lez-fuzzing/Justfile

# ── Fuzzing ───────────────────────────────────────────────────────────────────
export RISC0_DEV_MODE := "1"

# Run all fuzz targets for TIME seconds each (default: 30)
fuzz TIME="30":
    cargo fuzz run fuzz_transaction_decoding  -- -max_total_time={{TIME}}
    cargo fuzz run fuzz_stateless_verification -- -max_total_time={{TIME}}
    cargo fuzz run fuzz_state_transition      -- -max_total_time={{TIME}}
    cargo fuzz run fuzz_block_verification    -- -max_total_time={{TIME}}

# Re-run the saved corpus (regression mode, no new mutations)
fuzz-regression:
    cargo fuzz run fuzz_transaction_decoding  fuzz/corpus/fuzz_transaction_decoding  -- -runs=0
    cargo fuzz run fuzz_stateless_verification fuzz/corpus/fuzz_stateless_verification -- -runs=0
    cargo fuzz run fuzz_state_transition      fuzz/corpus/fuzz_state_transition      -- -runs=0
    cargo fuzz run fuzz_block_verification    fuzz/corpus/fuzz_block_verification    -- -runs=0

# Minimise a crash artifact
# Usage: just fuzz-tmin fuzz_state_transition fuzz/artifacts/fuzz_state_transition/crash-XXX
fuzz-tmin TARGET ARTIFACT:
    cargo fuzz tmin {{TARGET}} {{ARTIFACT}}

# Run the proptest-based property tests
fuzz-props:
    cargo test -p fuzz_props --release

# Pull the latest LEZ changes from the sibling logos-execution-zone directory
update-lez:
    git -C ../logos-execution-zone pull --ff-only

# ── Corpus management ─────────────────────────────────────────────────────────

# Minimise the corpus for all four targets (removes dominated inputs)
corpus-cmin:
    cargo fuzz cmin fuzz_transaction_decoding
    cargo fuzz cmin fuzz_stateless_verification
    cargo fuzz cmin fuzz_state_transition
    cargo fuzz cmin fuzz_block_verification

# Minimise the corpus for a single target
# Usage: just corpus-cmin-target fuzz_state_transition
corpus-cmin-target TARGET:
    cargo fuzz cmin {{TARGET}}

# ── Housekeeping ──────────────────────────────────────────────────────────────

# Remove all Cargo build artefacts (workspace + fuzz sub-crate)
clean:
    cargo clean
    cargo clean --manifest-path fuzz/Cargo.toml

# Remove libFuzzer crash/timeout artifacts for all targets (corpus is kept)
clean-artifacts:
    rm -rf fuzz/artifacts/

# Remove coverage reports generated by `cargo fuzz coverage`
clean-coverage:
    rm -rf fuzz/coverage/

# Remove everything: builds, artifacts, and coverage
clean-all: clean clean-artifacts clean-coverage
Initial commit 2026-04-13 16:03:20 +08:00			`# ── Fuzzing ───────────────────────────────────────────────────────────────────`
			`export RISC0_DEV_MODE := "1"`

			`# Run all fuzz targets for TIME seconds each (default: 30)`
			`fuzz TIME="30":`
			`cargo fuzz run fuzz_transaction_decoding -- -max_total_time={{TIME}}`
			`cargo fuzz run fuzz_stateless_verification -- -max_total_time={{TIME}}`
			`cargo fuzz run fuzz_state_transition -- -max_total_time={{TIME}}`
			`cargo fuzz run fuzz_block_verification -- -max_total_time={{TIME}}`

			`# Re-run the saved corpus (regression mode, no new mutations)`
			`fuzz-regression:`
			`cargo fuzz run fuzz_transaction_decoding fuzz/corpus/fuzz_transaction_decoding -- -runs=0`
			`cargo fuzz run fuzz_stateless_verification fuzz/corpus/fuzz_stateless_verification -- -runs=0`
			`cargo fuzz run fuzz_state_transition fuzz/corpus/fuzz_state_transition -- -runs=0`
			`cargo fuzz run fuzz_block_verification fuzz/corpus/fuzz_block_verification -- -runs=0`

			`# Minimise a crash artifact`
			`# Usage: just fuzz-tmin fuzz_state_transition fuzz/artifacts/fuzz_state_transition/crash-XXX`
			`fuzz-tmin TARGET ARTIFACT:`
			`cargo fuzz tmin {{TARGET}} {{ARTIFACT}}`

			`# Run the proptest-based property tests`
			`fuzz-props:`
			`cargo test -p fuzz_props --release`

			`# Pull the latest LEZ changes from the sibling logos-execution-zone directory`
			`update-lez:`
			`git -C ../logos-execution-zone pull --ff-only`

			`# ── Corpus management ─────────────────────────────────────────────────────────`

			`# Minimise the corpus for all four targets (removes dominated inputs)`
			`corpus-cmin:`
			`cargo fuzz cmin fuzz_transaction_decoding`
			`cargo fuzz cmin fuzz_stateless_verification`
			`cargo fuzz cmin fuzz_state_transition`
			`cargo fuzz cmin fuzz_block_verification`

			`# Minimise the corpus for a single target`
			`# Usage: just corpus-cmin-target fuzz_state_transition`
			`corpus-cmin-target TARGET:`
			`cargo fuzz cmin {{TARGET}}`

			`# ── Housekeeping ──────────────────────────────────────────────────────────────`

			`# Remove all Cargo build artefacts (workspace + fuzz sub-crate)`
			`clean:`
			`cargo clean`
			`cargo clean --manifest-path fuzz/Cargo.toml`

			`# Remove libFuzzer crash/timeout artifacts for all targets (corpus is kept)`
			`clean-artifacts:`
			`rm -rf fuzz/artifacts/`

			# Remove coverage reports generated by `cargo fuzz coverage`
			`clean-coverage:`
			`rm -rf fuzz/coverage/`

			`# Remove everything: builds, artifacts, and coverage`
			`clean-all: clean clean-artifacts clean-coverage`