feat(core): feature-gated Arbitrary derives on parse-surface types (#124)#126
Merged
Conversation
) Closes the remaining actionable ask on issue #124 (item 5, derive half): the fuzz consumer asked for feature-gated `#[derive(Arbitrary)]` on the config/credential parse surfaces so their cargo-fuzz harnesses can do structure-aware fuzzing. The `fuzz/` workspace stays their contribution. - New optional `arbitrary` feature on openvtc-core (off by default): `arbitrary = ["dep:arbitrary", "chrono/arbitrary"]`. Nightly fuzz builds opt in; no change to the default or `--no-default-features` dep graph. - `#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]` on the self-contained parse-surface types: `PublicConfig` (+ its `ConfigProtectionType`, `Logs`, `LogMessage`, `LogFamily` tree), `MessageType`, `CredentialKind`. `ProtectedConfig` is intentionally excluded — it cascades into foreign VRC/credential types that don't implement `Arbitrary`; this matches the consumer's note that the VRC harness lands after the derives. - Seam test: `PublicConfig::arbitrary(&mut Unstructured)` constructs from raw bytes and serde round-trips, proving the harness path end to end. - CI: the no-default-features job now also checks the exact fuzz build shape (`--no-default-features --features arbitrary`) and runs the seam test, so the feature can't bitrot. Gate: cargo fmt; clippy --workspace --all-targets -D warnings (default, `--features arbitrary`, and `--no-default-features`); cargo test --workspace; cargo test -p openvtc-core --features arbitrary; cargo deny check — all green. `arbitrary`/`derive_arbitrary` are MIT/Apache-2.0 (licenses ok). Signed-off-by: Glenn Gore <glenn.g@affinidi.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes the last actionable ask on #124 — item 5's derive half. The fuzz consumer (comment) confirmed items 2–4 (PR #125) are exactly what they need and explicitly requested feature-gated
#[derive(Arbitrary)]on the config/credential parse surfaces for structure-aware fuzzing. Thefuzz/workspace + structure-aware targets remain their contribution.What's here
arbitraryfeature onopenvtc-core(off by default):arbitrary = ["dep:arbitrary", "chrono/arbitrary"]. Nightly fuzz builds opt in; the default and--no-default-featuresdependency graphs are unchanged.#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]on the self-contained parse-surface types:PublicConfigand its local tree (ConfigProtectionType,Logs,LogMessage,LogFamily)MessageType,CredentialKindProtectedConfigintentionally excluded — it cascades into foreign VRC/credential types that don't implementArbitrary. This matches the consumer's note that theverify_vrc_proof_with_keyharness (needs a constructed VRC + keypair) lands after the derives.PublicConfig::arbitrary(&mut Unstructured)constructs from raw bytes and serde round-trips — proves the harness path end to end.--no-default-features --features arbitrary) and runs the seam test, so the feature can't bitrot.Gate
cargo fmtcargo clippy --workspace --all-targets -D warnings— default,--features arbitrary, and--no-default-featurescargo test --workspace+cargo test -p openvtc-core --features arbitrarycargo deny check— advisories/bans/licenses/sources ok (arbitrary/derive_arbitraryare MIT/Apache-2.0)Closes #124.