Fuzz Test Lifecycle#
In the sequence diagram below you can see a simplified fuzz test lifecycle.
Some diagram states are labeled with emojis:
- ⚡ Mandatory methods that must be implemented by the user.
- 👤 Optional methods that can be implemented by the user.
Lifecycle#
- The fuzzer is running until:
- The maximal number of iterations is reached (if specified).
- A crash was detected and the
exit_upon_crash
parameter was set. - User interrupted the test manually (for example by hitting
CTRL+C
).
- In each iteration, the fuzzer generates a sequence of random instructions to execute.
- User can optionally customize how the instructions are generated and can specify the instructions that should be executed at the beginning (
pre_ixs
), in the middle (ixs
) and at the end (post_ixs
) of each iteration. This can be useful for example if your program needs an initialization or you want to fuzz some specific program state.
- User can optionally customize how the instructions are generated and can specify the instructions that should be executed at the beginning (
- For each instruction:
- User defined mandatory method
get_accounts()
is called to collect necessary instruction accounts. - User defined mandatory method
get_data()
is called to collect instruction data. - A snapshot of all instruction accounts before the instruction execution is saved.
- The instruction is executed.
- A snapshot of all instruction accounts after the instruction execution is saved.
- User defined optional method
check()
is called to check accounts data and evaluate invariants.
- User defined mandatory method