Initial skeleton for fuzzing infrastructure (#699)

* Initial fuzzing skeleton This commit introduces the initial skeleton for Javy's fuzzing infrastructure. This commit focuses on the `json-differential` target, to check Javy's SIMD-based, custom `JSON.parse` and `JSON.stringify` implementations. The implementation aims to take full advantage of libfuzzer's coverage capabilities and that's the reason why it uses the native version of QuickJS instead of the Wasm version. * Add README * Build fuzz targets in CI * Revert runtime configuration changes * Add `check-fuzz.yml` * Fix typo * Fix `check-fuzz` format * Add linting * Fixes * Fix formatting in check-fuzz.yml * Parametrize cargo fuzz and nightly version * Split steps to read versions * Fix typo in rustup install nightly * Fix typo in cargo install cargo-fuzz * Improve nightly installation step * Use rustup override * Drop clippy from fuzz * Fix `lint` newlines
bytecodealliance · Jul 9, 2024 · de8431f · de8431f
1 parent 3f8f302
commit de8431f
Show file tree

Hide file tree

Showing 13 changed files with 559 additions and 714 deletions.
diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml
@@ -0,0 +1,42 @@
+# Smoke test to build fuzz targets.
+# Deserves its own action given that it depends on nightly
+# and there's currently no way to define multiple toolchains through the 
+# `rust-toolchain.toml` configuration file.
+name: Build Fuzz Targets
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  check-fuzz:
+    name: Build fuzz targets
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Read pinned nightly version
+        id: nightly_version
+        shell: bash
+        run: |
+          NIGHTLY_VERSION=$(cat pinned-nightly-version)
+          echo "::set-output name=nightly_version::$NIGHTLY_VERSION"
+
+      - name: Read cargo fuzz version
+        id: cargo_fuzz_version
+        shell: bash
+        run: |
+          CARGO_FUZZ_VERSION=$(cat pinned-cargo-fuzz-version)
+          echo "::set-output name=cargo_fuzz_version::$CARGO_FUZZ_VERSION"
+
+      - name: Install nightly
+        run: |
+          rustup install ${{ steps.nightly_version.outputs.nightly_version }}
+          rustup override set ${{ steps.nightly_version.outputs.nightly_version }}
+          rustup component add clippy
+
+      - name: Install cargo fuzz
+        run: cargo install cargo-fuzz --version=${{ steps.cargo_fuzz_version.outputs.cargo_fuzz_version }}
+
+      - name: Build fuzz targets
+        run: cargo fuzz build --dev
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -45,7 +45,12 @@ jobs:
         run: cargo test --package=javy-runner
 
       - name: Lint
-        run: cargo clippy --workspace --exclude=javy-cli --exclude=javy-runner --target=wasm32-wasi --all-targets -- -D warnings
+        run: |
+          cargo clippy --workspace \
+          --exclude=javy-cli \
+          --exclude=javy-runner \
+          --exclude=javy-fuzz \
+          --target=wasm32-wasi --all-targets -- -D warnings
         
       # We need to specify a different job for linting `javy-runner` given that 
       # it depends on Wasmtime and Cranelift cannot be compiled to `wasm32-wasi`