Skip to content

test(fuzz): incorporate fuzzing crates into a single workspace, and improve fuzzing docs #437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

test(fuzz): incorporate fuzzing crates into a single workspace, and improve fuzzing docs #437

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2cd3089
clearly describe how to perform fuzzing, and make a fuzz/ workspace
cosmicexplorer Sep 30, 2025
530ca5b
Merge branch 'master' into add-categories
Pr0methean Oct 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
83 changes: 49 additions & 34 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,12 @@ jobs:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
strategy:
matrix:
workspace: ['Cargo.toml', 'fuzz/Cargo.toml']
os: [ubuntu-latest, macOS-latest, windows-latest]
rustalias: [stable, nightly, msrv]
feature_flag:
- "--all-features"
- "--no-default-features"
- "--no-default-features --features deflate-flate2-zlib-rs"
- "--no-default-features --features deflate-zopfli"
- ""
include:
- rustalias: stable
Expand All @@ -38,24 +37,34 @@ jobs:
rust: '1.83'
- rustalias: nightly
rust: nightly
# Break out a separate test shard for specific dependencies on their own.
- feature_flag: "--no-default-features --features deflate-flate2-zlib-rs"
workspace: 'Cargo.toml'
- feature_flag: "--no-default-features --features deflate-zopfli"
workspace: 'Cargo.toml'
name: 'Build and test ${{ matrix.feature_flag }}: ${{ matrix.os }}, ${{ matrix.rustalias }}'
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
- run: rustup toolchain add ${{ matrix.rust }} && rustup default ${{ matrix.rust }}

- run: cargo check --all ${{ matrix.feature_flag }} --bins --examples
- run: cargo test --all ${{ matrix.feature_flag }}
- run: cargo check --manifest-path ${{ github.workspace }}/${{ matrix.workspace }} --all ${{ matrix.feature_flag }} --bins --examples
- run: cargo test --manifest-path ${{ github.workspace }}/${{ matrix.workspace }} --all ${{ matrix.feature_flag }}
miri:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
strategy:
matrix:
workspace: ['Cargo.toml', 'fuzz/Cargo.toml']
feature_flag:
- "--all-features"
- "--no-default-features"
- "--no-default-features --features deflate-flate2-zlib-rs"
- "--no-default-features --features deflate-zopfli"
- ""
include:
# Break out a separate test shard for specific dependencies on their own.
- feature_flag: "--no-default-features --features deflate-flate2-zlib-rs"
workspace: 'Cargo.toml'
- feature_flag: "--no-default-features --features deflate-zopfli"
workspace: 'Cargo.toml'
name: 'Miri ${{ matrix.feature_flag }}'
runs-on: ubuntu-latest
steps:
Expand All @@ -65,18 +74,21 @@ jobs:
- run: rustup toolchain add --force-non-host stable-s390x-unknown-linux-gnu
- run: rustup target add s390x-unknown-linux-gnu --toolchain stable-s390x-unknown-linux-gnu
- run: rustup component add --toolchain nightly-x86_64-unknown-linux-gnu miri
- run: cargo +nightly miri test --target s390x-unknown-linux-gnu --all ${{ matrix.feature_flag }} --bins --examples
- run: cargo +nightly miri test --manifest-path ${{ github.workspace }}/${{ matrix.workspace }} --target s390x-unknown-linux-gnu --all ${{ matrix.feature_flag }} --bins --examples
cargo_semver:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
strategy:
matrix:
# Only do semver checks on the released library.
workspace: ['Cargo.toml']
feature_group: ["all-features", "default-features", "only-explicit-features"]
name: 'Semver checks: ${{ matrix.feature_group }}'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: obi1kenobi/cargo-semver-checks-action@v2
with:
manifest-path: ${{ github.workspace }}/${{ matrix.workspace }}
feature-group: ${{ matrix.feature_group }}
cargo_fmt:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
Expand All @@ -87,45 +99,48 @@ jobs:
- run: rustup toolchain add nightly && rustup default nightly && rustup component add rustfmt
- name: fmt
run: cargo fmt --all -- --check
- name: fmt fuzz_read
run: cargo fmt --manifest-path fuzz_read/Cargo.toml -- --check
- name: fmt fuzz_write
run: cargo fmt --manifest-path fuzz_write/Cargo.toml -- --check
- name: fmt fuzz
run: cargo fmt --all --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml -- --check

check_minimal_versions:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
strategy:
matrix:
# Only check minimal versions for the released library.
workspace: ['Cargo.toml']
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v5
- run: rustup toolchain add nightly && rustup default nightly

- name: resolve minimal versions
run: cargo -Z minimal-versions update
run: cargo -Z minimal-versions update --manifest-path ${{ github.workspace }}/${{ matrix.workspace }}
- name: check
run: cargo check --all-features
run: cargo check --all-features --manifest-path ${{ github.workspace }}/${{ matrix.workspace }}
- name: test
run: cargo test --all-features
run: cargo test --all-features --manifest-path ${{ github.workspace }}/${{ matrix.workspace }}

style_and_docs:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
strategy:
matrix:
workspace: ['Cargo.toml', 'fuzz/Cargo.toml']
feature_flag: ["--all-features", "--no-default-features", ""]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- run: rustup toolchain add nightly && rustup default nightly && rustup component add clippy
- name: Install required cargo
run: cargo install clippy-sarif sarif-fmt
- run: cargo clippy --all-targets ${{ matrix.feature_flag }} -- -D warnings --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
- run: cargo clippy --workspace ${{ matrix.feature_flag }} --manifest-path ${{ github.workspace }}/${{ matrix.workspace }} -- -D warnings
- name: Upload analysis results to GitHub
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
- run: cargo doc --no-deps ${{ matrix.feature_flag }}
- run: cargo doc --no-deps --workspace ${{ matrix.feature_flag }} --manifest-path ${{ github.workspace }}/${{ matrix.workspace }}

fuzz_read:
runs-on: ubuntu-latest
Expand All @@ -144,16 +159,16 @@ jobs:
- name: cargo afl system-config
run: cargo afl system-config
- name: clippy
run: cargo afl clippy --all-features --manifest-path ${{ github.workspace }}/fuzz_read/Cargo.toml -- -D warnings
run: cargo afl clippy --all-features -p fuzz_read --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml -- -D warnings
- name: compile fuzz
run: cargo afl build --all-features --manifest-path ${{ github.workspace }}/fuzz_read/Cargo.toml
run: cargo afl build --all-features -p fuzz_read --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml
- name: run fuzz
timeout-minutes: 130
run: cargo afl fuzz -i ${{ github.workspace }}/fuzz_read/in -o out -V 7200 -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
run: cargo afl fuzz -i ${{ github.workspace }}/fuzz/read/in -o out -V 7200 -- ${{ github.workspace }}/fuzz/target/debug/fuzz_read
- name: Minimize corpus
run: cargo afl cmin -i out/default/queue -o out_cmin -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
run: cargo afl cmin -i out/default/queue -o out_cmin -- ${{ github.workspace }}/fuzz/target/debug/fuzz_read
- name: Report coverage
run: cargo afl showmap -C -i out -o map -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
run: cargo afl showmap -C -i out -o map -- ${{ github.workspace }}/fuzz/target/debug/fuzz_read
- run: sudo apt install rename
if: always()
- name: Rename files
Expand Down Expand Up @@ -196,14 +211,14 @@ jobs:
- name: cargo afl system-config
run: cargo afl system-config
- name: clippy
run: cargo afl clippy --no-default-features --manifest-path ${{ github.workspace }}/fuzz_read/Cargo.toml -- -D warnings
run: cargo afl clippy --no-default-features -p fuzz_read --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml -- -D warnings
- name: compile fuzz
run: cargo afl build --manifest-path ${{ github.workspace }}/fuzz_read/Cargo.toml
run: cargo afl build -p fuzz_read --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml
- name: run fuzz
timeout-minutes: 130
run: cargo afl fuzz -i ${{ github.workspace }}/fuzz_read/in -o out -V 7200 -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
run: cargo afl fuzz -i ${{ github.workspace }}/fuzz/read/in -o out -V 7200 -- ${{ github.workspace }}/fuzz/target/debug/fuzz_read
- name: Report coverage
run: cargo afl showmap -C -i out -o map -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
run: cargo afl showmap -C -i out -o map -- ${{ github.workspace }}/fuzz/target/debug/fuzz_read
- run: sudo apt install rename
if: always()
- name: Rename files
Expand Down Expand Up @@ -241,16 +256,16 @@ jobs:
- name: cargo afl system-config
run: cargo afl system-config
- name: clippy
run: cargo afl clippy --all-features --manifest-path ${{ github.workspace }}/fuzz_write/Cargo.toml -- -D warnings
run: cargo afl clippy --all-features -p fuzz_write --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml -- -D warnings
- name: compile fuzz
run: cargo afl build --all-features --manifest-path ${{ github.workspace }}/fuzz_write/Cargo.toml
run: cargo afl build --all-features -p fuzz_write --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml
- name: run fuzz
timeout-minutes: 130
run: cargo afl fuzz -i ${{ github.workspace }}/fuzz_write/in -o out -V 7200 -x ${{ github.workspace }}/fuzz_write/fuzz.dict -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
run: cargo afl fuzz -i ${{ github.workspace }}/fuzz/write/in -o out -V 7200 -x ${{ github.workspace }}/fuzz/write/fuzz.dict -- ${{ github.workspace }}/fuzz/target/debug/fuzz_write
- name: Minimize corpus
run: cargo afl cmin -i out/default/queue -o out_cmin -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
run: cargo afl cmin -i out/default/queue -o out_cmin -- ${{ github.workspace }}/fuzz/target/debug/fuzz_write
- name: Report coverage
run: cargo afl showmap -C -i out -o map -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
run: cargo afl showmap -C -i out -o map -- ${{ github.workspace }}/fuzz/target/debug/fuzz_write
- run: sudo apt install rename
if: always()
- name: Rename files
Expand Down Expand Up @@ -293,14 +308,14 @@ jobs:
- name: cargo afl system-config
run: cargo afl system-config
- name: clippy
run: cargo afl clippy --no-default-features --manifest-path ${{ github.workspace }}/fuzz_write/Cargo.toml -- -D warnings
run: cargo afl clippy --no-default-features -p fuzz_write --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml -- -D warnings
- name: compile fuzz
run: cargo afl build --all-features --manifest-path ${{ github.workspace }}/fuzz_write/Cargo.toml
run: cargo afl build --all-features -p fuzz_write --manifest-path ${{ github.workspace }}/fuzz/Cargo.toml
- name: run fuzz
timeout-minutes: 130
run: cargo afl fuzz -i ${{ github.workspace }}/fuzz_write/in -o out -V 7200 -x ${{ github.workspace }}/fuzz_write/fuzz.dict -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
run: cargo afl fuzz -i ${{ github.workspace }}/fuzz/write/in -o out -V 7200 -x ${{ github.workspace }}/fuzz/write/fuzz.dict -- ${{ github.workspace }}/fuzz/target/debug/fuzz_write
- name: Report coverage
run: cargo afl showmap -C -i out -o map -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
run: cargo afl showmap -C -i out -o map -- ${{ github.workspace }}/fuzz/target/debug/fuzz_write
- run: sudo apt install rename
if: always()
- name: Rename files
Expand Down
13 changes: 5 additions & 8 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ keywords = ["zip", "archive", "compression"]
# Any change to rust-version must be reflected also in `README.md` and `.github/workflows/ci.yaml`.
# The MSRV policy is documented in `README.md`.
rust-version = "1.83.0"
categories = ["compression", "filesystem", "parser-implementations"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good addition of categories for better discoverability on crates.io. The selected categories "compression", "filesystem", and "parser-implementations" are appropriate for a ZIP library.

description = """
Library to support the reading and writing of zip files.
"""
Expand All @@ -23,10 +24,8 @@ exclude = ["tests/**", "examples/**", ".github/**", "fuzz_read/**", "fuzz_write/
all-features = true
rustdoc-args = ["--cfg", "docsrs"]

[workspace.dependencies]
time = { version = "0.3.37", default-features = false }

[dependencies]
arbitrary = { version = "1.4", features = ["derive"], optional = true }
aes = { version = "0.8", optional = true }
bzip2 = { version = "0.6.0", optional = true }
chrono = { version = "^0.4.27", optional = true }
Expand All @@ -42,7 +41,7 @@ nt-time = { version = "0.10.6", default-features = false, optional = true }
ppmd-rust = { version = "1.2", optional = true }
pbkdf2 = { version = "0.12", optional = true }
sha1 = { version = "0.10", optional = true }
time = { workspace = true, optional = true, features = [
time = { version = "0.3.37", default-features = false, optional = true, features = [
"std",
] }
zeroize = { version = "1.8", optional = true, features = ["zeroize_derive"] }
Expand All @@ -52,19 +51,17 @@ deflate64 = { version = "0.1.9", optional = true }
lzma-rust2 = { version = "0.13", optional = true, default-features = false, features = ["std", "encoder", "optimization", "xz"] }
bitstream-io = { version = "4.5.0", optional = true }

[target.'cfg(fuzzing)'.dependencies]
arbitrary = { version = "1.4.1", features = ["derive"] }

[dev-dependencies]
bencher = "0.1.5"
getrandom = { version = "0.3.1", features = ["wasm_js", "std"] }
walkdir = "2.5"
time = { workspace = true, features = ["formatting", "macros"] }
time = { version = "0.3", features = ["formatting", "macros"] }
anyhow = "1.0.95"
clap = { version = "=4.4.18", features = ["derive"] }
tempfile = "3.15"

[features]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new arbitrary feature flag follows the project guidelines for feature-gating new functionality. This properly gates the Arbitrary trait implementations behind a feature flag as required.

arbitrary = ["dep:arbitrary"]
Copy link
Member

@Pr0methean Pr0methean Oct 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Naming this feature wiithout an underscore prefix will make it part of the public API, meaning e.g. that we can't delete it without bumping the major version. Are you sure that's wise? It seems to me that even if someone needs the implementation for the purpose of fuzzing a downstream crate, then they should either copy it or accept the risk of an incompatible change.

aes-crypto = ["dep:aes", "dep:constant_time_eq", "hmac", "pbkdf2", "sha1", "getrandom", "zeroize"]
chrono = ["dep:chrono"]
_deflate-any = []
Expand Down
Loading
Loading