• Stars
    star
    174
  • Rank 219,104 (Top 5 %)
  • Language
    OCaml
  • License
    MIT License
  • Created over 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Property fuzzing for OCaml

Crowbar

Crowbar is a library for testing code, combining QuickCheck-style property-based testing and the magical bug-finding powers of afl-fuzz.

TL;DR

There are some examples.

Some brief hints:

  1. Use an opam switch with AFL instrumentation enabled (e.g. opam sw 4.04.0+afl).
  2. Run in AFL mode with afl-fuzz -i in -o out -- ./_build/myprog.exe @@.
  3. If you run your executable without arguments, crowbar will perform some simple (non-AFL) testing instead.
  4. Test binaries have a small amount of documentation, available with --help.

writing tests

To test your software, come up with a property you'd like to test, then decide on the input you'd like for Crowbar to vary. A Crowbar test is some invocation of Crowbar.check_eq or Crowbar.check:

let identity x =
  Crowbar.check_eq x x

and instructions for running the test with generated items with Crowbar.add_test:

let () =
  Crowbar.(add_test ~name:"identity function" [int] (fun i -> identity i))

There are more examples available, with varying levels complexity.

building tests

Include crowbar in your list of dependencies via your favorite build system. The resulting executable is a Crowbar test. (Be sure to build a native-code executable, not bytecode.)

To build tests that run under AFL, you'll need to build your tests with a compiler that has AFL instrumentation enabled. (You can also enable it specifically for your build, although this is not recommended if your code has any dependencies, including the OCaml standard library). OCaml compiler variants with AFL enabled by default are available in opam with the +afl tag. All versions published starting with 4.05.0 are available, along with a backported 4.04.0.

$ opam switch 4.06.0+afl
$ eval `opam config env`
$ ./build_my_rad_test.sh # or your relevant build runes

running Tests

Crowbar tests have two modes:

  • a simple quickcheck-like mode for testing propositions against totally random input
  • a mode using afl-persistent to get good performance from afl-fuzz with OCaml's instrumentation enabled

Crowbar tests can be directly invoked with --help for more documentation at runtime.

fully random test mode

If you wish to use the quickcheck-like, fully random mode to run all tests distributed here, build the tests as above and then run the binary with no arguments.

$ ./my_rad_test.exe | head -5
the first test: PASS

the second test: PASS

AFL mode requirements

To run the tests in AFL mode, you'll need to install American Fuzzy Lop (latest source tarball, although your distribution may also have a package available).

Once afl-fuzz is available on your system, create an input directory with a non-empty file in it (or use test/input, conveniently provided in this repository), and an output directory for afl-fuzz to store its findings. Then, invoke your test binary:

afl-fuzz -i test/input -o output ./my_rad_test.exe @@

This will launch AFL, which will generate new test cases and track the exploration of the state space. When inputs are discovered which cause a property not to hold, they will be reported as crashes (along with actual crashes, although in the OCaml standard library these are rare). See the afl-fuzz documentation for more on AFL's excellent interface.

What bugs have you found?

An open issue has a list of issues discovered by testing with Crowbar. If you use Crowbar to improve your software, please let us know!

More Repositories

1

jq

Command-line JSON processor
C
21,280
star
2

malfunction

Malfunctional Programming
OCaml
318
star
3

counterexamples

Counterexamples in Type Systems
JavaScript
281
star
4

mlsub

Prototype type inference engine
OCaml
181
star
5

bf.sed

A brainfuck compiler, written in sed
154
star
6

ppx_stage

Staged metaprogramming in stock OCaml
OCaml
142
star
7

idris-malfunction

Experimental Malfunction backend for Idris
Haskell
82
star
8

caml-oxide

safe FFI between OCaml and Rust (experimental)
Rust
64
star
9

minhttp

A tiny and surprisingly featureful webserver
C
49
star
10

git-ls

List files, annotated by git status
Python
36
star
11

pathfinder

pythonic filesystem library
Python
35
star
12

hax

Random scripts, snippets of code, whatever.
Java
23
star
13

libfib

A library for high-performance lightweight threads
C++
19
star
14

llvm

Context switching for LLVM
C++
15
star
15

linkage

easy-to-use wrapper for OCaml's Dynlink
OCaml
15
star
16

ocaml-afl-persistent

persistent-mode afl-fuzz for ocaml
OCaml
14
star
17

Sandbox

Sandbox for running native code under Linux at full speed, without allowing it to do anything other than read/write stdio
C
12
star
18

bzseek

Random access library for bzip2 files
C
8
star
19

cshore

Call C from Python without writing bindings
C
8
star
20

moria

Embedded language for construction of DWARF
OCaml
7
star
21

with-gdb

Attaches gdb to crashed processes
C
7
star
22

nd

Netsoc LDAP directory
Python
6
star
23

fyp

Final year project
Haskell
5
star
24

wikiflow

random walks through human knowledge
5
star
25

python-monkeypatch

Bringing Ruby best practices to Python
Python
5
star
26

Altitude

Debugging above C level
C
4
star
27

clang

Clang C/C++ compiler, with patches to support context-switching
C++
4
star
28

sequent-subtyping

Coq
3
star
29

irclinks

IRC network visualisation
Python
3
star
30

seqbuf

Sequential buffer access
OCaml
3
star
31

bandgraph

Scale-space visualisation of time-series data
Python
2
star
32

sneeky

Steganography through bad spelling
Python
2
star