         _state: &mut S,
     ) -> Result<Vec<OracleFinding>, MovyError> {
         match event {
-            TraceEvent::BeforeInstruction {
+            TraceEvent::Instruction {
                 pc, instruction, ..
             } => {
                 if !matches!(instruction, Bytecode::Shl) {
                     return Ok(vec![]);
                 }
-                let stack = match stack {
-                    Some(s) => s,
-                    None => return Ok(vec![]),
-                };
-                let Ok(vals_iter) = stack.last_n(2) else {
+                let stack = &trace_state.operand_stack;
+                if stack.len() < 2 {
                     return Ok(vec![]);
-                };
-                let vals: Vec<_> = vals_iter.collect();
-                let (lhs, rhs) = (vals[0], vals[1]);
+                }
+                let lhs = &stack[stack.len() - 2];
+                let rhs = &stack[stack.len() - 1];
                 let lhs_width_bits = value_bitwidth(lhs); // type width (u8/u16/...)
                 let lhs_sig_bits = value_sig_bits(lhs); // actual significant bits of the value
                 let rhs_bits = value_to_u256(rhs);

crates/movy-fuzz/src/oracles/sui/precision_loss.rs

@@ -1,10 +1,10 @@
 use move_trace_format::format::TraceEvent;
-use move_vm_stack::Stack;
 use serde_json::json;
 
 use movy_replay::tracer::{
     concolic::{ConcolicState, SymbolValue},
     oracle::SuiGeneralOracle,
+    trace::TraceState,
 };
 use movy_types::{error::MovyError, input::MoveSequence, oracle::OracleFinding};
 use sui_types::effects::TransactionEffects;
@@ -26,13 +26,13 @@ impl<T, S> SuiGeneralOracle<T, S> for PrecisionLossOracle {
     fn event(
         &mut self,
         event: &TraceEvent,
-        _stack: Option<&Stack>,
+        _trace_state: &TraceState,
         symbol_stack: &ConcolicState,
         current_function: Option<&movy_types::input::FunctionIdent>,
         _state: &mut S,
     ) -> Result<Vec<OracleFinding>, MovyError> {
         match event {
-            TraceEvent::BeforeInstruction {
+            TraceEvent::Instruction {
                 pc, instruction, ..
             } => {
                 let loss = match instruction {

crates/movy-fuzz/src/oracles/sui/proceeds.rs

@@ -4,10 +4,9 @@ use std::{
 };
 
 use move_trace_format::format::TraceEvent;
-use move_vm_stack::Stack;
 use tracing::debug;
 
-use movy_replay::tracer::{concolic::ConcolicState, oracle::SuiGeneralOracle};
+use movy_replay::tracer::{concolic::ConcolicState, oracle::SuiGeneralOracle, trace::TraceState};
 use movy_types::{
     error::MovyError,
     input::{InputArgument, MoveSequence, SuiObjectInputArgument},
@@ -216,7 +215,7 @@ where
     fn event(
         &mut self,
         _event: &TraceEvent,
-        _stack: Option<&Stack>,
+        _trace_state: &TraceState,
         _symbol_stack: &ConcolicState,
         _current_function: Option<&movy_types::input::FunctionIdent>,
         _state: &mut S,

crates/movy-fuzz/src/oracles/sui/type_conversion.rs

@@ -1,12 +1,11 @@
 use move_binary_format::file_format::Bytecode;
 use move_trace_format::format::TraceEvent;
-use move_vm_stack::Stack;
 use movy_types::input::MoveSequence;
 use movy_types::oracle::OracleFinding;
 use serde_json::json;
 
 use movy_replay::tracer::concolic::value_bitwidth;
-use movy_replay::tracer::{concolic::ConcolicState, oracle::SuiGeneralOracle};
+use movy_replay::tracer::{concolic::ConcolicState, oracle::SuiGeneralOracle, trace::TraceState};
 use movy_types::error::MovyError;
 use sui_types::effects::TransactionEffects;
 
@@ -26,24 +25,20 @@ impl<T, S> SuiGeneralOracle<T, S> for TypeConversionOracle {
     fn event(
         &mut self,
         event: &TraceEvent,
-        stack: Option<&Stack>,
+        trace_state: &TraceState,
         _symbol_stack: &ConcolicState,
         current_function: Option<&movy_types::input::FunctionIdent>,
         _state: &mut S,
     ) -> Result<Vec<OracleFinding>, MovyError> {
         match event {
-            TraceEvent::BeforeInstruction {
+            TraceEvent::Instruction {
                 pc, instruction, ..
             } => {
-                let stack = match stack {
-                    Some(s) => s,
-                    None => return Ok(vec![]),
-                };
-                let Ok(vals_iter) = stack.last_n(1) else {
+                let stack = &trace_state.operand_stack;
+                if stack.len() < 1 {
                     return Ok(vec![]);
-                };
-                let vals: Vec<_> = vals_iter.collect();
-                let val = vals.first().unwrap();
+                }
+                let val = &stack[stack.len() - 1];
                 let unnecessary = match instruction {
                     Bytecode::CastU8 => value_bitwidth(val) == 8,
                     Bytecode::CastU16 => value_bitwidth(val) == 16,

crates/movy-fuzz/src/oracles/sui/typed_bug.rs

@@ -1,8 +1,7 @@
 use move_trace_format::format::TraceEvent;
-use move_vm_stack::Stack;
 use tracing::{debug, trace};
 
-use movy_replay::tracer::{concolic::ConcolicState, oracle::SuiGeneralOracle};
+use movy_replay::tracer::{concolic::ConcolicState, oracle::SuiGeneralOracle, trace::TraceState};
 use movy_types::{error::MovyError, input::MoveSequence, oracle::OracleFinding};
 use serde_json::json;
 use sui_types::{
@@ -46,7 +45,7 @@ where
     fn event(
         &mut self,
         _event: &TraceEvent,
-        _stack: Option<&Stack>,
+        _trace_state: &TraceState,
         _symbol_stack: &ConcolicState,
         _current_function: Option<&movy_types::input::FunctionIdent>,
         _state: &mut S,