Nexum Graph's highest-risk contracts live at the semantic boundary:
- extractor stability on arbitrary bytes
- graph construction from extracted units and dependency edges
- diff classification invariants across arbitrary unit sets
The repo ships dedicated libFuzzer targets under fuzz:
semantic_pipelineRuns the TypeScript, Python, and Rust extractors against arbitrary bytes, builds aCodeGraph, and asserts extractor and graph invariants.graph_diffBuilds arbitrary synthetic graphs and asserts thatCodeGraph::diff()preserves the bucket and classification contracts frozen in CORE_INVARIANTS.md.
Install cargo-fuzz once:
cargo install cargo-fuzzFrom the repo root:
cargo fuzz run semantic_pipeline
cargo fuzz run graph_diffTo start from the checked-in seeds:
cargo fuzz run semantic_pipeline fuzz/corpus/semantic_pipelineIf you only want to verify that the fuzz package still compiles:
cargo check --manifest-path fuzz/Cargo.toml --binsThe fuzz package compile-checks on Windows/MSVC, but live cargo fuzz run ...
is not currently validated in this environment. On the machine used for the
release sweep, cargo-fuzz links failed with unresolved __sancov_* symbols
even with --sanitizer none. For live fuzz campaigns, prefer Linux or macOS
until the MSVC sanitizer-coverage toolchain issue is resolved.
Update the fuzz targets when you change:
- semantic unit identity rules
- extractor dependency edge logic
- graph diff classification rules
Treat crashes or invariant failures here as core regressions, not low-priority test noise.