Improve Fuzzing runs (#402)

* Update Fuzzing:
* add coverage generation
* fix block numeration error
* fix AFL build error
* add an EVM run

* toml sort

* fix unexistent call

.github/workflows/evm-weekly-fuzzer.yml

@@ -0,0 +1,49 @@
+name: EVM Template Fuzzer (Weekly run)
+
+on:
+  schedule:
+    # Runs at 00:00 UTC every Sunday
+    - cron: '0 0 * * 0'
+  workflow_dispatch:
+
+jobs:
+  generic-template-fuzzer:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+
+      - name: Add target
+        run: rustup target add wasm32-unknown-unknown
+
+      - name: Add dependencies
+        run: cargo install ziggy cargo-afl honggfuzz grcov
+
+      - name: Build AFL config
+        run: cargo afl config --build
+        working-directory: evm-template/template-fuzzer
+
+      - name: Run Ziggy Fuzzing
+        run: |
+          AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 timeout 5h cargo ziggy fuzz -t 20 || true
+        working-directory: evm-template/template-fuzzer
+
+      - name: Generate Ziggy Fuzzing Coverage Result
+        run: |
+          CARGO_HOME=.cargo cargo ziggy cover
+        working-directory: evm-template/template-fuzzer
+
+      - name: Zip Artifacts
+        run: zip artifacts.zip evm-template/template-fuzzer/output/* -r
+
+      - name: Save Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzzing-artifacts
+          path: artifacts.zip

.github/workflows/generic-weekly-fuzzer.yml

@@ -33,6 +33,11 @@ jobs:
         run: |
           AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 timeout 5h cargo ziggy fuzz -t 20 || true
         working-directory: generic-template/template-fuzzer
+
+      - name: Generate Ziggy Fuzzing Coverage Result
+        run: |
+          CARGO_HOME=.cargo cargo ziggy cover
+        working-directory: generic-template/template-fuzzer
 
       - name: Zip Artifacts
         run: zip artifacts.zip generic-template/template-fuzzer/output/* -r

.gitignore

@@ -27,4 +27,7 @@ docs/build
 **/zombienet-linux-x64
 **/bin-*
 
-coverage
+coverage
+
+# fuzzing output
+**/template-fuzzer/output

evm-template/template-fuzzer/Cargo.toml

@@ -15,6 +15,7 @@ workspace = true
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+quinn-proto = { version = "0.9.6", features = [ "arbitrary" ] }
 ziggy = { workspace = true }
 
 evm-runtime-template = { path = "../runtime" }

evm-template/template-fuzzer/src/main.rs

@@ -105,7 +105,8 @@ fn process_input(accounts: &[AccountId], genesis: &Storage, data: &[u8]) {
                 continue;
             }
             if lapse > 0 {
-                finalize_block(elapsed);
+                println!("\n  time spent: {elapsed:?}");
+                assert!(elapsed.as_secs() <= 2, "block execution took too much time");
 
                 block += u32::from(lapse) * 393; // 393 * 256 = 100608 which nearly corresponds to a week
                 weight = 0.into();
@@ -126,14 +127,15 @@ fn process_input(accounts: &[AccountId], genesis: &Storage, data: &[u8]) {
             println!("    call:       {extrinsic:?}");
 
             let now = Instant::now(); // We get the current time for timing purposes.
+
             #[allow(unused_variables)]
             let res = extrinsic.dispatch(RuntimeOrigin::signed(origin));
             elapsed += now.elapsed();
 
             println!("    result:     {res:?}");
         }
 
-        finalize_block(elapsed);
+        Executive::finalize_block();
 
         check_invariants(block, initial_total_issuance);
     });
@@ -142,11 +144,14 @@ fn process_input(accounts: &[AccountId], genesis: &Storage, data: &[u8]) {
 fn initialize_block(block: u32) {
     println!("\ninitializing block {}", block);
 
-    let current_timestamp = u64::from(block) * SLOT_DURATION;
+    let current_timestamp = u64::from(block) * SLOT_DURATION * 2;
 
     let prev_header = match block {
         1 => None,
-        _ => Some(Executive::finalize_block()),
+        _ => {
+            println!("  finalizing block");
+            Some(Executive::finalize_block())
+        }
     };
 
     let parent_header = &Header::new(
@@ -280,14 +285,6 @@ fn recursive_call_filter(call: &RuntimeCall, origin: usize) -> bool {
     }
 }
 
-fn finalize_block(elapsed: Duration) {
-    println!("\n  time spent: {elapsed:?}");
-    assert!(elapsed.as_secs() <= 2, "block execution took too much time");
-
-    println!("  finalizing block");
-    Executive::finalize_block();
-}
-
 fn check_invariants(block: u32, initial_total_issuance: Balance) {
     let mut counted_free = 0;
     let mut counted_reserved = 0;

generic-template/template-fuzzer/Cargo.toml

@@ -15,6 +15,7 @@ workspace = true
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+quinn-proto = { version = "0.9.6", features = [ "arbitrary" ] }
 ziggy = { workspace = true }
 
 generic-runtime-template = { path = "../runtime" }

generic-template/template-fuzzer/src/main.rs

@@ -103,7 +103,8 @@ fn process_input(accounts: &[AccountId], genesis: &Storage, data: &[u8]) {
             }
 
             if lapse > 0 {
-                finalize_block(elapsed);
+                println!("\n  time spent: {elapsed:?}");
+                assert!(elapsed.as_secs() <= 2, "block execution took too much time");
 
                 block += u32::from(lapse) * 393; // 393 * 256 = 100608 which nearly corresponds to a week
                 weight = 0.into();
@@ -131,7 +132,7 @@ fn process_input(accounts: &[AccountId], genesis: &Storage, data: &[u8]) {
             println!("    result:     {res:?}");
         }
 
-        finalize_block(elapsed);
+        Executive::finalize_block();
 
         check_invariants(block, initial_total_issuance);
     });
@@ -140,7 +141,7 @@ fn process_input(accounts: &[AccountId], genesis: &Storage, data: &[u8]) {
 fn initialize_block(block: u32) {
     println!("\ninitializing block {}", block);
 
-    let current_timestamp = u64::from(block) * SLOT_DURATION;
+    let current_timestamp = u64::from(block) * SLOT_DURATION * 2;
 
     let prev_header = match block {
         1 => None,
@@ -207,14 +208,6 @@ fn initialize_block(block: u32) {
     // Calls that need to be called before each block starts (init_calls) go here
 }
 
-fn finalize_block(elapsed: Duration) {
-    println!("\n  time spent: {elapsed:?}");
-    assert!(elapsed.as_secs() <= 2, "block execution took too much time");
-
-    println!("  finalizing block");
-    Executive::finalize_block();
-}
-
 fn check_invariants(block: u32, initial_total_issuance: Balance) {
     let mut counted_free = 0;
     let mut counted_reserved = 0;