• This repository has been archived on 12/Jan/2020
  • Stars
    star
    160
  • Rank 234,703 (Top 5 %)
  • Language
    Rust
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

QuickCheck bug hunting in Rust standard library data structures

BugHunt, Rust

Build Status

This project is aiming to provide "stateful" QuickCheck models for Rust's standard library. That is, we build up a random list of operations against an abstract data type, an "obviously correct" model of that ADT and apply the operations to both the model and the reference implementation of the data type. If the model and reference implementation differ in any way then that's a good sign there's a bug to be diagnosed and reported. This is different from fuzzing in that we're interested in higher-level behaviour of data structures--their "properties"--and aren't necessarily looking for crashes. (That said, "do not crash the program" is a pretty good property for most data structures.)

We're inspired by the work @jlouis did in the Erlang community to detect subtle bugs in that language's map implementation and @shnatsel's recent work fuzzing Rust crates for crashes.

Running the Suite

Running the tests takes a little leg work. The project performs model-based fuzzing, which means the tests are driven by a fuzzer, cargo-fuzz (libFuzzer) in particular. We've written about the general approach here. Since this post we've switch from AFL to libFuzzer but the broad details remain the same.

The available targets are listed out in [fuzz/Cargo.toml], the binaries of the project. Say you want to run the str::repeat target. Make sure you've got cargo-fuzz installed by running cargo install cargo-fuzz.

> cargo fuzz run str_repeat

A reasonable test run will take hours and as configured the above run will execute forever. Give the flag --help to cargo fuzz to see its options relating to runtime constriction, corpus definition etc.

Why does this run outside of Rust itself?

Well! I'm not sure that bundling these long-running tests into the Rust compiler project is something anyone would go for and, working here as an external project, we can avoid needing to fiddle with toolchains and longish build cycles. Downside is, the std data structures we're testing don't have any sanitizers turned on etc on account of the project is run against the usual Rust release.

Contributing

Writing QuickCheck models can be slow work and contributions are very welcome, either introducing new models into the project or extending existing ones. We have an experimental clusterfuzz setup running and if you have credits to donate that would be most welcome. I intend to document project balances, money needs once they are clear.

Would you take CI help?

Yes! Right now we have a folder ci/ which has the build scripts used in .travis.yml. We're producing test binaries and feeding them directly into the clusterfuzz setup the project has. Speaking of, I'll be adding configuration for that cluster to this repository in the coming days.

Any improvements in the build pipeline, clusterfuzz configuration are most welcome.

Would you take documentation help?

Yes!

Hey, how can I learn more?

Randomized testing is a touch esoteric but there's a lot of reading material available (itself a problem, kind of). In no certain order:

I, blt, am also happy to answer questions over email. I'm [email protected].

More Repositories

1

port_compiler

A rebar3 port compiler
Erlang
65
star
2

Barkety

Scala/Akka XMPP client library
Scala
31
star
3

hamurabi

A translation of the classic BASIC game.
C
28
star
4

beat

A hackday project for Erlang/OTP pedagogy.
Erlang
14
star
5

tst

A ternary search tree implementation in Erlang.
Erlang
11
star
6

Harmony

A collaborative music machine, Ancient Greek (and Medieval Catholic!) style.
Python
9
star
7

smallcheck

an exhaustive checker in Rust
Rust
8
star
8

locker

An Erlang/OTP per-cluster lock application.
Erlang
8
star
9

bson

A strict, stand-alone BSON implementation for Erlang.
Erlang
7
star
10

gen_pubsub

PubSub communication pattern OTP behaviour.
Erlang
7
star
11

puppet-ssh

Puppet tools for ssh
Puppet
6
star
12

bh_alloc

A collection of fastish allocators
Rust
5
star
13

andweorc

A causal profiler
Rust
4
star
14

crone

A rebar-ized fork of Cat's Eye Technologies' crone.
Erlang
4
star
15

puppet-git

Puppet control module for git.
Puppet
4
star
16

cargo-flake

Rust
4
star
17

approximate

Data structures that answer questions with bounded error.
Rust
3
star
18

core_erlang

A Language.C style library for parsing both Erlang and Core Erlang
Haskell
3
star
19

Nomad

A dead simple Scala DB schema migratory library.
Scala
3
star
20

fahrradboten

A workshop project!
Erlang
3
star
21

rqc

an experiment in building a coverage directed quickcheck implementation
Rust
3
star
22

maze

A maze running game in LOVE2d
Lua
3
star
23

PhoneNumber

A mildly useful Scala wrapper over libphonenumber
Scala
2
star
24

sendhipchat

Send room messages to HipChat with an interface inspired by sendmail.
Ruby
2
star
25

grey_code

A module of grey code algorithms
Erlang
2
star
26

tftp-problems

An erlang tftp problem example project.
Erlang
2
star
27

fantastic_voyageiii

Notes for my Code BEAM SF 2019 talk.
Erlang
2
star
28

imho

International Mun Humbling Organization
2
star
29

basakkaly

An Akka project quickstart.
Scala
2
star
30

rebar_include_path_question

A question about rebar include paths for co-app demonstration project.
JavaScript
2
star
31

puppet-openssl

A poor-man's CA in puppet.
Puppet
2
star
32

puppet-apt

Debian APT resources for puppet modules.
Puppet
1
star
33

emacs_d

Dotfiles, you know?
Emacs Lisp
1
star
34

project-alexandria

Project Alexandria aims to make books in the public domain accessible, beautiful and easy to manage
1
star
35

BreakyBot

A break-dancing robot that will remain broken so long as I can find bugs in Akka.
Scala
1
star
36

hooks

A small post-receive project for a StackOverflow question on curl.
Ruby
1
star
37

incron

inotify cron system
C++
1
star
38

puppet-rabbitmq

Puppet module for RabbitMQ message server.
Puppet
1
star
39

puppet-traut

Puppet control module for traut.
Puppet
1
star
40

parse_fight

A demonstration of an autohelp bug.
Erlang
1
star
41

prime_miner

An experiment in Erlang/OTP no-downtime release process.
Shell
1
star
42

hare

A command-line tool in Ruby to interact with message queues
Ruby
1
star
43

puppet-slugbuild

A puppet module for a certain kind of source deployment strategy.
Puppet
1
star
44

mond

lua53, rustified
C
1
star
45

puppet-gitolite

Puppet control module for gitolite.
Puppet
1
star
46

spike

a research spike
Rust
1
star
47

retypist

Rust
1
star
48

blogtagblues

Another small project to demonstrate an issue with Middleman's blog extension.
Ruby
1
star
49

traut

Not unlike cron for AMQP events.
Ruby
1
star
50

blog-troutwine-us

The source code and articles of my blog.
CSS
1
star
51

erl_hacks

A repository of small hacks.
Erlang
1
star
52

bundler_question

A question on the use of bundler to include Gemfile specified gems
Ruby
1
star
53

utf8ouch

A small project to demonstrate an issue with Middleman.
Ruby
1
star
54

processing-sketchbooks

A repository for my Processing sketches.
Java
1
star
55

webmachine_disp_path_error

A reproduction of a webmachine bug.
Erlang
1
star
56

troutwineus-puppet-example

Puppet configuration for series produced in series of troutwine.us articles.
Puppet
1
star
57

statrec

A didactic example for crafting native Debian packages.
1
star
58

vellus

A stochastic erlang testing library
Erlang
1
star
59

atchteeteepea

a sink http server
Rust
1
star
60

puppet-puppet

Puppet module to manage puppet.
Puppet
1
star