0xMiden · huitseeker · Apr 23, 2026 · Apr 17, 2026 · Apr 23, 2026
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
@@ -39,6 +39,10 @@ jobs:
           - precompile_request_deserialize
           - library_deserialize
           - package_deserialize
+          - package_semantic_deserialize
+          - project_toml_parse
+          - project_load
+          - project_assemble
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
@@ -51,9 +55,42 @@ jobs:
       - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
       - name: Install cargo-fuzz
         run: cargo install cargo-fuzz --locked
+      - name: Generate fuzz seed corpus
+        env:
+          TARGET: ${{ matrix.target }}
+          GENERATED_CORPUS_TARGETS: >-
+            mast_forest_deserialize program_deserialize kernel_deserialize
+            stack_io_deserialize advice_inputs_deserialize operation_deserialize
+            execution_proof_deserialize precompile_request_deserialize
+            library_deserialize package_deserialize package_semantic_deserialize
+        run: |
+          if [[ " $GENERATED_CORPUS_TARGETS " == *" $TARGET "* ]]; then
+            make fuzz-seeds
+          else
+            echo "No generated seed corpus for $TARGET"
+          fi
       - name: Run fuzz target (smoke test)
+        env:
+          TARGET: ${{ matrix.target }}
         run: |
+          FUZZ_TARGET="$(cargo +nightly fuzz build --help | awk '
+            $0 ~ /^      --target <TRIPLE>/ { in_target = 1; next }
+            in_target && /\[default:/ {
+              sub(/^.*\[default: /, "")
+              sub(/\].*$/, "")
+              print
+              exit
+            }
+          ')"
+          test -n "$FUZZ_TARGET"
           # Build the fuzz target first
-          cargo +nightly fuzz build --fuzz-dir miden-core-fuzz ${{ matrix.target }}
+          cargo +nightly fuzz build --target "$FUZZ_TARGET" --fuzz-dir miden-core-fuzz "$TARGET"
           # Run directly to avoid cargo-fuzz wrapper SIGPIPE issue
-          miden-core-fuzz/target/x86_64-unknown-linux-gnu/release/${{ matrix.target }} -max_total_time=60 -runs=10000
+          FUZZ_BIN="miden-core-fuzz/target/$FUZZ_TARGET/release/$TARGET"
+          test -x "$FUZZ_BIN"
+          CORPUS_DIR="miden-core-fuzz/corpus/$TARGET"
+          if [ -d "$CORPUS_DIR" ]; then
+            "$FUZZ_BIN" "$CORPUS_DIR" -max_total_time=60 -runs=10000
+          else
+            "$FUZZ_BIN" -max_total_time=60 -runs=10000
+          fi
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -33,6 +33,7 @@
 - Refactor trace generation to row-major format ([#2937](https://github.com/0xMiden/miden-vm/pull/2937)).
 - Documented non-overlap requirement for `memcopy_words`, `memcopy_elements`, and AEAD encrypt/decrypt procedures ([#2941](https://github.com/0xMiden/miden-vm/pull/2941)).
 - Added chainable `Test` builders for common test setup in `miden-utils-testing` ([#2957](https://github.com/0xMiden/miden-vm/pull/2957)).
+- Added fuzz coverage for package semantic deserialization and project parsing, loading, and assembly ([#3015](https://github.com/0xMiden/miden-vm/pull/3015)).
 - Speed-up AUX range check trace generation by changing divisors to a flat Vec layout ([#2966](https://github.com/0xMiden/miden-vm/pull/2966)).
 - Removed AIR constraint tagging instrumentation, applied a uniform constraint description style across components, and optimized constraint evaluation ([#2856](https://github.com/0xMiden/miden-vm/pull/2856)).
 

diff --git a/Makefile b/Makefile
@@ -300,7 +300,11 @@ fuzz-all: fuzz-seeds ## Run all fuzz targets (in sequence)
 	-@cargo +nightly fuzz run library_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
 	-@cargo +nightly fuzz run library_serde_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
 	-@cargo +nightly fuzz run package_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run package_semantic_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
 	-@cargo +nightly fuzz run package_serde_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run project_toml_parse --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run project_load --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run project_assemble --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
 
 .PHONY: fuzz-list
 fuzz-list: ## List available fuzz targets

diff --git a/crates/mast-package/src/package/seed_gen.rs b/crates/mast-package/src/package/seed_gen.rs
@@ -48,15 +48,15 @@ fn build_library(signature: Option<FunctionType>) -> Arc<Library> {
     Arc::new(Library::new(Arc::new(forest), exports).expect("failed to build library"))
 }
 
-fn build_package(library: Arc<Library>, signature: FunctionType) -> Package {
+fn build_package(library: Arc<Library>, signature: Option<FunctionType>) -> Package {
     let path = absolute_path("test::proc");
     let node_id = library.get_export_node_id(path.as_ref());
     let digest = library.mast_forest()[node_id].digest();
 
     let export = PackageExport::Procedure(PackageProcedureExport {
         path: Arc::clone(&path),
         digest,
-        signature: Some(signature),
+        signature,
         attributes: AttributeSet::default(),
     });
 
@@ -96,8 +96,16 @@ fn generate_fuzz_seeds() {
         &library_with_signature.to_bytes(),
     );
 
-    let package = build_package(library_with_signature, signature);
+    let package = build_package(Arc::clone(&library), None);
     write_seed("package_deserialize", "minimal_package.bin", &package.to_bytes());
+    write_seed("package_semantic_deserialize", "minimal_package.bin", &package.to_bytes());
+
+    let package_with_signature = build_package(library_with_signature, Some(signature));
+    write_seed(
+        "package_deserialize",
+        "package_with_signature.bin",
+        &package_with_signature.to_bytes(),
+    );
 
     println!("\nSeed corpus generated in ../../miden-core-fuzz/corpus");
 }
diff --git a/miden-core-fuzz/Cargo.toml b/miden-core-fuzz/Cargo.toml
@@ -23,10 +23,26 @@ features = ["std", "serde"]
 path = "../crates/assembly-syntax"
 features = ["std", "serde"]
 
+[dependencies.miden-assembly]
+path = "../crates/assembly"
+features = ["std"]
+
 [dependencies.miden-mast-package]
 path = "../crates/mast-package"
 features = ["std"]
 
+[dependencies.miden-package-registry]
+path = "../crates/package-registry"
+features = ["std", "serde", "resolver"]
+
+[dependencies.miden-project]
+path = "../crates/project"
+features = ["std", "serde"]
+
+[dependencies.toml]
+version = "1.0"
+features = ["parse", "display", "serde"]
+
 # Fuzz targets - each is a separate binary
 [[bin]]
 name = "mast_forest_deserialize"
@@ -175,6 +191,13 @@ test = false
 doc = false
 bench = false
 
+[[bin]]
+name = "package_semantic_deserialize"
+path = "fuzz_targets/package_semantic_deserialize.rs"
+test = false
+doc = false
+bench = false
+
 [[bin]]
 name = "package_serde_deserialize"
 path = "fuzz_targets/package_serde_deserialize.rs"
@@ -188,3 +211,24 @@ path = "fuzz_targets/mast_forest_serde_deserialize.rs"
 test = false
 doc = false
 bench = false
+
+[[bin]]
+name = "project_toml_parse"
+path = "fuzz_targets/project_toml_parse.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "project_load"
+path = "fuzz_targets/project_load.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "project_assemble"
+path = "fuzz_targets/project_assemble.rs"
+test = false
+doc = false
+bench = false
diff --git a/miden-core-fuzz/corpus/project_assemble/debug_profile b/miden-core-fuzz/corpus/project_assemble/debug_profile
@@ -0,0 +1,2 @@
+[metadata]
+purpose = "exercise debug-enabled project assembly"
diff --git a/miden-core-fuzz/corpus/project_assemble/empty_snippet b/miden-core-fuzz/corpus/project_assemble/empty_snippet
@@ -0,0 +1 @@
+# empty snippet
diff --git a/miden-core-fuzz/corpus/project_assemble/release_trim_paths b/miden-core-fuzz/corpus/project_assemble/release_trim_paths
@@ -0,0 +1,2 @@
+[lints]
+unused-imports = "allow"
diff --git a/miden-core-fuzz/corpus/project_load/inherited_workspace b/miden-core-fuzz/corpus/project_load/inherited_workspace
@@ -0,0 +1,10 @@
+[package]
+name = "workspace-member"
+version.workspace = true
+description.workspace = true
+
+[lib]
+path = "lib.masm"
+
+[dependencies]
+shared-dep.workspace = true
diff --git a/miden-core-fuzz/corpus/project_load/kernel_package b/miden-core-fuzz/corpus/project_load/kernel_package
@@ -0,0 +1,11 @@
+[package]
+name = "mykernel"
+version = "2.0.0"
+
+[lib]
+kind = "kernel"
+path = "kernel/mod.masm"
+
+[[bin]]
+name = "entry"
+path = "bin/entry.masm"
diff --git a/miden-core-fuzz/corpus/project_load/package_with_bins b/miden-core-fuzz/corpus/project_load/package_with_bins
@@ -0,0 +1,11 @@
+[package]
+name = "myapp"
+version = "0.1.0"
+
+[[bin]]
+name = "main"
+path = "bin/main.masm"
+
+[[bin]]
+name = "helper"
+path = "bin/helper.masm"
diff --git a/miden-core-fuzz/corpus/project_load/package_with_deps b/miden-core-fuzz/corpus/project_load/package_with_deps
@@ -0,0 +1,12 @@
+[package]
+name = "myproject"
+version = "0.5.0"
+
+[lib]
+path = "lib.masm"
+
+[dependencies]
+stdlib = { version = "1.0.0" }
+local-dep = { path = "../local-dep", linkage = "static" }
+remote-dep = { git = "https://github.com/example/repo", branch = "main" }
+workspace-dep.workspace = true
diff --git a/miden-core-fuzz/corpus/project_load/package_with_lib b/miden-core-fuzz/corpus/project_load/package_with_lib
@@ -0,0 +1,8 @@
+[package]
+name = "mylib"
+version = "1.0.0"
+description = "A simple library"
+
+[lib]
+namespace = "mylib"
+path = "lib.masm"
diff --git a/miden-core-fuzz/corpus/project_load/package_with_metadata b/miden-core-fuzz/corpus/project_load/package_with_metadata
@@ -0,0 +1,14 @@
+[package]
+name = "metadata-example"
+version = "0.1.0"
+description = "Example with metadata"
+
+[lib]
+path = "lib.masm"
+
+[package.metadata.custom]
+key = "value"
+number = 42
+
+[lints.miden]
+unused = "warn"
diff --git a/miden-core-fuzz/corpus/project_load/package_with_profile b/miden-core-fuzz/corpus/project_load/package_with_profile
@@ -0,0 +1,14 @@
+[package]
+name = "profiled"
+version = "0.1.0"
+
+[lib]
+path = "lib.masm"
+
+[profile.release]
+debug = false
+trim-paths = true
+
+[profile.custom]
+inherits = "dev"
+debug = true
diff --git a/miden-core-fuzz/corpus/project_load/simple_package b/miden-core-fuzz/corpus/project_load/simple_package
@@ -0,0 +1,3 @@
+[package]
+name = "simple"
+version = "0.1.0"
diff --git a/miden-core-fuzz/corpus/project_load/workspace_manifest b/miden-core-fuzz/corpus/project_load/workspace_manifest
@@ -0,0 +1,10 @@
+[workspace]
+members = ["crate-a", "crate-b", "crate-c"]
+
+[workspace.package]
+version = "0.1.0"
+description = "A workspace example"
+
+[workspace.dependencies]
+foo = { path = "crate-a" }
+bar = { version = "1.0.0", linkage = "static" }
diff --git a/miden-core-fuzz/corpus/project_toml_parse/inherited_workspace b/miden-core-fuzz/corpus/project_toml_parse/inherited_workspace
@@ -0,0 +1,10 @@
+[package]
+name = "workspace-member"
+version.workspace = true
+description.workspace = true
+
+[lib]
+path = "lib.masm"
+
+[dependencies]
+shared-dep.workspace = true
diff --git a/miden-core-fuzz/corpus/project_toml_parse/kernel_package b/miden-core-fuzz/corpus/project_toml_parse/kernel_package
@@ -0,0 +1,11 @@
+[package]
+name = "mykernel"
+version = "2.0.0"
+
+[lib]
+kind = "kernel"
+path = "kernel/mod.masm"
+
+[[bin]]
+name = "entry"
+path = "bin/entry.masm"
diff --git a/miden-core-fuzz/corpus/project_toml_parse/package_with_bins b/miden-core-fuzz/corpus/project_toml_parse/package_with_bins
@@ -0,0 +1,11 @@
+[package]
+name = "myapp"
+version = "0.1.0"
+
+[[bin]]
+name = "main"
+path = "bin/main.masm"
+
+[[bin]]
+name = "helper"
+path = "bin/helper.masm"
diff --git a/miden-core-fuzz/corpus/project_toml_parse/package_with_deps b/miden-core-fuzz/corpus/project_toml_parse/package_with_deps
@@ -0,0 +1,12 @@
+[package]
+name = "myproject"
+version = "0.5.0"
+
+[lib]
+path = "lib.masm"
+
+[dependencies]
+stdlib = { version = "1.0.0" }
+local-dep = { path = "../local-dep", linkage = "static" }
+remote-dep = { git = "https://github.com/example/repo", branch = "main" }
+workspace-dep.workspace = true
diff --git a/miden-core-fuzz/corpus/project_toml_parse/package_with_lib b/miden-core-fuzz/corpus/project_toml_parse/package_with_lib
@@ -0,0 +1,8 @@
+[package]
+name = "mylib"
+version = "1.0.0"
+description = "A simple library"
+
+[lib]
+namespace = "mylib"
+path = "lib.masm"
diff --git a/miden-core-fuzz/corpus/project_toml_parse/package_with_metadata b/miden-core-fuzz/corpus/project_toml_parse/package_with_metadata
@@ -0,0 +1,14 @@
+[package]
+name = "metadata-example"
+version = "0.1.0"
+description = "Example with metadata"
+
+[lib]
+path = "lib.masm"
+
+[package.metadata.custom]
+key = "value"
+number = 42
+
+[lints.miden]
+unused = "warn"
diff --git a/miden-core-fuzz/corpus/project_toml_parse/package_with_profile b/miden-core-fuzz/corpus/project_toml_parse/package_with_profile
@@ -0,0 +1,14 @@
+[package]
+name = "profiled"
+version = "0.1.0"
+
+[lib]
+path = "lib.masm"
+
+[profile.release]
+debug = false
+trim-paths = true
+
+[profile.custom]
+inherits = "dev"
+debug = true
diff --git a/miden-core-fuzz/corpus/project_toml_parse/simple_package b/miden-core-fuzz/corpus/project_toml_parse/simple_package
@@ -0,0 +1,3 @@
+[package]
+name = "simple"
+version = "0.1.0"
diff --git a/miden-core-fuzz/corpus/project_toml_parse/workspace_manifest b/miden-core-fuzz/corpus/project_toml_parse/workspace_manifest
@@ -0,0 +1,10 @@
+[workspace]
+members = ["crate-a", "crate-b", "crate-c"]
+
+[workspace.package]
+version = "0.1.0"
+description = "A workspace example"
+
+[workspace.dependencies]
+foo = { path = "crate-a" }
+bar = { version = "1.0.0", linkage = "static" }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		[metadata]
		purpose = "exercise debug-enabled project assembly"