BitsLabSec
diff --git a/‎Cargo.lock‎
Lines changed: 0 additions & 90 deletions b/‎Cargo.lock‎
Lines changed: 0 additions & 90 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 50 additions & 50 deletions b/‎Cargo.toml‎
Lines changed: 50 additions & 50 deletions
diff --git a/‎crates/movy-fuzz/src/executor.rs‎
Lines changed: 26 additions & 9 deletions b/‎crates/movy-fuzz/src/executor.rs‎
Lines changed: 26 additions & 9 deletions
diff --git a/‎crates/movy-fuzz/src/operations/sui_fuzz.rs‎
Lines changed: 14 additions & 4 deletions b/‎crates/movy-fuzz/src/operations/sui_fuzz.rs‎
Lines changed: 14 additions & 4 deletions
diff --git a/‎crates/movy-fuzz/src/operations/sui_replay.rs‎
Lines changed: 3 additions & 2 deletions b/‎crates/movy-fuzz/src/operations/sui_replay.rs‎
Lines changed: 3 additions & 2 deletions
@@ -61,62 +61,62 @@ tonic = "0.14"
 url = "2.5.7"
 
 # Sui dependencies
-move-binary-format = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-trace-format = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-package = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-compiler = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-disassembler = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-ir-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-core-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-vm-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-vm-stack = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-vm-runtime = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz", features = ["tracing", "testing"]}
-move-model = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-move-stackless-bytecode = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-move-build = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-json-rpc-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-package-management = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-sdk = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-config = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-storage = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-snapshot = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-core = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-execution = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz", features = ["testing"]}
-shared-crypto = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-move-natives-latest = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
-sui-adapter-latest = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-binary-format = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-trace-format = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-package = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-compiler = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-disassembler = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-ir-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-core-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-vm-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-vm-stack = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-vm-runtime = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz", features = ["tracing", "testing"]}
+# move-model = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# move-stackless-bytecode = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-move-build = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-json-rpc-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-types = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-package-management = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-sdk = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-config = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-storage = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-snapshot = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-core = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-execution = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz", features = ["testing"]}
+# shared-crypto = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-move-natives-latest = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
+# sui-adapter-latest = {git = "https://github.com/wtdcode/sui", branch = "v1.60.1-fuzz"}
 
 
 sui-rpc = { git = "https://github.com/MystenLabs/sui-rust-sdk.git", rev = "fb62af78b30f5dc64eeaec0094ab95b5ce5b7ce2" }
 sui-sdk-types =  { git = "https://github.com/MystenLabs/sui-rust-sdk.git", rev = "fb62af78b30f5dc64eeaec0094ab95b5ce5b7ce2" }
 fastcrypto = { git = "https://github.com/MystenLabs/fastcrypto", rev = "09f86974195ec85d8aae386b1909d341d3ccfe52"} # sui use git dependency =/
 
-# move-stackless-bytecode = {path = "../sui/external-crates/move/crates/move-stackless-bytecode"}
-# move-model = {path = "../sui/external-crates/move/crates/move-model"}
-# move-binary-format = {path = "../sui/external-crates/move/crates/move-binary-format"}
-# move-trace-format = {path = "../sui/external-crates/move/crates/move-trace-format"}
-# move-package = {path = "../sui/external-crates/move/crates/move-package"}
-# move-compiler = {path = "../sui/external-crates/move/crates/move-compiler"}
-# move-disassembler = {path = "../sui/external-crates/move/crates/move-disassembler"}
-# move-ir-types = {path = "../sui/external-crates/move/crates/move-ir-types"}
-# move-core-types = {path = "../sui/external-crates/move/crates/move-core-types"}
-# move-vm-types = {path = "../sui/external-crates/move/crates/move-vm-types"}
-# move-vm-stack = {path = "../sui/external-crates/move/crates/move-vm-stack"}
-# move-vm-runtime = {path = "../sui/external-crates/move/crates/move-vm-runtime", features = ["tracing", "testing"]}
-# sui-move-build = {path = "../sui/crates/sui-move-build"}
-# sui-json-rpc-types = {path = "../sui/crates/sui-json-rpc-types"}
-# sui-types = {path = "../sui/crates/sui-types"}
-# sui-package-management = {path = "../sui/crates/sui-package-management"}
-# sui-sdk = {path = "../sui/crates/sui-sdk"}
-# sui-config = {path = "../sui/crates/sui-config"}
-# sui-storage = {path = "../sui/crates/sui-storage"}
-# sui-snapshot = {path = "../sui/crates/sui-snapshot"}
-# sui-core = {path = "../sui/crates/sui-core"}
-# sui-execution = {path = "../sui/sui-execution", features = ["testing"]}
-# shared-crypto = {path = "../sui/crates/shared-crypto"}
-# sui-move-natives-latest = {path = "../sui/sui-execution/latest/sui-move-natives/"}
-# sui-adapter-latest = {path = "../sui/sui-execution/latest/sui-adapter/"}
+move-stackless-bytecode = {path = "../sui/external-crates/move/crates/move-stackless-bytecode"}
+move-model = {path = "../sui/external-crates/move/crates/move-model"}
+move-binary-format = {path = "../sui/external-crates/move/crates/move-binary-format"}
+move-trace-format = {path = "../sui/external-crates/move/crates/move-trace-format"}
+move-package = {path = "../sui/external-crates/move/crates/move-package"}
+move-compiler = {path = "../sui/external-crates/move/crates/move-compiler"}
+move-disassembler = {path = "../sui/external-crates/move/crates/move-disassembler"}
+move-ir-types = {path = "../sui/external-crates/move/crates/move-ir-types"}
+move-core-types = {path = "../sui/external-crates/move/crates/move-core-types"}
+move-vm-types = {path = "../sui/external-crates/move/crates/move-vm-types"}
+move-vm-stack = {path = "../sui/external-crates/move/crates/move-vm-stack"}
+move-vm-runtime = {path = "../sui/external-crates/move/crates/move-vm-runtime", features = ["tracing", "testing"]}
+sui-move-build = {path = "../sui/crates/sui-move-build"}
+sui-json-rpc-types = {path = "../sui/crates/sui-json-rpc-types"}
+sui-types = {path = "../sui/crates/sui-types"}
+sui-package-management = {path = "../sui/crates/sui-package-management"}
+sui-sdk = {path = "../sui/crates/sui-sdk"}
+sui-config = {path = "../sui/crates/sui-config"}
+sui-storage = {path = "../sui/crates/sui-storage"}
+sui-snapshot = {path = "../sui/crates/sui-snapshot"}
+sui-core = {path = "../sui/crates/sui-core"}
+sui-execution = {path = "../sui/sui-execution", features = ["testing"]}
+shared-crypto = {path = "../sui/crates/shared-crypto"}
+sui-move-natives-latest = {path = "../sui/sui-execution/latest/sui-move-natives/"}
+sui-adapter-latest = {path = "../sui/sui-execution/latest/sui-adapter/"}
 
 # Aptos dependencies
 
 
@@ -10,7 +10,12 @@ use libafl_bolts::tuples::{Handle, MatchNameRef, RefIndexable};
 use movy_replay::{
     db::{ObjectStoreInfo, ObjectStoreMintObject},
     exec::{ExecutionTracedResults, SuiExecutor},
-    tracer::{concolic::ConcolicState, fuzz::SuiFuzzTracer, op::Log, oracle::SuiGeneralOracle},
+    tracer::{
+        concolic::ConcolicState,
+        fuzz::{PackageResolvedCache, PackageResolver, SuiFuzzTracer},
+        op::Log,
+        oracle::SuiGeneralOracle,
+    },
 };
 use movy_sui::database::cache::{CachedStore, ObjectSuiStoreCommit};
 use movy_types::{
@@ -72,6 +77,7 @@ pub struct SuiFuzzExecutor<T, OT, RT, I, S> {
     pub ob: OT,
     pub attacker: MoveAddress,
     pub oracles: RT,
+    pub packages_cache: PackageResolvedCache,
     // pub minted_gas: Object,
     // pub log_tracer: Option<SuiLogTracer>,
     pub ph: PhantomData<(I, S)>,
@@ -99,7 +105,7 @@ where
         + Clone
         + 'static,
     OT: ObserversTuple<I, S>,
-    RT: for<'a> SuiGeneralOracle<CachedStore<&'a T>, S>,
+    RT: SuiGeneralOracle<S>,
     I: MoveInput,
     S: HasRand
         + HasFuzzMetadata
@@ -127,15 +133,25 @@ where
             code_ob[0] = 1;
         }
 
-        let db = CachedStore::new(&self.executor.db);
-        self.oracles.pre_execution(&db, state, input.sequence())?;
+        self.oracles
+            .pre_execution(&self.executor.db, state, input.sequence())?;
 
         trace!("Executing input: {}", input.sequence());
         state.executions_mut().add_assign(1);
         let gas_id = state.fuzz_state().gas_id;
-        let tracer = SuiFuzzTracer::new(&mut self.ob, state, &mut self.oracles, CODE_OBSERVER_NAME);
+        let resolver = PackageResolver {
+            db: &self.executor.db,
+            cache: std::mem::take(&mut self.packages_cache),
+        };
+        let tracer = SuiFuzzTracer::new(
+            &mut self.ob,
+            state,
+            &mut self.oracles,
+            CODE_OBSERVER_NAME,
+            resolver,
+        );
 
-        let result = self.executor.run_ptb_with_gas(
+        let result = self.executor.run_ptb_with_movy_tracer_gas(
             input.sequence().to_ptb()?,
             epoch,
             epoch_ms,
@@ -147,12 +163,13 @@ where
         let ExecutionTracedResults { results, tracer } = result;
         let effects = results.effects;
         let events = results.store.events.data.clone();
+        let db = CachedStore::new(&self.executor.db);
         db.commit_store(results.store, &effects)
             .map_err(|e| libafl::Error::unknown(format!("commit store failed: {e}")))?;
+        let mut tracer = tracer.expect("tracer should be present when tracing is enabled");
 
-        let mut trace_outcome = tracer
-            .expect("tracer should be present when tracing is enabled")
-            .outcome();
+        self.packages_cache = std::mem::take(&mut tracer.resolver.cache);
+        let mut trace_outcome = tracer.outcome();
 
         trace!("Execution finished with status: {:?}", effects.status());
 
 
@@ -28,20 +28,20 @@ use libafl_bolts::tuples::tuple_list;
 use movy_replay::db::{ObjectStoreCachedStore, ObjectStoreInfo};
 use movy_replay::env::SuiTestingEnv;
 use movy_replay::exec::SuiExecutor;
+use movy_replay::tracer::fuzz::PackageResolvedCache;
 use movy_replay::tracer::oracle::{CouldDisabledOralce, SuiGeneralOracle};
 use movy_sui::database::cache::{CachedStore, ObjectSuiStoreCommit};
 use movy_types::error::MovyError;
 use sui_types::storage::BackingStore;
 use sui_types::storage::{BackingPackageStore, ObjectStore};
 use tracing::{info, warn};
 
-pub fn oracles<T, S, E>(
+pub fn oracles<S, E>(
     typed_bug_abort: bool,
     disable_profit_oracle: bool,
     disable_defects_oracle: bool,
-) -> impl for<'a> SuiGeneralOracle<CachedStore<&'a T>, S>
+) -> impl SuiGeneralOracle<S>
 where
-    T: 'static + ObjectStore,
     S: HasMetadata + HasExtraState<ExtraState = ExtraNonSerdeFuzzState<E>> + HasFuzzMetadata,
 {
     tuple_list!(
@@ -60,6 +60,7 @@ fn fuzz_impl<T>(
     env: SuiTestingEnv<T>,
     output: &Option<PathBuf>,
     time_limit: Option<u64>,
+    cycles_limit: Option<u64>,
     typed_bug_abort: bool,
     disable_profit_oracle: bool,
     disable_defects_oracle: bool,
@@ -136,6 +137,7 @@ where
             disable_profit_oracle,
             disable_defects_oracle,
         ),
+        packages_cache: PackageResolvedCache::default(),
         epoch: state.fuzz_state().epoch,
         epoch_ms: state.fuzz_state().epoch_ms,
         ph: std::marker::PhantomData,
@@ -204,7 +206,7 @@ where
         .unwrap();
 
     let start = std::time::SystemTime::now();
-    let mut cycle = 1usize;
+    let mut cycle = 1u64;
     loop {
         if let Some(limit) = time_limit {
             let current = std::time::SystemTime::now();
@@ -215,6 +217,12 @@ where
             }
         }
 
+        if let Some(climit) = cycles_limit {
+            if cycle >= climit {
+                break;
+            }
+        }
+
         if let Err(e) = fuzzer.fuzz_one(&mut stages, &mut executor, &mut state, &mut mgr) {
             warn!("Getting fuzz error: {:?}", e);
             break;
@@ -250,6 +258,7 @@ pub fn fuzz(
     >,
     output: &Option<PathBuf>,
     time_limit: Option<u64>,
+    cycles_limit: Option<u64>,
     typed_bug_abort: bool,
     disable_profit_oracle: bool,
     disable_defects_oracle: bool,
@@ -259,6 +268,7 @@ pub fn fuzz(
         env,
         output,
         time_limit,
+        cycles_limit,
         typed_bug_abort,
         disable_profit_oracle,
         disable_defects_oracle,
 
@@ -13,7 +13,7 @@ use movy_replay::{
     db::{ObjectStoreCachedStore, ObjectStoreInfo, ObjectStoreMintObject},
     env::SuiTestingEnv,
     exec::SuiExecutor,
-    tracer::tree::TreeTracer,
+    tracer::{fuzz::PackageResolvedCache, tree::TreeTracer},
 };
 use movy_sui::database::cache::ObjectSuiStoreCommit;
 use movy_types::error::MovyError;
@@ -49,7 +49,7 @@ where
     let inner = env.into_inner();
     let executor = SuiExecutor::new(inner)?;
     let tracer = if trace { Some(TreeTracer::new()) } else { None };
-    let out = executor.run_ptb_with_gas(
+    let out = executor.run_ptb_with_movy_tracer_gas(
         seed.sequence.to_ptb()?,
         meta.epoch,
         meta.epoch_ms,
@@ -112,6 +112,7 @@ where
         ob: tuple_list!(code_observer),
         attacker,
         oracles: super::sui_fuzz::oracles(false, false, false),
+        packages_cache: PackageResolvedCache::default(),
         epoch: state.fuzz_state().epoch,
         epoch_ms: state.fuzz_state().epoch_ms,
         ph: std::marker::PhantomData,