Add a fuzzing example. #265
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
brson
commented
Jul 2, 2023
sisuresh
reviewed
Jul 3, 2023
sisuresh
approved these changes
Jul 5, 2023
sisuresh
added a commit
that referenced
this pull request
Jul 13, 2023
* mention release preview version in readme * fix * Update build command (#258) Co-authored-by: Leigh McCulloch <351529+leighmcculloch@users.noreply.github.com> * Bump sdk for preview 10 (#262) * Bump sdk for token and implement temporary allowances * Update rest of examples * Update atomic swap example. * Update multiswap example * fix more examples * Fix events example * Update auth example * Update timelock example * fix tests --------- Co-authored-by: Dmytro Kozhevin <dmytro@stellar.org> * Add/update examples with new functionality (#261) * Change deployer example to deploy contracts on behalf of any address. * Bump SDK to 0.9.1 * Add example for deep sub-contract auth. * Add makefile for a new example * !fixup makefile fix * Fix event name (#264) * Add a fuzzing example. (#265) * Bump increment (#267) * Added instance bump to increment * Bump sdk to 0.9.2 --------- Co-authored-by: Siddharth Suresh <siddharth@stellar.org> * Add bumps to token example (#268) * Update soroban cli version --------- Co-authored-by: Graydon Hoare <graydon@pobox.com> Co-authored-by: Siddharth Suresh <siddharth@stellar.org> Co-authored-by: Dmytro Kozhevin <dmytro@stellar.org> Co-authored-by: Brian Anderson <andersrb@gmail.com> Co-authored-by: Garand Tyson <garand@stellar.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Add an example of fuzzing soroban contracts.
Why
This example supports the fuzzing features added to the SDK in stellar/rs-soroban-sdk#957.
Once landed it will be supported by this tutorial for soroban-docs: stellar-deprecated/soroban-docs#486
It is probably best to review both patches simultaneously in case any changes are needed to the example to support changes requested in the docs.
This example demonstrates how to write fuzz tests and fuzz with cargo-fuzz, and how to convert fuzz tests to proptests.
The contract added here under
fuzzingis a duplicate of the timelock example, with some changes to illustrate fuzzing features required by the accompanying soroban-docs patch. That patch, linked above, explains this example comprehensively, so it may help reviewing. Differences from the timelock example include: an extra check that the balance is nonzero, the ability to make multiple withdrawals.The duplication of the timelock contract is perhaps unfortunate, but I think useful - the contract is not the point of this example, and readers will potentially already be familiar with it by the time they read the fuzzing tutorial. It is ok for the fuzzing version of the timelock contract to drift from the main timelock contract during maintenance; they do not need to be exactly the same.
A few lines of the contract are commented out purposely so that the fuzzers will fail. The tutorial illustrates this and expects the reader to fix it.
Known limitations
It duplicates the timelock example.
The makefile runs
cargo checkon the fuzz tests to ensure that they build for CI, but it does not actually run the fuzzer because that would require ensuringcargo-fuzzis installed.