Add fuzzing functionality

Closes ##370.

.gitattributes

@@ -29,6 +29,8 @@
 *.docx binary
 *.pptx binary
 *.bin binary
+*.exe binary
+test/Verifiable.FuzzTests/libfuzzer-dotnet-ubuntu binary
 *.gz filter=lfs diff=lfs merge=lfs -text
 *.jffs2 filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
@@ -47,3 +49,6 @@
 *.wav filter=lfs diff=lfs merge=lfs -text
 *.myo filter=lfs diff=lfs merge=lfs -text
 *.vsmdi filter=lfs diff=lfs merge=lfs -text
+*.vsmdi filter=lfs diff=lfs merge=lfs -text
+
+

Directory.Packages.props

@@ -22,8 +22,7 @@
     <PackageVersion Include="System.Collections.Immutable" Version="8.0.0" />
     <PackageVersion Include="System.Net.Http.Json" Version="8.0.0" />
     <PackageVersion Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
-    <PackageVersion Include="System.Text.Json" Version="8.0.4" />
-    <PackageVersion Include="WinSharpFuzz" Version="1.0.0" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.4" />    
     <PackageVersion Include="xunit" Version="2.9.0" />
     <PackageVersion Include="xunit.analyzers" Version="1.15.0" />
     <PackageVersion Include="xunit.extensibility.execution" Version="2.9.0" />

Verifiable.sln

@@ -70,6 +70,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".vscode", ".vscode", "{BE64
 		.vscode\tasks.json = .vscode\tasks.json
 	EndProjectSection
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Verifiable.FuzzTests", "test\Verifiable.FuzzTests\Verifiable.FuzzTests.csproj", "{A50E91E9-51A8-490D-B92B-97C547B98539}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -120,6 +122,10 @@ Global
 		{FF947DEC-29E7-4700-94A4-0E84B2917BF5}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{FF947DEC-29E7-4700-94A4-0E84B2917BF5}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{FF947DEC-29E7-4700-94A4-0E84B2917BF5}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A50E91E9-51A8-490D-B92B-97C547B98539}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A50E91E9-51A8-490D-B92B-97C547B98539}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A50E91E9-51A8-490D-B92B-97C547B98539}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A50E91E9-51A8-490D-B92B-97C547B98539}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -140,6 +146,7 @@ Global
 		{1B79A5A8-0754-4F72-AD32-E791F9A8ED23} = {737B175F-5A06-480C-B93F-42B31EF4EFA7}
 		{CD06BE0E-287F-4A01-B500-CD92465F1E2D} = {35CAB8A9-7332-4D46-BBD3-83A37A747F5E}
 		{BE64721C-A756-4078-B683-34AC9B639E28} = {35CAB8A9-7332-4D46-BBD3-83A37A747F5E}
+		{A50E91E9-51A8-490D-B92B-97C547B98539} = {942BE00F-D1A2-405C-80F3-D854D373E1FF}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {B3AC63DE-C110-4924-B7DB-FFAC4704246F}

test/Verifiable.FuzzTests/Program.cs

@@ -0,0 +1,40 @@
+using SharpFuzz;
+using System;
+using System.Diagnostics;
+using System.Text;
+using System.Text.Json;
+using static System.Runtime.InteropServices.JavaScript.JSType;
+
+
+namespace Verifiable.FuzzTests
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            Fuzzer.LibFuzzer.Run(json =>
+            {
+                try
+                {
+                    Console.WriteLine("Start");
+                    Debug.WriteLine("Start");
+                    string jsonString = Encoding.UTF8.GetString(json);
+                    if(jsonString is null)
+                    {
+                        Console.WriteLine("Fuzzer provided a null input.");
+                        return;
+                    }
+
+                    _ = JsonSerializer.Deserialize<object>(jsonString);
+                }
+                catch(JsonException)
+                {
+                }
+                catch(Exception ex)
+                {                    
+                    Console.WriteLine($"Unexpected exception occurred: {ex.Message}");
+                }
+            });
+        }
+    }
+}

test/Verifiable.FuzzTests/Verifiable.FuzzTests.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net9.0</TargetFramework>    
+    <Nullable>disable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>    
+    <PackageReference Include="SharpFuzz" />        
+  </ItemGroup>
+
+</Project>

test/Verifiable.FuzzTests/dictionaries/json.dict

@@ -0,0 +1,73 @@
+"0"
+"7"
+","
+":"
+"2.1e24"
+
+"true"
+"false"
+"null"
+
+"\"\""
+"\"\":"
+
+"{}"
+",{}"
+":{}"
+"{\"\":0}"
+"{{}}"
+
+"[]"
+",[]"
+":[]"
+"[0]"
+"[[]]"
+
+"''"
+"\\"
+"\\b"
+"\\f"
+"\\n"
+"\\r"
+"\\t"
+"\\u0000"
+"\\x00"
+"\\0"
+"\\uD800\\uDC00"
+"\\uDBFF\\uDFFF"
+
+"\"\":0"
+"//"
+"/**/"
+
+
+# Things like geojson, json-ld, ...
+"$ref"
+"type"
+"coordinates"
+"@context"
+"@id"
+"@type"
+
+# Strings with truncated special values
+"{\"foo\":fa"
+"{\"foo\":t"
+"{\"foo\":nul"
+
+"{"
+"}"
+"\"qty\": 1, \"qty\": -1"
+"\"qty\": 1, \"qty\\ud800\": -1"
+"\"qty\": 1, \"qt\\y\": -1"
+"/*"
+"*/"
+"\""
+"1.7976931348623157e+308"
+"5e-324"
+"9007199254740991"
+"-9007199254740991"
+
+"}="
+
+",,"
+"{\"\":"

test/Verifiable.FuzzTests/direct-crash-fuzz-sample.ps1

@@ -0,0 +1 @@
+./libfuzzer-dotnet-windows.exe --target_path=bin/release/net9.0/Verifiable.FuzzTests.exe ./crash-<something> -timeout=10 -minimize_crash=1

test/Verifiable.FuzzTests/do-fuzzing.ps1

@@ -0,0 +1 @@
+.\fuzz.ps1 -libFuzzer ".\libfuzzer-dotnet-windows.exe" -project ".\Verifiable.FuzzTests.csproj" -corpus .\testcases\test-1.json -dict .\dictionaries\json.dict -timeout 10

test/Verifiable.FuzzTests/fuzz.ps1

@@ -0,0 +1,72 @@
+param (
+    [Parameter(Mandatory = $true)]
+    [string]$libFuzzer,
+    [Parameter(Mandatory = $true)]
+    [string]$project,
+    [Parameter(Mandatory = $true)]
+    [string]$corpus,
+    [string]$dict = $null,
+    [int]$timeout = 10,
+    [int]$fork = 0,
+    [int]$ignore_crashes = 0,
+    [string]$command = "sharpfuzz"
+)
+
+Set-StrictMode -Version Latest
+
+$outputDir = "bin"
+
+if (Test-Path $outputDir) {
+    Remove-Item -Recurse -Force $outputDir
+}
+
+dotnet publish $project -c release -o $outputDir
+
+$projectName = (Get-Item $project).BaseName
+$projectDll = "$projectName.dll"
+$project = Join-Path $outputDir $projectDll
+
+$exclusions = @(
+    "dnlib.dll",
+    "SharpFuzz.dll",
+    "SharpFuzz.Common.dll"
+)
+
+Write-Output "Exclusions: $($exclusions -join ', ')"
+
+$allDlls = Get-ChildItem $outputDir -Filter *.dll
+Write-Output "All DLLs: $($allDlls.Name -join ', ')"
+
+$fuzzingTargets = $allDlls `
+| Where-Object { $_.Name -notin $exclusions } `
+| Where-Object { $_.Name -notlike "System.*.dll" }
+
+Write-Output "Fuzzing Targets: $($fuzzingTargets.Name -join ', ')"
+
+if (($fuzzingTargets | Measure-Object).Count -eq 0) {
+    Write-Error "No fuzzing targets found"
+    exit 1
+}
+
+foreach ($fuzzingTarget in $fuzzingTargets) {
+    Write-Output "Instrumenting $fuzzingTarget"
+    & $command $fuzzingTarget.FullName
+
+    if ($LastExitCode -ne 0) {
+        Write-Error "An error occurred while instrumenting $fuzzingTarget"
+        exit 1
+    }
+}
+
+# Construct the final command string
+$finalCommand = "$libFuzzer --target_path=dotnet --target_arg=$project"
+
+if ($dict) {
+    $finalCommand += " -dict=$dict"
+}
+
+# Print the final command
+Write-Output "Final Command: $finalCommand"
+
+# Execute the final command
+Invoke-Expression $finalCommand

test/Verifiable.FuzzTests/packages.lock.json

@@ -0,0 +1,61 @@
+{
+  "version": 2,
+  "dependencies": {
+    "net9.0": {
+      "SharpFuzz": {
+        "type": "Direct",
+        "requested": "[2.1.1, )",
+        "resolved": "2.1.1",
+        "contentHash": "Xw5nP8CSxa6eK0gTaI2xbKhfP7VyQDdLYsfFBV6QeT9xyOzJ0a1Z3rJrmu3FTMl4DaRoMpBjFHppH+75QccddA==",
+        "dependencies": {
+          "SharpFuzz.Common": "2.2.0",
+          "System.Memory": "4.5.5",
+          "dnlib": "3.6.0"
+        }
+      },
+      "SIL.ReleaseTasks": {
+        "type": "Direct",
+        "requested": "[2.6.0-beta0030, )",
+        "resolved": "2.6.0-beta0030",
+        "contentHash": "iytkRVZ7tEBY00kzB55Qs0/TyfYBJ0GyvRnDPKw2AfakBWrBBTkTCdBSAGmCFoL4Wf6asRFOrenRJ6VGGhCuUQ==",
+        "dependencies": {
+          "Markdig.Signed": "0.30.2"
+        }
+      },
+      "dnlib": {
+        "type": "Transitive",
+        "resolved": "3.6.0",
+        "contentHash": "kFegKA+GR8a2mEzYH02TueIF1nNQ5lULAd9hgNwt6VBY2qNNZDYSwr63tMpKN0Lg+goDaZnaZczmP0/pDz2gaA==",
+        "dependencies": {
+          "System.Reflection.Emit": "4.7.0",
+          "System.Reflection.Emit.Lightweight": "4.7.0"
+        }
+      },
+      "Markdig.Signed": {
+        "type": "Transitive",
+        "resolved": "0.30.2",
+        "contentHash": "nQlUtPbp9pQFoArFSp/CZb699W6pqBG/DSpnWHgKbIuQjAu3KNjTZHaIir2vSCPJZuSMGii7tbI6K+nalh4X7w=="
+      },
+      "SharpFuzz.Common": {
+        "type": "Transitive",
+        "resolved": "2.2.0",
+        "contentHash": "biITWpwnMR7HUp43lAGU97DWq/4LfyXqqhuOK0Z4IuRP97KjQMOe/GKq3wE1KY21gNrc7OPO9HbAtQUvMKTImA=="
+      },
+      "System.Memory": {
+        "type": "Transitive",
+        "resolved": "4.5.5",
+        "contentHash": "XIWiDvKPXaTveaB7HVganDlOCRoj03l+jrwNvcge/t8vhGYKvqV+dMv6G4SAX2NoNmN0wZfVPTAlFwZcZvVOUw=="
+      },
+      "System.Reflection.Emit": {
+        "type": "Transitive",
+        "resolved": "4.7.0",
+        "contentHash": "VR4kk8XLKebQ4MZuKuIni/7oh+QGFmZW3qORd1GvBq/8026OpW501SzT/oypwiQl4TvT8ErnReh/NzY9u+C6wQ=="
+      },
+      "System.Reflection.Emit.Lightweight": {
+        "type": "Transitive",
+        "resolved": "4.7.0",
+        "contentHash": "a4OLB4IITxAXJeV74MDx49Oq2+PsF6Sml54XAFv+2RyWwtDBcabzoxiiJRhdhx+gaohLh4hEGCLQyBozXoQPqA=="
+      }
+    }
+  }
+}

test/Verifiable.FuzzTests/testcases/test-1.json

@@ -0,0 +1 @@
+{"menu":{"id":1,"val":"X","pop":{"a":[{"click":"Open()"},{"click":"Close()"}]}}}

test/Verifiable.Tests/Verifiable.Tests.csproj

@@ -13,9 +13,7 @@
 
   <ItemGroup>
     <PackageReference Include="dotNetRdf" />
-    <PackageReference Include="JunitXml.TestLogger" />    
-    <PackageReference Include="SharpFuzz" />    
-    <PackageReference Include="WinSharpFuzz" />
+    <PackageReference Include="JunitXml.TestLogger" />        
     <PackageReference Include="CsCheck" />
     <PackageReference Include="xunit" />
     <PackageReference Include="xunit.extensibility.execution" />