Open TheBlueMatt opened 4 years ago
TheBlueMatt
commented
4 years ago Another thing we should work with is Driller. This makes it look pretty easy to get it going in a VM: https://blog.grimm-co.com/post/guided-fuzzing-with-driller/ . If someone feels inclined to work on this I can dig up a bunch of CPU resources for use fuzzing.
TheBlueMatt
commented
4 years ago Played with driller a bit today, managed pretty easily (just adding new main()s in the fuzz_targets that actually read from stdin instead of use macros from other crates to do so) to get it to load but it crashes when it starts trying to do real work. See https://github.com/shellphish/driller/issues/81.
TheBlueMatt
commented
4 years ago
We have a bit of ad-hoc testing of on-chain failure paths right now. Coverage isn't too bad (though really should be 100% for channelmonitor's important functions), but that probably isn't enough. We should finish up the fuzz full_stack_target's money loss detection code, and maybe come up with a better fuzz target for that kind of broad-scale target (maybe getting Angora working would help, see https://github.com/AngoraFuzzer/Angora/issues/10). Also mutation testing to make sure our coverage is "real", but that's tracked in #188.