To provide greater assurance in the correctness and security of Subnets, we should include fuzz-testing as part of our development lifecycle.
The goal of this issue is to get at least one fuzz-test running as part of Continuous Integration, so we have ongoing coverage. We can iterate this fuzz testing work in the immediate future to cover more of the subnets project.
Milestones
[x] Integrated with cargo fuzz without adding arbitrary to other modules
[x] Identify at least one meaningful fuzzing target
[x] Study the hot path for smart contracts for good candidates
[ ] Used automated tools, e.g. siderophile, to identify other candidates
Delayed due to LLVM compatibility issues that the maintainer is currently working to fix
[x] GitHub Actions script that runs cargo fuzz in CI
[ ] Verify that fuzz test actually runs in GitHub Actions for new pull requests and pushes
[ ] Ensure fuzzing scaffolding is easy to extend as subnets development continues
Stretch Goals
[x] Parallelize CI fuzzing script
[ ] Integrate with afl-fuzz to generate smart contracts for long-running fuzzing processes
To provide greater assurance in the correctness and security of Subnets, we should include fuzz-testing as part of our development lifecycle.
The goal of this issue is to get at least one fuzz-test running as part of Continuous Integration, so we have ongoing coverage. We can iterate this fuzz testing work in the immediate future to cover more of the subnets project.
Milestones
cargo fuzz
without addingarbitrary
to other modulescargo fuzz
in CIStretch Goals