Merge pull request #3717 from autonomys/staking_fuzzer

SRLabs: Introduce fuzzing harness for pallet-domains

Author: vedhavyas

.github/workflows/rust.yml

@@ -376,6 +376,32 @@ jobs:
         run: |
           scripts/runtime-benchmark.sh
 
+  staking-fuzzer-test:
+    name: staking-fuzzer-test (Linux x86-64)
+    # Fuzzing is most efficient on Linux, it doesn't matter if it fails on other OSes.
+    # Our runs-on instances don't have the required packages
+    runs-on: ubuntu-22.04
+    # Don't use the full 6 hours if fuzzing hangs
+    timeout-minutes: 120
+    env:
+      AFL_SKIP_CPUFREQ: 1
+      AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Apt update
+        run: sudo apt-get update
+
+      - name: install dependencies
+        run: sudo apt install -y protobuf-compiler binutils-dev coreutils
+
+      - name: install ziggy
+        run: cargo install --force ziggy cargo-afl honggfuzz grcov
+
+      - name: test fuzzer
+        run: scripts/run-fuzzer.sh
+
   # This job checks all crates individually, including no_std and other featureless builds.
   # We need to check crates individually for missing features, because cargo does feature
   # unification, which hides missing features when crates are built together.
@@ -503,6 +529,7 @@ jobs:
       - check-runtime-benchmarks
       - cargo-check-individually
       - cargo-unused-deps
+      - staking-fuzzer-test
     steps:
       - name: Check job statuses
         # Another hack is to actually check the status of the dependencies or else it'll fall through
@@ -515,3 +542,4 @@ jobs:
           [[ "${{ needs.check-runtime-benchmarks.result }}" == "success" ]] || exit 1
           [[ "${{ needs.cargo-check-individually.result }}" == "success" ]] || exit 1
           [[ "${{ needs.cargo-unused-deps.result }}" == "success" ]] || exit 1
+          [[ "${{ needs.staking-fuzzer-test.result }}" == "success" ]] || exit 1

.gitignore

@@ -1,2 +1,4 @@
 /.idea
 /target
+/test/subspace-test-fuzzer/target
+/test/subspace-test-fuzzer/output

Cargo.lock

@@ -17,6 +17,7 @@ members = [
     "domains/test/utils",
     "shared/*",
     "test/subspace-test-client",
+    "test/subspace-test-fuzzer",
     "test/subspace-test-runtime",
     "test/subspace-test-service",
 ]
@@ -36,6 +37,7 @@ auto-id-domain-runtime = { version = "0.1.0", path = "domains/runtime/auto-id" }
 auto-id-domain-test-runtime = { version = "0.1.0", path = "domains/test/runtime/auto-id" }
 backoff = "0.4.0"
 base58 = "0.2.0"
+bincode = { version = "1.3.3" }
 bip39 = "2.0.0"
 bitvec = "1.0.1"
 blake2 = { version = "0.10.6", default-features = false }
@@ -300,6 +302,7 @@ unsigned-varint = "0.8.0"
 void = "1.0.2"
 x509-parser = "0.16.0"
 zeroize = "1.8.1"
+ziggy = { version = "1.3.4", default-features = false }
 
 # The list of dependencies below (which can be both direct and indirect dependencies) are crates
 # that are suspected to be CPU-intensive, and that are unlikely to require debugging (as some of

Cargo.toml

@@ -36,6 +36,16 @@ sp-version = { workspace = true, features = ["serde"] }
 subspace-core-primitives.workspace = true
 subspace-runtime-primitives.workspace = true
 
+# fuzz feature optional dependencies
+bincode = { workspace = true, optional = true }
+domain-pallet-executive = { workspace = true, optional = true, default-features = true }
+pallet-timestamp = { workspace = true, optional = true, default-features = true }
+pallet-block-fees = { workspace = true, optional = true, default-features = true }
+serde = { workspace = true, optional = true, features = ["derive"] }
+sp-externalities = { workspace = true, optional = true, default-features = true }
+sp-keystore = { workspace = true, optional = true, default-features = true }
+sp-state-machine = { workspace = true, optional = true, default-features = true }
+
 [dev-dependencies]
 domain-pallet-executive.workspace = true
 hex-literal.workspace = true
@@ -85,3 +95,16 @@ runtime-benchmarks = [
     "sp-runtime/runtime-benchmarks",
     "sp-subspace-mmr/runtime-benchmarks",
 ]
+
+fuzz = [
+    "bincode",
+    "domain-pallet-executive",
+    "hex-literal",
+    "pallet-timestamp",
+    "pallet-block-fees",
+    "serde",
+    "sp-externalities",
+    "sp-keystore",
+    "sp-state-machine",
+    "std",
+]

crates/pallet-domains/Cargo.toml

@@ -1487,6 +1487,6 @@ mod benchmarks {
     impl_benchmark_test_suite!(
         Domains,
         crate::tests::new_test_ext_with_extensions(),
-        crate::tests::Test
+        crate::mock::Test
     );
 }

crates/pallet-domains/src/benchmarking.rs

@@ -639,11 +639,11 @@ pub(crate) fn invalid_bundle_authors_for_receipt<T: Config>(
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::mock::{BlockTreePruningDepth, Domains, Test};
     use crate::tests::{
-        BlockTreePruningDepth, Domains, Test, create_dummy_bundle_with_receipts,
-        create_dummy_receipt, extend_block_tree, extend_block_tree_from_zero,
-        get_block_tree_node_at, new_test_ext_with_extensions, register_genesis_domain,
-        run_to_block,
+        create_dummy_bundle_with_receipts, create_dummy_receipt, extend_block_tree,
+        extend_block_tree_from_zero, get_block_tree_node_at, new_test_ext_with_extensions,
+        register_genesis_domain, run_to_block,
     };
     use crate::{FrozenDomains, RawOrigin as DomainOrigin};
     use frame_support::dispatch::RawOrigin;

crates/pallet-domains/src/block_tree.rs

@@ -398,7 +398,8 @@ pub(crate) fn do_update_domain_allow_list<T: Config>(
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::tests::{TEST_RUNTIME_APIS, Test, new_test_ext};
+    use crate::mock::Test;
+    use crate::tests::{TEST_RUNTIME_APIS, new_test_ext};
     use domain_runtime_primitives::{AccountId20, AccountId20Converter, DEFAULT_EVM_CHAIN_ID};
     use frame_support::traits::Currency;
     use frame_support::{assert_err, assert_ok};

crates/pallet-domains/src/domain_registry.rs

@@ -0,0 +1,4 @@
+mod fuzz_utils;
+mod staking;
+
+pub use staking::run_staking_fuzz;