Skip to content

test(fuzz): add lockfree/resilience fuzz harness + weekly workflow (DRAFT)#701

Merged
kcenon merged 1 commit into
developfrom
test/issue-697-fuzz-harness
May 31, 2026
Merged

test(fuzz): add lockfree/resilience fuzz harness + weekly workflow (DRAFT)#701
kcenon merged 1 commit into
developfrom
test/issue-697-fuzz-harness

Conversation

@kcenon
Copy link
Copy Markdown
Owner

@kcenon kcenon commented May 30, 2026

Closes #697

Status: DRAFT

The fuzz harness is header-only (it includes the queue headers directly; no vcpkg, no GTest, no common_system link), so it was largely verifiable locally:

  • Compiles cleanly to an object file with Clang 21 + ASan against the real headers (-fsanitize=address, no diagnostics).
  • The libFuzzer link/run could NOT be completed locally — this macOS Apple Clang toolchain does not ship libclang_rt.fuzzer_osx.a. The link and short run will execute on the CI runner (Linux clang, which ships the libFuzzer runtime). The ecosystem vcpkg-hash infra failure is irrelevant here because this target does not depend on vcpkg.

Kept as DRAFT because (a) the libFuzzer link/run is unverified outside CI, and (b) the broader phased coverage raise that is part of this issue is not done yet.

Done

  • fuzz/concurrent_queue_fuzzer.cpp — libFuzzer harness (LLVMFuzzerTestOneInput) targeting the thread-safe queue reachable via the lock-free compatibility include path (kcenon::thread::detail::concurrent_queue, the backing for <kcenon/thread/lockfree/lockfree_queue.h>): enqueue (copy/move), try_dequeue incl. the empty path, wait_dequeue(timeout), empty()/size() queries, shutdown()/is_shutdown() resilience signalling, and FIFO round-trip integrity vs a shadow model.
  • BUILD_FUZZERS CMake option (default OFF) + fuzz/CMakeLists.txt target gated on Clang with -fsanitize=fuzzer,address; excluded from the default build and the regular CI matrix.
  • Seed corpus (fuzz/corpus/, 3 seeds) exercising the major code paths.
  • .github/workflows/fuzzing.yml — weekly cron + workflow_dispatch, builds the header-only harness directly with clang+libFuzzer and runs it for a bounded time; uploads crash artifacts on failure.
  • fuzz/README.md — local build/run instructions and follow-ups.

Follow-ups (under #697)

  • Phased line-coverage raise: 40% -> 50% -> 60%, with the codecov floor bumped accordingly.
  • A dedicated target for the true lock-free kcenon::thread::lockfree_job_queue (Michael-Scott + hazard pointers). That one needs the full library link (src/lockfree, job, common_system result<T>), so it is deferred until the harness can link the library cleanly in CI.

Risks

  • The libFuzzer link+run is unverified outside CI (local toolchain lacks the libFuzzer runtime); the harness only compiles-to-object locally.
  • The opcode-stream input encoding is a deliberate simplification; deeper-state coverage will grow as the corpus evolves.

@kcenon
test(fuzz): add lockfree/resilience fuzz harness and weekly fuzzing w…
d1707f2 
…orkflow

Add a libFuzzer harness targeting the thread-safe queue reachable through
the lock-free compatibility include path
(kcenon::thread::detail::concurrent_queue, the backing for
<kcenon/thread/lockfree/lockfree_queue.h>). The harness drives a
fuzzer-controlled opcode stream over enqueue (copy/move), try_dequeue
including the empty path, wait_dequeue(timeout), empty()/size() queries,
shutdown()/is_shutdown() resilience signalling, and FIFO round-trip
integrity.

- fuzz/concurrent_queue_fuzzer.cpp: LLVMFuzzerTestOneInput harness
- fuzz/CMakeLists.txt: target gated behind BUILD_FUZZERS (Clang only,
  -fsanitize=fuzzer,address); excluded from the default build and the
  regular CI matrix; header-only (no library link or vcpkg needed)
- fuzz/corpus: seed inputs exercising the major code paths
- fuzz/README.md: local build/run instructions and follow-ups
- .github/workflows/fuzzing.yml: weekly schedule + workflow_dispatch,
  builds with clang+libFuzzer and runs the harness for a bounded time
- CMakeLists.txt: add BUILD_FUZZERS option (default OFF) and wiring

Phased coverage raise (40/50/60%) and a dedicated lockfree_job_queue
target remain as follow-ups under the same issue.
@kcenon kcenon marked this pull request as ready for review May 31, 2026 02:41
@kcenon kcenon merged commit d1312bb into develop May 31, 2026
1 check passed
@kcenon kcenon deleted the test/issue-697-fuzz-harness branch May 31, 2026 02:42
@kcenon kcenon mentioned this pull request May 31, 2026
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kcenon