Add shallow fuzz testing

ZcashFoundation · Oct 15, 2024 · 848ebaa · 848ebaa
1 parent 4e1fc1c
commit 848ebaa
Show file tree

Hide file tree

Showing 7 changed files with 89 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -149,3 +149,24 @@ jobs:
         with:
           command: clippy
           args: -- -D warnings
+
+  fuzz:
+    name: Fuzz
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - nightly
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          override: true
+      - run: cargo install cargo-fuzz
+      - uses: actions-rs/cargo@v1
+        with:
+          command: fuzz
+          args: run compare -- -max_total_time=100
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -59,11 +59,12 @@ path = "src/lib.rs"
 
 [features]
 external-secp = []
-rust-interpreter = []
+test-dependencies = []
 
 [dependencies]
 bitflags = "2.5"
 enum_primitive = "0.1"
+libfuzzer-sys = "0.4"
 log = "0.4"
 proptest = "0.9"
 ripemd = "0.1"

diff --git a/fuzz/.gitignore b/fuzz/.gitignore
@@ -0,0 +1,4 @@
+target
+corpus
+artifacts
+coverage
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -0,0 +1,19 @@
+[package]
+name = "zcash_script-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+zcash_script = { path = "..", features = ["test-dependencies"] }
+
+[[bin]]
+name = "compare"
+path = "fuzz_targets/compare.rs"
+test = false
+doc = false
+bench = false
diff --git a/fuzz/fuzz_targets/compare.rs b/fuzz/fuzz_targets/compare.rs
@@ -0,0 +1,24 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+extern crate zcash_script;
+
+use zcash_script::*;
+
+fn missing_sighash(_script_code: &[u8], _hash_type: HashType) -> Option<[u8; 32]> {
+    None
+}
+
+fuzz_target!(|tup: (i64, bool, &[u8], &[u8], u32)| {
+    // `fuzz_target!` doesn’t support pattern matching in the parameter list.
+    let (lock_time, is_final, pub_key, sig, flags) = tup;
+    let ret = check_verify_callback::<Cxx, Rust>(
+        &missing_sighash,
+        lock_time,
+        is_final,
+        pub_key,
+        sig,
+        testing::repair_flags(VerificationFlags::from_bits_truncate(flags)),
+    );
+    assert_eq!(ret.0, ret.1);
+});
diff --git a/src/lib.rs b/src/lib.rs
@@ -131,7 +131,7 @@ fn check_legacy_sigop_count_script<T: ZcashScript, U: ZcashScript>(
 /// Runs both the C++ and Rust implementations of `ZcashScript::verify_callback` and returns both
 /// results. This is more useful for testing than the impl that logs a warning if the results differ
 /// and always returns the C++ result.
-fn check_verify_callback<T: ZcashScript, U: ZcashScript>(
+pub fn check_verify_callback<T: ZcashScript, U: ZcashScript>(
     sighash: SighashCalculator,
     lock_time: i64,
     is_final: bool,