cuzz is a simple black-box generational fuzzer for locally-deployed Internet Computer Protocol (ICP) canisters.
It is designed to help discover memory leaks and unexpected traps, crashes, or other similar error conditions. Simply point the cuzz command-line interface at a local canister and it will generate random arguments to that canister's methods in a configurable loop.
- Prerequisites
- Installation
- Basic usage
- Traps, crashes, or other similar error conditions
- Memory leaks
- cuzz.json
- Cycles
- dfx
- node and npm
npm install -g https://github.com/demergent-labs/cuzzBefore using cuzz you should start up an ICP replica using a dfx command such as the following:
dfx start --host 127.0.0.1:8000To quickly become familiar with the cuzz command-line interface, you can run the following command:
cuzz --helpThe simplest way to get started is to call the cuzz command-line interface with the name of your canister. cuzz must be run in the same directory as your canister's dfx.json file:
cuzz --canister-name my_very_own_canisterThe above command will automatically deploy the named canister and begin the fuzz tests.
If you have already deployed your canister and just want to run the fuzz tests right away:
cuzz --canister-name my_very_own_canister --skip-deployFor a nicer terminal UX, you can configure cuzz to clear the console between each call using the --clear-console option:
cuzz --canister-name my_very_own_canister --skip-deploy --clear-consoleYou can configure the number of seconds between each call to the canister's methods using the --call-delay option. The default is 0.1 seconds:
# wait 1 second between each call
cuzz --canister-name my_very_own_canister --skip-deploy --clear-console --call-delay 1# wait 0.1 seconds between each call
cuzz --canister-name my_very_own_canister --skip-deploy --clear-console --call-delay 0.1# wait 0 seconds between each call (most intense single-process fuzzing)
cuzz --canister-name my_very_own_canister --skip-deploy --clear-console --call-delay 0By default cuzz will fuzz indefinitely. You can configure a time limit in minutes using the --time-limit option:
# fuzz for 30 seconds
cuzz --canister-name my_very_own_canister --skip-deploy --clear-console --time-limit 0.5# fuzz for 30 minutes
cuzz --canister-name my_very_own_canister --skip-deploy --clear-console --time-limit 30# fuzz for 5 hours
cuzz --canister-name my_very_own_canister --skip-deploy --clear-console --time-limit 300To find traps, crashes, or other similar error conditions, run cuzz until its process ends in an unexpected way. Due to the nature of the randomly generated arguments, you will want to filter out expected errors using the expectedErrors property in your cuzz.json file:
{
"expectedErrors": ["regex to match against the expected error message"]
}cuzz comes with a default set of expected errors that are common in ICP canisters. If you would like to see what these errors are, you can print them using the --print-default-expected-errors option:
cuzz --print-default-expected-errorsYou can also exclude these errors using the --exclude-default-expected-errors option:
cuzz --canister-name my_very_own_canister --skip-deploy --clear-console --exclude-default-expected-errorsTo find memory leaks, run cuzz until its process either ends from a canister crashing due to running out of memory, or until you see an unexpected increase in memory size. cuzz will print out the starting, current, and increase in memory size in bytes.
You can create a cuzz.json file in the same directory as your canister's dfx.json file to configure cuzz.
To learn about the available configurations, please see the TypeScript type for CuzzConfig.
cuzz will automatically fabricate cycles to a canister when it encounters an error due to lack of cycles. You can configure the amount of cycles to fabricate using the fabricateCycles property in your cuzz.json file:
{
"fabricateCycles": "100000000000000"
}