-
-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integration of cargo-fuzz
to improve quality assurance of Rust code in Nyx
#162
Comments
cargo-fuzz
to improve quality assurance of Rust code in Nyx
Example of GitHub workflow: cargo-fuzz:
runs-on: ubuntu-latest
name: "Fuzz Rust codebase"
steps:
- uses: actions/checkout@v3
- name: "Install Rust toolchain"
run: rustup show
- uses: Swatinem/rust-cache@v2
- run: cargo install cargo-fuzz
- run: cargo fuzz build -s none "Fuzzing" should be added to the "test" conditional compilation attributes:
|
Here is a tiny tutorial on integrating Fuzzing into a silly Rust project with Step 1: Creating a Rust projectCreate a new Rust project with Cargo : cargo new calculator Navigate to the project directory: cd calculator Open the use calculator::calculate;
fn main() {
let op = '+';
let a = 5;
let b = 3;
match calculate(op, a, b) {
Some(result) => println!("Result: {}", result),
None => println!("Error: invalid operation or division by zero"),
}
} Create a new pub fn calculate(op: char, a: i32, b: i32) -> Option<i32> {
match op {
'+' => Some(a + b),
'-' => Some(a - b),
'*' => Some(a * b),
'/' => if b != 0 { Some(a / b) } else { None },
_ => None,
}
} Open the [lib]
name = "calculator"
path = "src/lib.rs" Compile and run the project to check that it works correctly: cargo run Step 2: Integrating cargo-fuzzInstall cargo-fuzz: cargo install cargo-fuzz Initialize fuzzing in your project: cargo fuzz init Create a new fuzzing target for the calculate function: cargo fuzz add calculate Open the file #![no_main]
use libfuzzer_sys::fuzz_target;
use calculator::calculate;
fuzz_target!(|data: (char, i32, i32)| {
let _ = calculate(data.0, data.1, data.2);
}); Open [dependencies]
calculator = { path = "../" } Run fuzzing: cargo fuzz run calculate Step 3: GitHub CI integrationCreate a new name: Fuzzing
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
fuzzing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: nightly
override: true
- name: Install cargo-fuzz
run: |
cargo install cargo-fuzz
- name: Run Fuzzing
run: |
cargo fuzz run calculate -- -max_total_time=180 This workflow file performs the following actions:
|
High level description
Nyx, being a high fidelity astrodynamics software, is built with a focus on reliability and accuracy. To further enhance the robustness of the Rust codebase, I propose the integration of fuzz testing using the cargo-fuzz package.
Fuzz testing, or fuzzing, is a quality assurance technique used to discover coding errors and security loopholes in software. By sending random, unexpected, or malformed data as inputs to the software, we can identify potential crashes, memory leaks, or other vulnerabilities that may not be caught with traditional testing methods.
Requirements
The system needs to integrate the cargo-fuzz package into the existing Rust codebase. This will involve setting up the fuzzing environment, writing fuzz targets for critical parts of the code, and running the fuzz tests.
Test plans
The fuzz tests will be run as part of the continuous integration pipeline. The success of the integration will be measured by the ability of the fuzz tests to run without causing crashes or uncovering memory leaks. Edge cases to consider include handling of extremely large inputs, malformed data, and unexpected data types.
Design
The design will involve setting up the cargo-fuzz environment, identifying parts of the code that would benefit from fuzz testing, and writing the corresponding fuzz targets. The fuzz tests will then be integrated into the continuous integration pipeline.
Algorithm demonstration
The fuzzing process does not involve a change in algorithm but rather the introduction of a new testing method. The fuzzing process will be based on the cargo-fuzz package, which has been validated and is widely used in the Rust community.
API definition
The introduction of fuzz testing does not directly affect the Nyx APIs. However, the process may indirectly lead to improvements in the APIs if the fuzz testing uncovers issues that need to be addressed.
The integration of fuzz testing can be visualized as follows:
The text was updated successfully, but these errors were encountered: