While we've moving (almost) everything stable by default now,
fuzzing still requires nightly.
Since stable is now the default we need to add "+nightly" to
various fuzzing commands.
Libfuzzer has more capabilities to provide a helpful code coverage
report for fuzz testing. (Or at least is has better documentation.)
This commit copies the zkas-compile harness from honggfuzz into libfuzzer.
It also includes instructions for generating coverage reports.
* fuzz: Add honggfuzz
- Added honggfuzz in fuzz2/ (alongside libfuzzer in fuzz/)
- Created convenience script for fuzzing binary decoder
- Created a script to convert inputs that cause crashes into arrays so
that they can be used in unit tests
* Create honggfuzz as subdirectory of fuzz/
- Reorg so that honggfuzz is under fuzz/ instead of in a separate
sibling-level directory fuzz2
- Update fuzz/README.md to make it explicit that it covers libfuzzer
Note: `cargo fuzz`/libfuzzer seems to insist that its folder exists at
`$REPO/fuzz/` so that's the reason for this particular folder structure.
---------
Co-authored-by: y <y>
Add more documentation to fuzz/README.md, especially when it comes to
interpreting out-of-memory issues.
Co-authored-by: y <y>
Co-authored-by: parazyd <parazyd@users.noreply.github.com>
Use artifacts/ rather than corpus/ to track fuzz inputs. corpus appears
to be a temporary directory that will be modified when minimizing test
cases using commands like `cargo fuzz cmin` or `cargo fuzz tmin`. For
this reason it's not suitable for long-term storage and is likely to
make the git commit-staging process very messy.
- Inform devs how to build an organized and useful corpora based on the
results of fuzz testing.
- Modify .gitignore to allow corpus/ tracking. Note: files in corpus/
should not be blindly committed but selectively added based on
usefulness
- Add emptyfile to zkas-decoder corpus because it caused a panic
