Add fuzzer for the compact custom codec implementation from PR #6720 (#…

…7091) * Add fuzzer for the compact custom codec implementation introduced in PR #6720. This commit adds a fuzzing harness for the custom compact encoding/decoding introduced in PR #6720. * Update primitives/npos-elections/fuzzer/src/compact.rs Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> * Update Cargo.lock: Add changes in elections-fuzzer * Change indentation from spaces to tabs Co-authored-by: Vincent Ulitzsch <vincent@srlabs.de> Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
paritytech · Sep 18, 2020 · 6c89d07 · 6c89d07
1 parent 4b471dd
commit 6c89d07
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 0 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/primitives/npos-elections/fuzzer/Cargo.toml b/primitives/npos-elections/fuzzer/Cargo.toml
@@ -19,6 +19,7 @@ sp-std = { version = "2.0.0-rc6", path = "../../std" }
 sp-runtime = { version = "2.0.0-rc6", path = "../../runtime" }
 honggfuzz = "0.5"
 rand = { version = "0.7.3", features = ["std", "small_rng"] }
+codec = { package = "parity-scale-codec", version = "1.0.0", default-features = false, features = ["derive"] }
 
 [[bin]]
 name = "reduce"
@@ -27,3 +28,7 @@ path = "src/reduce.rs"
 [[bin]]
 name = "balance_solution"
 path = "src/balance_solution.rs"
+
+[[bin]]
+name = "compact"
+path = "src/compact.rs"
diff --git a/primitives/npos-elections/fuzzer/src/compact.rs b/primitives/npos-elections/fuzzer/src/compact.rs
@@ -0,0 +1,34 @@
+use honggfuzz::fuzz;
+use sp_npos_elections::generate_solution_type;
+use sp_npos_elections::sp_arithmetic::Percent;
+use sp_runtime::codec::{Encode, Error};
+
+fn main() {
+	generate_solution_type!(#[compact] pub struct InnerTestSolutionCompact::<u32, u32, Percent>(16));
+	loop {
+		fuzz!(|fuzzer_data: &[u8]| {
+			let result_decoded: Result<InnerTestSolutionCompact, Error> =
+				<InnerTestSolutionCompact as codec::Decode>::decode(&mut &fuzzer_data[..]);
+			// Ignore errors as not every random sequence of bytes can be decoded as InnerTestSolutionCompact
+			if let Ok(decoded) = result_decoded {
+				// Decoding works, let's re-encode it and compare results.
+				let reencoded: std::vec::Vec<u8> = decoded.encode();
+				// The reencoded value may or may not be equal to the original fuzzer output. However, the
+				// original decoder should be optimal (in the sense that there is no shorter encoding of
+				// the same object). So let's see if the fuzzer can find something shorter:
+				if fuzzer_data.len() < reencoded.len() {
+					panic!("fuzzer_data.len() < reencoded.len()");
+				}
+				// The reencoded value should definitely be decodable (if unwrap() fails that is a valid
+				// panic/finding for the fuzzer):
+				let decoded2: InnerTestSolutionCompact =
+					<InnerTestSolutionCompact as codec::Decode>::decode(
+						&mut reencoded.as_slice(),
+					).unwrap();
+				// And it should be equal to the original decoded object (resulting from directly
+				// decoding fuzzer_data):
+				assert_eq!(decoded, decoded2);
+			}
+		});
+	}
+}