Add more fuzz targets#5331
Open
graydon wants to merge 4 commits into
Open
Conversation
2b37199 to
c3f9a7a
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds three new fuzz targets (SCP, bucketlist storage layer, and Soroban parallel apply differential testing) and extends the test harness to support capturing transaction apply-order and running fuzz targets outside Catch’s runner. It also includes build / Rust-protocol gating changes related to the new fastdev mode.
Changes:
- Add new fuzz targets:
scp,bucketlist, andparallel_tx(Soroban parallel apply equivalence oracle). - Extend
txtest::closeLedger*helpers with an optional callback to observe transaction apply-order. - Improve fuzz execution ergonomics by installing a Catch result-capture for standalone fuzz entry points, and wire new fuzz binaries into the build.
Reviewed changes
Copilot reviewed 16 out of 17 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/TxTests.h | Adds apply-order callback type and threads it through closeLedger* declarations. |
| src/test/TxTests.cpp | Implements apply-order callback by iterating ApplicableTxSetFrame::getPhasesInApplyOrder() before externalization. |
| src/test/fuzz/targets/SCPFuzzTarget.cpp | New deterministic multi-node SCP simulation fuzz target with replay determinism check. |
| src/test/fuzz/targets/SCPFuzzTarget.checklist.md | Development checklist / notes for SCP fuzz harness evolution. |
| src/test/fuzz/targets/ParallelTxFuzzTarget.cpp | New Soroban parallel apply differential fuzz target comparing serial vs parallel outcomes. |
| src/test/fuzz/targets/BucketListFuzzTarget.cpp | New bucketlist / hot-archive mutation harness with model-vs-ApplyLedgerView invariants. |
| src/test/fuzz/ScopedCatchResultCapture.h | Adds a minimal Catch IResultCapture to allow REQUIRE/CHECK usage in standalone fuzz runs. |
| src/test/fuzz/FuzzMain.cpp | Installs ScopedCatchResultCapture before running fuzz targets. |
| src/main/CommandLine.cpp | Installs ScopedCatchResultCapture for runFuzz CLI path as well. |
| src/rust/src/soroban_test_extra_protocol.rs | Gates protocol-22 extra-test path when fastdev is enabled. |
| src/rust/src/soroban_proto_all.rs | Refactors protocol-agnostic helpers to use soroban_curr and gates older protocol modules under !fastdev. |
| src/rust/src/soroban_module_cache.rs | Switches cache dispatch to use resolved host module and gates older per-protocol caches under !fastdev. |
| src/rust/Cargo.toml | Renames unified feature to fastdev, updates host rev, and adjusts feature composition. |
| src/Makefile.am | Adds fastdev cargo feature/profile wiring and adds new fuzz binaries to the build. |
| CONTRIBUTING.md | Renames “unified Rust” documentation to “fastdev” and updates related guidance. |
| configure.ac | Adds --enable-fastdev-unsafe-for-production and forces next when fastdev is enabled. |
| Cargo.toml | Adds a fastdev Cargo profile (inherits release; reduced LTO/debuginfo changes). |
| Cargo.lock | Updates dependency sources / adds an additional stellar-xdr source entry. |
Comment on lines
+14
to
+19
| #include <algorithm> | ||
| #include <array> | ||
| #include <map> | ||
| #include <memory> | ||
| #include <string> | ||
| #include <vector> |
Comment on lines
+19
to
+21
| #include <algorithm> | ||
| #include <map> | ||
| #include <set> |
Comment on lines
+100
to
+117
| AC_ARG_ENABLE(fastdev-unsafe-for-production, | ||
| AS_HELP_STRING([--enable-fastdev-unsafe-for-production], | ||
| [Build in fast development mode UNSAFE FOR PRODUCTION])) | ||
| AS_IF([test "x$enable_fastdev_unsafe_for_production" = "xyes"], [ | ||
| AC_MSG_NOTICE([enabling fastdev build profile UNSAFE FOR PRODUCTION]) | ||
| fastdev_cxx_version=`$CXX --version 2>/dev/null` | ||
| case "$fastdev_cxx_version" in | ||
| *clang*) | ||
| CXXFLAGS="$CXXFLAGS -gline-tables-only" | ||
| AC_MSG_NOTICE([added -gline-tables-only to CXXFLAGS]) | ||
| ;; | ||
| *) | ||
| AC_MSG_ERROR([fastdev build requires clang compiler]) | ||
| ;; | ||
| esac | ||
| ]) | ||
| AM_CONDITIONAL(ENABLE_FASTDEV_UNSAFE_FOR_PRODUCTION, | ||
| [test "x$enable_fastdev_unsafe_for_production" = "xyes"]) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds 3 new fuzz targets: one for SCP, the bucketlist, and the soroban parallel-exec phase.
These are LLM-authored with a decent amount of supervision and guidance on my part, but they could contain bugs or shortcomings. They seem to work, they make sense to me at a high level, and being limited to fuzz targets it doesn't seem particularly terrible if there are bugs or shortcomings. But there might be some.
It's built on top of fastdev mode since, so that PR #5298 should merge first.