Commands#
Trident CLI supports the following commands:
trident init
#
Initializes Trident Workspace and generates new Fuzz Test Template. Creates the following structure:
project-root
├── trident-tests
│ ├── fuzz_0 # particular fuzz test
│ │ ├── instructions # instructions folder
│ │ ├── transactions # transactions folder
│ │ ├── test_fuzz.rs # the binary target of your fuzz test
│ │ ├── types.rs # the types of your fuzz test
│ │ └── fuzz_instructions.rs # the definition of your fuzz test
│ ├── fuzz_1
│ ├── fuzz_X # possible multiple fuzz tests
│ ├── fuzzing # compilations and crashes folder
│ └── Cargo.toml
├── Trident.toml
└── ...
Options#
-f, --force
- Force Trident initialization. Updates Trident dependencies based on the CLI version.-p, --program-name <NAME>
- Specify the program name for which the fuzz test will be generated.-t, --test-name <NAME>
- Specify a custom name for the fuzz test to initialize.
trident how
#
Print How To message about writing fuzz tests.
trident fuzz
#
Fuzzing-related commands with various subcommands:
trident fuzz run-afl <fuzz_target>
#
Directory Note
Execute fuzz tests from the trident-tests
directory.
Solana Logs
In case you want to see the logs of the fuzzed transactions, prefix the command with TRIDENT_LOG=1
.
Runs AFL on the specified Fuzz Target (e.g., fuzz_0).
trident fuzz run-hfuzz <fuzz_target>
#
Directory Note
Execute fuzz tests from the trident-tests
directory.
Solana Logs
In case you want to see the logs of the fuzzed transactions, prefix the command with TRIDENT_LOG=1
.
Runs Honggfuzz on the specified Fuzz Target (e.g., fuzz_0).
The output includes:
- Iterations: Number of fuzzing iterations completed
- Mode: Feedback Driven Mode - generates data based on coverage progress
- Speed: Average iterations per second
- Crashes: Number of detected crashes (panics or failed invariant checks)
------------------------[ 0 days 00 hrs 00 mins 01 secs ]----------------------
Iterations : 688 (out of: 1000 [68%])
Mode [3/3] : Feedback Driven Mode
Target : .../release/fuzz_0
Threads : 16, CPUs: 32, CPU%: 1262% [39%/CPU]
Speed : 680/sec [avg: 688]
Crashes : 1 [unique: 1, blocklist: 0, verified: 0]
Timeouts : 0 [10 sec]
Corpus Size : 98, max: 1048576 bytes, init: 0 files
Coverage : edge: 10345/882951 [1%] pc: 163 cmp: 622547
trident fuzz debug-afl <fuzz_target> <crash_file_path>
#
Debug AFL crashes by analyzing specific crash files.
trident fuzz debug-hfuzz <fuzz_target> <crash_file_path>
#
Debug Honggfuzz crashes by analyzing specific crash files.
Debug Output
The debug output currently includes verbose lldb information. It shows:
- Transaction logs
- Instruction data structures
- Panic/Crash information
trident fuzz add
#
Directory Note
This commands needs to be executed from the project root directory.
Adds a new Fuzz Test Template.
Options#
-p, --program-name <NAME>
- Specify the program name for which the fuzz test will be generated.-t, --test-name <NAME>
- Specify a custom name for the fuzz test to add.
trident clean
#
Executes anchor clean
and cleans Honggfuzz targets while preserving crashfiles and fuzzing inputs.