Sabaun Taraki
Sabaun Taraki
### Problem to Solve Currently `runtime-fuzzer` inputs and corpuses are generated from external crate (which is libFuzzer) and are used to instantiate an `Arbitrary` implementor. But currently there's no way...
When a new reservation is created and used in the current execution we shouldn't create a separate gas forest node, but just apply the reservation gas to the message
### Problem to Solve Ranges of values, that can be used for sys-calls params (`ParamType`) must be valid, closer to real wasm executions. ### Possible Solution This is related to...
### Problem Some tests, like `gasfull_after_gasless` use a plain WAT. A written in WAT program expects `gr_reply_wgas` import func with 6 params, but actually 5 are given. The execution ends...
### Proposal There are some host functions for which gas reduction and consumption is considered unfair. For example: 1. `send` message -> here - https://github.com/gear-tech/gear/blob/fc520c673014ef599e520dd62897a0f34f965503/core-processor/src/ext.rs#L556-L557 we first reduce **gas-left** counter...
Use other fuzzers in parallel guiding them to the shared corpus directory. Could be `afl`, `honggufuzz`, `SiliFuzz` or `Centipede` (authored by libfuzzer authors)
That could be reached with implementing such a fuzz target, that constructs a node client pretty similar to https://github.com/gear-tech/gear/blob/983e979928b0ae460794c09423d21c8e4bf6c54b/node/service/src/client.rs and fuzzes node with extrinsics sent by calling one of the...
### Problem to Solve Pretty same as property testing for the gas tree and economic checks (https://github.com/gear-tech/gear/blob/983e979928b0ae460794c09423d21c8e4bf6c54b/utils/economic-checks/src/targets.rs#L171), but implemented within fuzzer.