Commands#
Trident CLI supports the following commands:
trident init#
Initializes Trident Workspace and generates new Fuzz Test Template. Creates the following structure:
project-root
├── trident-tests
│ ├── fuzz_0 # particular fuzz test
│ │ ├── instructions # instructions folder
│ │ ├── transactions # transactions folder
│ │ ├── test_fuzz.rs # the binary target of your fuzz test
│ │ ├── types.rs # the types of your fuzz test
│ │ └── fuzz_instructions.rs # the definition of your fuzz test
│ ├── fuzz_1
│ ├── fuzz_X # possible multiple fuzz tests
│ ├── fuzzing # compilations and crashes folder
│ └── Cargo.toml
├── Trident.toml
└── ...
Options#
-f, --force- Force Trident initialization. Updates Trident dependencies based on the CLI version.-p, --program-name <NAME>- Specify the program name for which the fuzz test will be generated.-t, --test-name <NAME>- Specify a custom name for the fuzz test to initialize.
trident how#
Print How To message about writing fuzz tests.
trident fuzz#
Fuzzing-related commands with various subcommands:
trident fuzz run-afl <fuzz_target>#
Directory Note
Execute fuzz tests from the trident-tests directory.
Solana Logs
In case you want to see the logs of the fuzzed transactions, prefix the command with TRIDENT_LOG=1.
Runs AFL on the specified Fuzz Target (e.g., fuzz_0).
Options#
-g, --generate-coverage- Tracks code coverage during fuzzing and generates a JSON report upon completion. The coverage data can be visualized in your source code using our VS Code extension.-a, --attach-extension- Enables real-time coverage visualization in VS Code during fuzzing. The VS Code extension must be actively running to utilize this feature. Only works if the generate coverage flag is enabled.
trident fuzz run-hfuzz <fuzz_target>#
Directory Note
Execute fuzz tests from the trident-tests directory.
Solana Logs
In case you want to see the logs of the fuzzed transactions, prefix the command with TRIDENT_LOG=1.
Runs Honggfuzz on the specified Fuzz Target (e.g., fuzz_0).
The output includes:
- Iterations: Number of fuzzing iterations completed
- Mode: Feedback Driven Mode - generates data based on coverage progress
- Speed: Average iterations per second
- Crashes: Number of detected crashes (panics or failed invariant checks)
------------------------[ 0 days 00 hrs 00 mins 01 secs ]----------------------
Iterations : 688 (out of: 1000 [68%])
Mode [3/3] : Feedback Driven Mode
Target : .../release/fuzz_0
Threads : 16, CPUs: 32, CPU%: 1262% [39%/CPU]
Speed : 680/sec [avg: 688]
Crashes : 1 [unique: 1, blocklist: 0, verified: 0]
Timeouts : 0 [10 sec]
Corpus Size : 98, max: 1048576 bytes, init: 0 files
Coverage : edge: 10345/882951 [1%] pc: 163 cmp: 622547
Options#
-w, --with-exit-code- Run the Honggfuzz with exit code, i.e. if it discovers crash the Trident will exit with exit code 1.-g, --generate-coverage- Tracks code coverage during fuzzing and generates a JSON report upon completion. The coverage data can be visualized in your source code using our VS Code extension.-a, --attach-extension- Enables real-time coverage visualization in VS Code during fuzzing. The VS Code extension must be actively running to utilize this feature. Only works if the generate coverage flag is enabled.
trident fuzz debug-afl <fuzz_target> <crash_file_path>#
Debug AFL crashes by analyzing specific crash files.
trident fuzz debug-hfuzz <fuzz_target> <crash_file_path>#
Debug Honggfuzz crashes by analyzing specific crash files.
Debug Output
The debug output currently includes verbose lldb information. It shows:
- Transaction logs
- Instruction data structures
- Panic/Crash information
trident fuzz add#
Directory Note
This commands needs to be executed from the project root directory.
Adds a new Fuzz Test Template.
Options#
-p, --program-name <NAME>- Specify the program name for which the fuzz test will be generated.-t, --test-name <NAME>- Specify a custom name for the fuzz test to add.
trident clean#
Executes anchor clean and cleans Honggfuzz targets while preserving crashfiles and fuzzing inputs.