Improve fuzzer for XCMv4 #2424
Improve fuzzer for XCMv4 #2424
Conversation
|
The CI pipeline was cancelled due to failure one of the required jobs. |
| @@ -155,6 +155,35 @@ fn run_input(xcm_messages: [XcmMessage; 5]) { | |||
| println!(); | |||
|
|
|||
| for xcm_message in xcm_messages { | |||
| // We block Transact messages because they can cause panics that are due to the test | |||
| // environment, and not XCM | |||
There was a problem hiding this comment.
I just checked, and got the following:
Unexpected event: RuntimeEvent::MessageQueue(
Event::ProcessingFailed {
...
error: ProcessMessageError::Unsupported,
},
)
in this line of the event processing code when processing an invalid Transact call.
@ggwpez @franciscoaguirre do you think this should be handled differently, e.g. by allowing Unsupported messages instead of panicking, and then removing the blocklist?
There was a problem hiding this comment.
We could allow that. The thing is arbitrary Transacts will call any type of extrinsic, with wrong attributes or anything of the sort. We could record which Transacts give an error and which ones don't and why. In that way we would know much more than just by blocklisting them
|
Why was this closed? |
This adds `try_state()` and `integrity_test()` to the four runtimes of the XCM-simulator fuzzer. With this, we are able to stress-test [message-queue's try_state](https://github.com/paritytech/polkadot-sdk/blob/7df1ae3b8111d534cce108b2b405b6a33fcdedc3/substrate/frame/message-queue/src/lib.rs#L1245-L1347). This also adds the `Transact` block-listing from #2424 to avoid false-positives. Thank you @ggwpez for the help with the runtime configurations.
Description
This PR includes improvements to the xcm-simulator-fuzzer to make it find more coverage in XCMv4.
This includes switching the fuzzing engine from honggfuzz-rs to both honggfuzz-rs and afl.rs through ziggy, a fuzzer manager.