mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-04-26 19:17:58 +00:00
Louis Merlin
84d89e379b
This adds `try_state()` and `integrity_test()` to the four runtimes of the XCM-simulator fuzzer. With this, we are able to stress-test [message-queue's try_state](https://github.com/paritytech/polkadot-sdk/blob/7df1ae3b8111d534cce108b2b405b6a33fcdedc3/substrate/frame/message-queue/src/lib.rs#L1245-L1347). This also adds the `Transact` block-listing from #2424 to avoid false-positives. Thank you @ggwpez for the help with the runtime configurations.
41 lines
1.1 KiB
Markdown
41 lines
1.1 KiB
Markdown
# XCM Simulator Fuzzer
|
|
|
|
This project will fuzz-test the XCM simulator. It can catch reachable panics, timeouts as well as integer overflows and
|
|
underflows.
|
|
|
|
## Install dependencies
|
|
|
|
```
|
|
cargo install honggfuzz
|
|
```
|
|
|
|
## Run the fuzzer
|
|
|
|
In this directory, run this command:
|
|
|
|
```
|
|
HFUZZ_BUILD_ARGS="--features=try-runtime" cargo hfuzz run xcm-fuzzer
|
|
```
|
|
|
|
## Run a single input
|
|
|
|
In this directory, run this command:
|
|
|
|
```
|
|
cargo run --features=try-runtime -- hfuzz_workspace/xcm-fuzzer/fuzzer_input_file
|
|
```
|
|
|
|
## Generate coverage
|
|
|
|
In this directory, run these four commands:
|
|
|
|
```
|
|
RUSTFLAGS="-Zprofile -Ccodegen-units=1 -Copt-level=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests -Cpanic=abort" \
|
|
CARGO_INCREMENTAL=0 SKIP_WASM_BUILD=1 CARGO_HOME=./cargo cargo build --features=try-runtime
|
|
../../../target/debug/xcm-fuzzer hfuzz_workspace/xcm-fuzzer/input/
|
|
zip -0 ccov.zip `find ../../../target/ \( -name "*.gc*" -o -name "test-*.gc*" \) -print`
|
|
grcov ccov.zip -s ../../../ -t html --llvm --branch --ignore-not-existing -o ./coverage
|
|
```
|
|
|
|
The code coverage will be in `./coverage/index.html`.
|