# ── Fuzzing ─────────────────────────────────────────────────────────────────── export RISC0_DEV_MODE := "1" # List all registered fuzz targets (reads fuzz/Cargo.toml via cargo-fuzz) list-targets: cargo fuzz list # Run all fuzz targets for TIME seconds each (default: 30). # Targets are discovered automatically from fuzz/Cargo.toml — no edit needed here # when a new [[bin]] entry is added. fuzz TIME="30": #!/bin/bash set -euo pipefail for target in $(cargo fuzz list 2>/dev/null); do echo "=== fuzzing $target for {{TIME}}s ===" cargo fuzz run "$target" -- -max_total_time={{TIME}} done # Re-run the saved corpus for every target (regression mode, no new mutations) fuzz-regression: #!/bin/bash set -euo pipefail for target in $(cargo fuzz list 2>/dev/null); do echo "=== regression $target ===" mkdir -p "fuzz/corpus/$target" cargo fuzz run "$target" "fuzz/corpus/$target" -- -runs=0 done # Minimise a crash artifact # Usage: just fuzz-tmin fuzz_state_transition fuzz/artifacts/fuzz_state_transition/crash-XXX fuzz-tmin TARGET ARTIFACT: cargo fuzz tmin {{TARGET}} {{ARTIFACT}} # Run the proptest-based property tests fuzz-props: cargo test -p fuzz_props --release # Pull the latest LEZ changes from the sibling logos-execution-zone directory update-lez: git -C ../logos-execution-zone pull --ff-only # ── Corpus management ───────────────────────────────────────────────────────── # Minimise the corpus for all targets (removes dominated inputs) corpus-cmin: #!/bin/bash set -euo pipefail for target in $(cargo fuzz list 2>/dev/null); do echo "=== cmin $target ===" cargo fuzz cmin "$target" done # Minimise the corpus for a single target # Usage: just corpus-cmin-target fuzz_state_transition corpus-cmin-target TARGET: cargo fuzz cmin {{TARGET}} # ── Adding a new target ─────────────────────────────────────────────────────── # Scaffold a new fuzz target — fully automated, no manual edits required. # # Steps performed automatically: # 1. Creates fuzz/corpus// # 2. Copies fuzz/fuzz_targets/_template.rs → fuzz/fuzz_targets/.rs # 3. Appends the [[bin]] entry to fuzz/Cargo.toml # 4. Inserts into every strategy matrix in .github/workflows/fuzz.yml # # Usage: just new-target my_feature # (the "fuzz_" prefix is added automatically) new-target NAME: #!/bin/bash set -euo pipefail TARGET="fuzz_{{NAME}}" TEMPLATE="fuzz/fuzz_targets/_template.rs" RS_FILE="fuzz/fuzz_targets/${TARGET}.rs" CORPUS_DIR="fuzz/corpus/${TARGET}" # ── 1. Create corpus directory ──────────────────────────────────────────── mkdir -p "$CORPUS_DIR" echo "[1/4] Created corpus directory: $CORPUS_DIR" # ── 2. Copy the typed fuzz target template ──────────────────────────────── if [ -f "$RS_FILE" ]; then echo "SKIP [2/4]: $RS_FILE already exists — not overwriting." else cp "$TEMPLATE" "$RS_FILE" echo "[2/4] Created target from template: $RS_FILE" fi # ── 3 & 4. Update Cargo.toml and fuzz.yml automatically ────────────────── python3 scripts/add_fuzz_target.py "$TARGET" echo "" echo "Done! Verify the build with:" echo " RISC0_DEV_MODE=1 cargo fuzz build ${TARGET}" # ── Housekeeping ────────────────────────────────────────────────────────────── # Remove all Cargo build artefacts (workspace + fuzz sub-crate) clean: cargo clean cargo clean --manifest-path fuzz/Cargo.toml # Remove libFuzzer crash/timeout artifacts for all targets (corpus is kept) clean-artifacts: rm -rf fuzz/artifacts/ # Remove coverage reports generated by `cargo fuzz coverage` clean-coverage: rm -rf fuzz/coverage/ # Remove everything: builds, artifacts, and coverage clean-all: clean clean-artifacts clean-coverage