Bug 5027 fuzz unification

[graydon]

Description

This is an initial step towards completion of #5027 -- it doesn't cover everything but it gets a lot of the basic reorganization done. I've ticked off the items in that bug that are done in this PR. There is a Soroban side of this change that now landed: stellar/rs-soroban-env#1646 though it's much less involved, just moves some code around.

To summarize the changes here:

• All the old AFL-specific stuff is ripped out.
• There's a new class FuzzTarget that you write a subclass of if you are writing a new fuzz target in C++.
  • This gives a clear, unambiguous "extension point" anytime someone wants to extend core's fuzzing (eg. write a fuzz target on contract or whatever).
  • If you're writing one on the Soroban side of Rust, the C++-side targets only vary by a single string name so they are not actually separate subclasses, just separate instances of the same class SorobanFuzzTarget, but the idea is the same. You add a target on the Rust side and you wire it into the dispatch function, by string name.
• All existing fuzz targets, both Soroban and non, are registered in a single app-wide FuzzTargetRegistry.
  • The registry lets you list, run-once, and generate-a-corpus of a given size for the target.
• Each target is also, separately, compilable in a way that fits the OSS-fuzz structure:
  • The Autoconf/Automake will, if configured with --enable-fuzz compile core with instrumentation and, separately, link one of 3 fuzz engines. You have to provide some separate env vars to specify the fuzz engine, which OSS-fuzz provides. It supports AFL++ (not old AFL), Libfuzzer, and Honggfuzz, and only supports each engine running in "persistent" mode (where the binary is observed by the fuzzer in-process).
  • The resulting instrumented and engine-linked artifacts get built "one executable per target", where you just run the executable to fuzz the target. So like the overlay fuzz target gets compiled into a binary called fuzz_overlay and so on.
• Core and Soroban are updated to compile-in all the fuzz targets without instrumentation any time C++ BUILD_TESTS / Rust feature="testutils" is turned on, because...
  • Each target is also wired into the normal, runs-all-the-time unit test suite, with 2 tests per target:
    • A "smoke" unit test that just checks that the fuzz target still works and can produce at least a few successful runs.
    • A "regression" unit test that runs seeds saved in a regression suite.
• Docs are updated to reflect all this.

Note: This change was written substantially by Opus 4.5 (on my direction from a fairly detailed spec) and it's made more than a few questionable choices during implementation (mostly over-complicating things). I am still in the process of reviewing, correcting, extending and minimizing its work.

[Copilot]

Pull request overview

This PR implements a unified fuzzing infrastructure for stellar-core that replaces the old AFL-specific implementation. The changes enable fuzzing with multiple modern fuzz engines (libFuzzer, AFL++, honggfuzz) while integrating fuzz targets into the normal test suite for continuous regression testing.

Changes:

• Introduces FuzzTarget interface and FuzzTargetRegistry for extensible fuzz target management
• Migrates existing tx and overlay fuzz targets to the new framework
• Adds Soroban fuzz target integration through Rust bridge
• Updates build system to support modern fuzzer engines with proper instrumentation
• Integrates fuzz targets as unit tests with corpus-based regression testing

Reviewed changes

Copilot reviewed 35 out of 38 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/util/Math.h	Changes global state seed tracking to use optional to support fuzz initialization
src/util/Math.cpp	Implements reinitializeAllGlobalStateForFuzzing for safe reseeding in fuzz contexts
src/test/test.cpp	Updates to use optional API for seed retrieval
src/test/fuzz/targets/TxFuzzTarget.h	New header defining transaction fuzzing target interface
src/test/fuzz/targets/TxFuzzTarget.cpp	Implementation of transaction fuzzing with ledger setup
src/test/fuzz/targets/SorobanFuzzTargets.h	Header for Soroban fuzz target wrappers
src/test/fuzz/targets/SorobanFuzzTargets.cpp	C++ bridge to Rust-based Soroban fuzz targets
src/test/fuzz/targets/OverlayFuzzTarget.h	Header for overlay/P2P message fuzzing
src/test/fuzz/targets/OverlayFuzzTarget.cpp	Implementation of overlay network fuzzing
src/test/fuzz/FuzzUtils.h	Shared utilities for compact XDR representation used in fuzzing
src/test/fuzz/FuzzUtils.cpp	Implementation of fuzzing utilities and XDR compactor/unpacker
src/test/fuzz/FuzzTargetRegistry.h	Central registry for fuzz target management
src/test/fuzz/FuzzTargetRegistry.cpp	Implementation of fuzz target registry
src/test/fuzz/FuzzRegressionTests.cpp	Shared test helpers for corpus regression and smoke tests
src/test/fuzz/FuzzMain.cpp	LibFuzzer-compatible entry point for fuzz binaries
src/test/fuzz.h	Removed old AFL-specific fuzzing interface
src/test/fuzz.cpp	Removed old AFL-specific fuzzing implementation
src/test/FuzzerImpl.h	Updated to remove old overlay fuzzer, keep tx fuzzer reference
src/test/FuzzerImpl.cpp	Removed old fuzzer implementations (migrated to new structure)
src/simulation/ApplyLoad.h	Changed constant to constexpr for consistency
src/rust/src/soroban_fuzz.rs	New Rust module bridging to Soroban fuzz targets
src/rust/src/lib.rs	Adds soroban_fuzz module to Rust library
src/rust/src/bridge.rs	Adds FuzzResultCode enum and run_soroban_fuzz_target bridge function
src/rust/soroban/p25	Updates Soroban submodule to version with fuzz support
src/rust/Cargo.toml	Adds fuzz and testutils features for fuzzing support
src/main/CommandLine.cpp	Replaces old fuzz commands with new fuzz-one, gen-fuzz, and fuzz-list
src/Makefile.am	Major build system changes to support modern fuzzing infrastructure
make-mks	Excludes main.cpp and FuzzMain.cpp from shared source lists
docs/software/commands.md	Updates command documentation for new fuzz commands
docs/fuzzing.md	Completely rewrites fuzzing documentation for new infrastructure
configure.ac	Replaces --enable-afl with --enable-fuzz supporting multiple engines
build-fuzz.sh	New build script for oss-fuzz integration
Makefile.am	Removes old AFL-specific targets
Builds/VisualStudio/stellar-core.vcxproj.filters	Updates Visual Studio project filters for new file structure
Builds/VisualStudio/stellar-core.vcxproj	Updates Visual Studio project for new fuzz files
.gitignore	Adds fuzz_* binaries to gitignore

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: cargo aho-corasick under MIT AND Unlicense Location: Package overview From: ? → cargo/tracy-client@0.17.0 → cargo/aho-corasick@1.1.4 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/aho-corasick@1.1.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: cargo memchr under MIT AND Unlicense Location: Package overview From: ? → cargo/tracy-client@0.17.0 → cargo/memchr@2.7.6 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/memchr@2.7.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: cargo regex-syntax Location: Package overview From: ? → cargo/tracy-client@0.17.0 → cargo/regex-syntax@0.8.8 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/regex-syntax@0.8.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: cargo unicode-ident under Unicode-3.0 License: Unicode-3.0 - the applicable license policy does not allow this license (4) (unicode-ident-1.0.22/Cargo.toml) License: Unicode-3.0 - the applicable license policy does not allow this license (4) (unicode-ident-1.0.22/Cargo.toml) License: Unicode-3.0 - the applicable license policy does not allow this license (4) (unicode-ident-1.0.22/LICENSE-UNICODE) From: ? → cargo/rand@0.8.5 → cargo/ed25519-dalek@2.2.0 → cargo/cxx@1.0.97 → cargo/unicode-ident@1.0.22 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/unicode-ident@1.0.22. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: cargo wasi License: Apache-2.0 WITH LLVM-exception - the applicable license policy does not allow this license exception (wasi-0.11.1+wasi-snapshot-preview1/LICENSE-Apache-2.0_WITH_LLVM-exception) From: ? → cargo/rand@0.8.5 → cargo/ed25519-dalek@2.2.0 → cargo/wasi@0.11.1%2Bwasi-snapshot-preview1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/wasi@0.11.1%2Bwasi-snapshot-preview1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: cargo wasm-encoder License: Apache-2.0 WITH LLVM-exception - the applicable license policy does not allow this license exception (wasm-encoder-0.38.1/Cargo.toml) From: ? → cargo/wasm-encoder@0.38.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/wasm-encoder@0.38.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: cargo wasm-smith License: Apache-2.0 WITH LLVM-exception - the applicable license policy does not allow this license exception (wasm-smith-0.13.1/Cargo.toml) From: ? → cargo/wasm-smith@0.13.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/wasm-smith@0.13.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report