Trail of Bits Enhances Mewt Mutation Testing Engine with DAML Support
Trail of Bits' open-source mutation testing engine, Mewt, now supports DAML, improving the assessment of test suite effectiveness for Canton Network applications.

Trail of Bits has announced a significant expansion of its open-source mutation testing engine, Mewt, with the addition of support for DAML. DAML is the primary language used for developing applications on the Canton Network, a platform focused on smart contract development for regulated industries. This update allows Mewt to generate specific test mutants for DAML code, including specialized tests designed to probe the language's authorization primitives. By running these mutants against existing test suites, Mewt can provide a more accurate and granular measure of test suite quality than traditional metrics like line coverage.
Mewt's new capabilities aim to address a critical gap in smart contract development: the misleading nature of conventional test coverage reports. While 100% line coverage indicates that test code has executed specific lines of production code, it does not guarantee that the tests would fail if that code behaved incorrectly. This is particularly problematic in smart contract development, where subtle bugs in authorization logic or business rules can have severe financial or operational consequences. Mewt's approach, which has been used since at least 2019, grades test harnesses by actively sabotaging the code and observing whether the test suite detects the change.
The mutation testing process involves the engine creating modified versions of the code, known as mutants, each containing a single, deliberate change. These changes can range from flipped comparison operators to removed conditional branches or altered party assignments. The existing test suite is then executed against each mutant. If a test fails, the mutant is considered 'caught,' indicating the test suite's effectiveness in detecting that specific alteration. Conversely, if a mutant passes all tests, it 'survives,' highlighting a potential gap in the test suite's coverage or a bug that the tests would miss.
Survivors are then categorized. Some may be 'equivalent mutants,' representing code changes that are harmless or indistinguishable from the original by any test. Others might represent branches of code that are unreachable during normal execution. The remaining survivors, however, represent a direct to-do list for developers: each one signifies a specific test case that is missing from the suite, a scenario that should be checked but currently is not. In some instances, these gaps can hide critical vulnerabilities.
For DAML contracts, which inherently deal with complex authorization logic and interactions between named parties, testing these primitives is paramount. A common pitfall involves errors in controller clauses, such as typos, missing parties, or incorrect party assignments, which can pass static analysis but lead to security vulnerabilities. Traditional 'happy path' tests often verify successful transactions without adequately probing the negative cases or authorization constraints. Mutation testing, by introducing deliberate changes to these authorization rules, forces the test suite to demonstrate whether it can detect such errors.
Mewt achieves its DAML support by leveraging a tree-sitter grammar. While a dedicated DAML tree-sitter grammar is not yet maintained, Mewt utilizes the existing tree-sitter-haskell grammar, adapting it to DAML's syntax, which shares similarities with Haskell. Although DAML's specific contract constructs like template and choice are parsed as error-recovered subtrees, the engine effectively mutates ordinary expressions. Crucially, Mewt introduces two new mutation types specifically for DAML's authorization primitives: Controller Party Swap (CPS) and Controller Party Removal (CPR). These mutations test whether the suite can detect changes in the set of parties authorized to exercise a choice.
Implementing Mewt for a DAML project is designed to be straightforward. Users can install Mewt from its repository, configure a mewt.toml file to specify their project and test command (e.g., dpm test for Daml 3 projects), and then execute mewt run. The engine will then generate mutants, run the tests against them, and report the number of surviving mutants, providing a quantifiable measure of the test suite's robustness and its ability to catch potential authorization flaws.