feat: apply cargo fuzz

[abelmega]

Summary

Migrates SALT's fuzzing infrastructure from an internal test module to a proper cargo-fuzz setup, enabling continuous fuzzing with libFuzzer and better integration with fuzzing workflows.

Changes

Project Structure

• Created fuzz/ workspace member with proper cargo-fuzz configuration
• Moved fuzzing code from salt/src/fuzz.rs to fuzz/fuzz_targets/salt_fuzz.rs
• Removed test-only fuzzing module from main library (salt/src/lib.rs)

Fuzzing Infrastructure

• Integrated libFuzzer: Added libfuzzer-sys dependency for coverage-guided fuzzing
• Added fuzz target: salt_fuzz binary configured for continuous fuzzing
• Improved test data generation: Replaced manual random generation with fuzzer-driven input
  • Fuzzer now controls operation sequences via raw byte input
  • Deterministic seed extraction from fuzzer data for reproducibility
  • Configurable via environment variables (blocks, mini-blocks, lookups, KV pool size)

Code Improvements

• Removed serde dependency from operation types (no longer needed for JSON replay)
• Added singleton database: Uses OnceLock to persist state across fuzzer iterations
• Enhanced reversion testing: Added validation of state rollback to verify invertibility of updates
• Better documentation: Added comprehensive English comments explaining fuzzing logic

Configuration

• Feature flags: Supports test-bucket-resize and enable-hugepages features
• Gitignore: Added fuzzing artifacts (corpus, crashes, coverage) to .gitignore

Testing

Run fuzzing with:
cargo +nightly fuzz run salt_fuzz --release --features="test-bucket-resize,enable-hugepages" -- -max_total_time=180 -rss_limit_mb=20480

Configure fuzzing parameters via environment variables:

• RANDOM_BLOCKS=3 - Blocks per fuzzing iteration
• RANDOM_MINI_BLOCKS=10 - Mini-blocks per block
• RANDOM_LOOKUPS=50 - Lookups per block
• RANDOM_KV_POOL_SIZE=4096 - Size of key-value pool

Benefits

1. Industry-standard tooling: Uses cargo-fuzz/libFuzzer for better coverage and crash detection
2. Continuous fuzzing: Can run indefinitely to discover edge cases
3. Corpus management: Automatically builds corpus of interesting test cases
4. Crash reproduction: Fuzzer saves failing inputs for easy debugging
5. Better separation: Fuzzing code isolated from production library