[CHIA-3932] test arithmetic operators against num-bigint results

[arvidn]

This adds fuzzers for the arithmetic CLVM operators, to ensure they agree with the result from num-bigint, including failures.

---

Note

Medium Risk
Moderate risk: adds new fuzz targets and dependency updates in the fuzzing crate plus relaxes Coveralls failures in CI; no production runtime logic changes, but CI/coverage behavior and fuzz coverage change.

Overview
Adds new fuzz targets (arithmetic, divmod, modpow) that compare CLVM arithmetic operator results (and expected failure cases like invalid shifts/div-by-zero/invalid modpow inputs) against num-bigint/num-integer reference behavior.

Introduces a shared clvm-fuzzing::build_args helper to construct argument lists for these fuzzers, updates the fuzz crate dependencies/lockfile accordingly, and makes the Coveralls upload step in the coverage workflow non-fatal (continue-on-error/fail-on-error: false).

^{Written by Cursor Bugbot for commit e5c2d54. This will update automatically on new commits. Configure here.}

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• cargo/hashbrown@0.16.1
• cargo/indexmap@2.13.0

View full report

[arvidn]

@cursor review

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

[arvidn]

@SocketSecurity ignore-all

[arvidn]

it's not obvious why rand has to depend on r-efi, and socket pointed at some files claiming they had shell access, but not to specific lines and it wasn't clear where that would happen.

All of these new dependencies come from quicktest. Perhaps it's not worth including this. These tests could probably be fuzzers instead

[coveralls-official]

Pull Request Test Coverage Report for Build 22552638384

Details

• 0 of 8 (0.0%) changed or added relevant lines in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.09%) to 88.131%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
clvm-fuzzing/src/args.rs	0	8	0.0%

Totals
Change from base Build 22547370160:	-0.09%
Covered Lines:	6831
Relevant Lines:	7751

---

💛 - Coveralls

[arvidn]

The original version of this PR used quickcheck, but it had a large number of questionable dependencies. I changed the tests to be fuzz targets instead.