Skip to content

Add more fuzz targets#5331

Open
graydon wants to merge 4 commits into
stellar:masterfrom
graydon:more-fuzz-targets
Open

Add more fuzz targets#5331
graydon wants to merge 4 commits into
stellar:masterfrom
graydon:more-fuzz-targets

Conversation

@graydon

@graydon graydon commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

This adds 3 new fuzz targets: one for SCP, the bucketlist, and the soroban parallel-exec phase.

These are LLM-authored with a decent amount of supervision and guidance on my part, but they could contain bugs or shortcomings. They seem to work, they make sense to me at a high level, and being limited to fuzz targets it doesn't seem particularly terrible if there are bugs or shortcomings. But there might be some.

It's built on top of fastdev mode since, so that PR #5298 should merge first.

Copilot AI review requested due to automatic review settings June 27, 2026 00:43
@graydon graydon force-pushed the more-fuzz-targets branch from 2b37199 to c3f9a7a Compare June 27, 2026 00:45

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds three new fuzz targets (SCP, bucketlist storage layer, and Soroban parallel apply differential testing) and extends the test harness to support capturing transaction apply-order and running fuzz targets outside Catch’s runner. It also includes build / Rust-protocol gating changes related to the new fastdev mode.

Changes:

  • Add new fuzz targets: scp, bucketlist, and parallel_tx (Soroban parallel apply equivalence oracle).
  • Extend txtest::closeLedger* helpers with an optional callback to observe transaction apply-order.
  • Improve fuzz execution ergonomics by installing a Catch result-capture for standalone fuzz entry points, and wire new fuzz binaries into the build.

Reviewed changes

Copilot reviewed 16 out of 17 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/test/TxTests.h Adds apply-order callback type and threads it through closeLedger* declarations.
src/test/TxTests.cpp Implements apply-order callback by iterating ApplicableTxSetFrame::getPhasesInApplyOrder() before externalization.
src/test/fuzz/targets/SCPFuzzTarget.cpp New deterministic multi-node SCP simulation fuzz target with replay determinism check.
src/test/fuzz/targets/SCPFuzzTarget.checklist.md Development checklist / notes for SCP fuzz harness evolution.
src/test/fuzz/targets/ParallelTxFuzzTarget.cpp New Soroban parallel apply differential fuzz target comparing serial vs parallel outcomes.
src/test/fuzz/targets/BucketListFuzzTarget.cpp New bucketlist / hot-archive mutation harness with model-vs-ApplyLedgerView invariants.
src/test/fuzz/ScopedCatchResultCapture.h Adds a minimal Catch IResultCapture to allow REQUIRE/CHECK usage in standalone fuzz runs.
src/test/fuzz/FuzzMain.cpp Installs ScopedCatchResultCapture before running fuzz targets.
src/main/CommandLine.cpp Installs ScopedCatchResultCapture for runFuzz CLI path as well.
src/rust/src/soroban_test_extra_protocol.rs Gates protocol-22 extra-test path when fastdev is enabled.
src/rust/src/soroban_proto_all.rs Refactors protocol-agnostic helpers to use soroban_curr and gates older protocol modules under !fastdev.
src/rust/src/soroban_module_cache.rs Switches cache dispatch to use resolved host module and gates older per-protocol caches under !fastdev.
src/rust/Cargo.toml Renames unified feature to fastdev, updates host rev, and adjusts feature composition.
src/Makefile.am Adds fastdev cargo feature/profile wiring and adds new fuzz binaries to the build.
CONTRIBUTING.md Renames “unified Rust” documentation to “fastdev” and updates related guidance.
configure.ac Adds --enable-fastdev-unsafe-for-production and forces next when fastdev is enabled.
Cargo.toml Adds a fastdev Cargo profile (inherits release; reduced LTO/debuginfo changes).
Cargo.lock Updates dependency sources / adds an additional stellar-xdr source entry.

Comment on lines +14 to +19
#include <algorithm>
#include <array>
#include <map>
#include <memory>
#include <string>
#include <vector>
Comment on lines +19 to +21
#include <algorithm>
#include <map>
#include <set>
Comment thread configure.ac
Comment on lines +100 to +117
AC_ARG_ENABLE(fastdev-unsafe-for-production,
AS_HELP_STRING([--enable-fastdev-unsafe-for-production],
[Build in fast development mode UNSAFE FOR PRODUCTION]))
AS_IF([test "x$enable_fastdev_unsafe_for_production" = "xyes"], [
AC_MSG_NOTICE([enabling fastdev build profile UNSAFE FOR PRODUCTION])
fastdev_cxx_version=`$CXX --version 2>/dev/null`
case "$fastdev_cxx_version" in
*clang*)
CXXFLAGS="$CXXFLAGS -gline-tables-only"
AC_MSG_NOTICE([added -gline-tables-only to CXXFLAGS])
;;
*)
AC_MSG_ERROR([fastdev build requires clang compiler])
;;
esac
])
AM_CONDITIONAL(ENABLE_FASTDEV_UNSAFE_FOR_PRODUCTION,
[test "x$enable_fastdev_unsafe_for_production" = "xyes"])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants