fuzz: add zkas_compile.rs libfuzzer fuzz harness

This should have been done in an earlier commit (a0e78b576a) but I forgot to add the file.
2026-01-09 22:57:59 -05:00 · 2023-09-19 16:16:02 -04:00
parent cd3334806d
commit 82b9ab914e
1 changed files with 84 additions and 0 deletions
--- a/fuzz/fuzz_targets/zkas_compile.rs
+++ b/fuzz/fuzz_targets/zkas_compile.rs
@@ -0,0 +1,84 @@
 /* This file is part of DarkFi (https://dark.fi)
 *
 * Copyright (C) 2020-2023 Dyne.org foundation
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 // See also honggfuzz/zkas_compile.rs
 #![no_main]
 use libfuzzer_sys::fuzz_target;
 use darkfi::zkas::{Lexer, Parser, Compiler, Analyzer};
 use std::str;
 fuzz_target!(|data: &[u8]| {
    // The lex, parse, compile code below is taken from bin/zkas/src/main.rs
    // Use only inputs that can be encoded as .chars(), as this is what the
    // zkas binary uses
    let chars = match str::from_utf8(data) {
        Ok(v) => v.chars(),
        Err(_e) => return,
    };
    let filename = "/dev/null";
    let lexer = Lexer::new(filename, chars.clone());
    let tokens = match lexer.lex() {
        Ok(v) => v,
        Err(_) => return,
    };
    // The parser goes over the tokens provided by the lexer and builds
    // the initial AST, not caring much about the semantics, just enforcing
    // syntax and general structure.
    let parser = Parser::new(filename, chars.clone(), tokens);
    let (namespace, k, constants, witnesses, statements) = match parser.parse() {
        Ok(v) => v,
        Err(_) => return,
    };
    // The analyzer goes through the initial AST provided by the parser and
    // converts return and variable types to their correct forms, and also
    // checks that the semantics of the ZK script are correct.
    let mut analyzer = Analyzer::new(filename, chars.clone(), constants, witnesses, statements);
    if analyzer.analyze_types().is_err() {
        return
    }
    // Skip this section because it automatically pauses on output which is probably
    // preventing coverage
    // if analyzer.analyze_semantic().is_err() {
    //     return
    // }
    let compiler = Compiler::new(
        filename,
        chars.clone(),
        namespace,
        k,
        analyzer.constants,
        analyzer.witnesses,
        analyzer.statements,
        analyzer.literals,
        false, // no debug info
    );
    match compiler.compile() {
        Ok(v) => v,
        Err(_) => return,
    };
 });