search

FuelLabs / fuels-rs

Fuel Network Rust SDK
https://fuellabs.github.io/fuels-rs
Apache License 2.0
44.38k stars 1.32k forks source link

Explore adding fuzzing tests in the SDK #1210

Open digorithm opened 7 months ago

digorithm commented 7 months ago

TBD.

iqdecay commented 6 months ago

@xgreenx I'm currently using https://rust-fuzz.github.io/book/cargo-fuzz.html to do structure-aware fuzzing. For the fuzzer to be aware of the types, you need to derive the Arbitrary trait on the types you that you use, so that you can do this:

fuzz_target!(|fuzzed: TheTypeIWantToFuzz)| { ... })

Now, for instance for the ContractCall type:

pub struct ContractCall {
    pub contract_id: Bech32ContractId,
    pub encoded_args: UnresolvedBytes,
    pub encoded_selector: Selector,
    pub call_parameters: CallParameters,
    pub compute_custom_input_offset: bool,
    pub variable_outputs: Vec<Output>,
    pub external_contracts: Vec<Bech32ContractId>,
    pub output_param: ParamType,
    pub is_payable: bool,
    pub custom_assets: HashMap<(AssetId, Option<Bech32Address>), u64>,
}

I need to go add this line 

#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]

to every sub-type in ContractCall. That includes AssetId, that comes from fuel-vm. Otherwise, I would need to write a function to transform the fuzzing bytes into a ContractCall. Doing this for all type would create a lot of boilerplate code that just take the fuzzed bytes and transform them.

I think it is worth adding the derive directive to some fuel-vm types to make structured fuzzing easier.

xgreenx commented 6 months ago

You can add this derive into fuel-types under the test-helpers feature, and it will be automatically propagated in all other crates because we use this feature.