Skip to content

chore(python): fuzz-tester stretch goals #1663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: fuzzTestingInTestVectors
Choose a base branch
from
Open

chore(python): fuzz-tester stretch goals #1663

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cd4b533
chore(python): fuzz-tester stretch goals
ShreyesS Aug 5, 2025
2b12fb5
pr-ci format changes
ShreyesS Aug 5, 2025
21216df
Makefile formatting
ShreyesS Aug 5, 2025
f550897
artifact for coverage guidance
ShreyesS Aug 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 22 additions & 6 deletions .github/workflows/library_interop_tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@ on:
required: false
default: false
type: boolean
coverage-guided-fuzz:
description: "Use coverage-guided fuzzing to validate fuzz vector generation (automatically enables fuzz vectors)"
required: false
default: false
type: boolean

jobs:
generateEncryptVectors:
Expand Down Expand Up @@ -84,9 +89,13 @@ jobs:
pip install poetry

- name: Install hypothesis for fuzz testing
if: ${{ inputs.fuzz-testing }}
if: ${{ inputs.fuzz-testing || inputs.coverage-guided-fuzz }}
run: pip install hypothesis

- name: Install hypofuzz for coverage-guided fuzzing
if: ${{ inputs.coverage-guided-fuzz }}
run: pip install hypofuzz

- name: Setup Rust Toolchain for GitHub CI
if: matrix.language == 'rust'
uses: actions-rust-lang/[email protected]
Expand Down Expand Up @@ -199,22 +208,29 @@ jobs:
- name: Create Manifests
working-directory: ./${{ matrix.library }}
run: |
if [ "${{ inputs.fuzz-testing }}" = "true" ]; then
if [ "${{ inputs.fuzz-testing }}" = "true" ] || [ "${{ inputs.coverage-guided-fuzz }}" = "true" ]; then
echo "Generating fuzzed test vectors"
make test_generate_fuzz_vectors_${{ matrix.language }} NUM_VECTORS=10
make test_generate_fuzz_vectors_${{ matrix.language }} NUM_VECTORS=2000
else
echo "Generating regular test vectors"
make test_generate_vectors_${{ matrix.language }}
fi

- name: Validate Test Vector Generation (Coverage-Guided Fuzzing)
if: ${{ inputs.coverage-guided-fuzz }}
working-directory: ./${{ matrix.library }}
run: |
echo "Running coverage-guided fuzzing to validate test vector generation logic"
make test_coverage_guided_fuzz_${{ matrix.language }} DURATION=300
echo "Coverage-guided validation completed - see output above for coverage metrics"

- name: Create Encrypt Manifests
working-directory: ./${{ matrix.library }}
run: make test_encrypt_vectors_${{ matrix.language }}

- name: Upload Encrypt Manifest and keys.json files
uses: actions/upload-artifact@v4
with:
name: ${{matrix.os}}_vector_artifact_${{matrix.language}}${{ inputs.fuzz-testing && '_fuzz' || '' }}
name: ${{matrix.os}}_vector_artifact_${{matrix.language}}${{ inputs.fuzz-testing && '_fuzz' || '' }}${{ inputs.coverage-guided-fuzz && '_coverage_validated' || '' }}
path: ./${{matrix.library}}/runtimes/${{matrix.language}}/*.json

testInteroperablity:
Expand Down Expand Up @@ -388,7 +404,7 @@ jobs:
- name: Download Encrypt Manifest Artifact
uses: actions/download-artifact@v4
with:
name: ${{matrix.os}}_vector_artifact_${{matrix.encrypting_language}}${{ inputs.fuzz-testing && '_fuzz' || '' }}
name: ${{matrix.os}}_vector_artifact_${{matrix.encrypting_language}}${{ inputs.fuzz-testing && '_fuzz' || '' }}${{ inputs.coverage-guided-fuzz && '_coverage_validated' || '' }}
path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}}

- name: Decrypt Encrypt Manifest
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/pull.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,13 @@ jobs:
dafny: ${{needs.getVersion.outputs.version}}
fuzz-testing: true
secrets: inherit
pr-coverage-guided-fuzz-test:
needs: getVersion
uses: ./.github/workflows/library_interop_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
coverage-guided-fuzz: true
secrets: inherit
pr-ci-all-required:
if: always()
needs:
Expand All @@ -78,6 +85,7 @@ jobs:
- pr-ci-rust
- pr-interop-test
- pr-fuzz-interop-test
- pr-coverage-guided-fuzz-test
runs-on: ubuntu-22.04
steps:
- name: Verify all required jobs passed
Expand Down
7 changes: 6 additions & 1 deletion TestVectorsAwsCryptographicMaterialProviders/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,4 +264,9 @@ test_generate_fuzz_vectors_%:
cd dafny/TestVectorsAwsCryptographicMaterialProviders/test && python3 fuzz_generator.py --num-vectors $(NUM_VECTORS)
cd ../../../
cp dafny/TestVectorsAwsCryptographicMaterialProviders/test/manifest.json runtimes/$*/
cp dafny/TestVectorsAwsCryptographicMaterialProviders/test/keys.json runtimes/$*/
cp dafny/TestVectorsAwsCryptographicMaterialProviders/test/keys.json runtimes/$*/

# Coverage-guided fuzzing using hypofuzz
# Usage: make test_coverage_guided_fuzz_LANG LANG=python DURATION=300
test_coverage_guided_fuzz_%:
cd dafny/TestVectorsAwsCryptographicMaterialProviders/test && python3 hypofuzz_runner.py --duration $(DURATION)
Loading
Loading