feat(fuzz): arbitrary implementation for Cell and CellBuilder

broxus · May 28, 2024 · 55a2ed5 · 55a2ed5
1 parent 0abd815
commit 55a2ed5
Show file tree

Hide file tree

Showing 9 changed files with 20,509 additions and 5 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,6 +23,7 @@ members = ["proc"]
 [dependencies]
 ahash = "0.8"
 anyhow = { version = "1.0", optional = true }
+arbitrary = { version = "1", optional = true }
 base64 = { version = "0.21.0", optional = true }
 bitflags = "2.3"
 bytes = { version = "1.4", optional = true }
@@ -47,12 +48,14 @@ anyhow = "1.0"
 base64 = "0.21"
 criterion = "0.5"
 libc = "0.2"
+include_dir = "0.7.3"
 rand = "0.8"
 rand_xorshift = "0.3"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 
 [features]
+arbitrary = ["dep:arbitrary"]
 default = ["base64", "serde", "models", "sync"]
 sync = []
 stats = []

diff --git a/fuzz/.gitignore b/fuzz/.gitignore
@@ -1,3 +1,4 @@
 target
 corpus
 artifacts
+coverage
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -9,10 +9,12 @@ edition = "2021"
 cargo-fuzz = true
 
 [dependencies]
+arbitrary = { version = "1.0.1", features = ["derive"] }
 libfuzzer-sys = "0.4"
 
 [dependencies.everscale-types]
 path = ".."
+features = ["arbitrary"]
 
 # Prevent this from interfering with workspaces
 [workspace]
@@ -42,8 +44,20 @@ path = "fuzz_targets/boc_dict.rs"
 test = false
 doc = false
 
+[[bin]]
+name = "boc_dict_arb"
+path = "fuzz_targets/boc_dict_arb.rs"
+test = false
+doc = false
+
 [[bin]]
 name = "boc_message"
 path = "fuzz_targets/boc_message.rs"
 test = false
 doc = false
+
+[[bin]]
+name = "boc_message_arb"
+path = "fuzz_targets/boc_message_arb.rs"
+test = false
+doc = false
diff --git a/fuzz/fuzz_targets/boc_decode_encode.rs b/fuzz/fuzz_targets/boc_decode_encode.rs
@@ -1,10 +1,28 @@
 #![no_main]
-use libfuzzer_sys::fuzz_target;
+use libfuzzer_sys::{fuzz_target, Corpus};
 
-use everscale_types::prelude::Boc;
+use everscale_types::cell::CellTreeStats;
+use everscale_types::prelude::*;
 
-fuzz_target!(|data: &[u8]| {
+fuzz_target!(|data: &[u8]| -> Corpus {
     if let Ok(cell) = Boc::decode(data) {
-        _ = Boc::encode(cell.as_ref());
+        let res = Boc::encode(cell.as_ref());
+        let redecoded = Boc::decode(&res).unwrap();
+        assert_eq!(cell.as_ref(), redecoded.as_ref());
+        let l = call_all_cell_methods(&cell);
+        let r = call_all_cell_methods(&redecoded);
+        assert_eq!(l, r);
+        return Corpus::Keep;
     }
+    Corpus::Reject
 });
+
+fn call_all_cell_methods(cell: &Cell) -> CellTreeStats {
+    let hash = cell.hash(0);
+    let hash = cell.hash(1);
+    let hash = cell.hash(2);
+    let hash = cell.hash(3);
+
+    let _ = cell.virtualize();
+    cell.compute_unique_stats(usize::MAX).unwrap()
+}
diff --git a/fuzz/fuzz_targets/boc_dict_arb.rs b/fuzz/fuzz_targets/boc_dict_arb.rs
@@ -0,0 +1,12 @@
+#![no_main]
+use libfuzzer_sys::{fuzz_target, Corpus};
+
+use everscale_types::prelude::{Cell, RawDict};
+
+fuzz_target!(|data: Cell| -> Corpus {
+    if let Ok(map) = data.parse::<RawDict<32>>() {
+        _ = map.iter().count();
+        return Corpus::Keep;
+    }
+    Corpus::Reject
+});
diff --git a/fuzz/fuzz_targets/boc_message_arb.rs b/fuzz/fuzz_targets/boc_message_arb.rs
@@ -0,0 +1,13 @@
+#![no_main]
+use libfuzzer_sys::{fuzz_target, Corpus};
+
+use everscale_types::models::Message;
+use everscale_types::prelude::Cell;
+
+fuzz_target!(|cell: Cell| -> Corpus {
+    if cell.parse::<Message>().is_ok() {
+        return Corpus::Keep;
+    }
+
+    Corpus::Reject
+});