csmith fuzzing #1033
Merged
csmith fuzzing #1033
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Are there any knobs we can tweak to make the types more complex? |
|
Regardless or current effectiveness, I think we should land this now so that others can continue to experiment with C-Smith and we have a canonical place to submit any improvements. Thanks for looking into this @e00E ! Looking forward to more :) @bors-servo r+ |
|
📌 Commit d5f8722 has been approved by |
bors-servo
pushed a commit
that referenced
this pull request
Sep 25, 2017
csmith fuzzing ref #969 An initial version of a script that fuzzes bindgen with csmith. I ran it for maybe 1000 iterations and it did not find something wrong. The programs generated by csmith are probably too simple type wise. Here is an example output of what csmith generates: ``` C /* --- Struct/Union Declarations --- */ union U2 { uint64_t f0; const signed f1 : 18; }; union U4 { const volatile signed f0 : 1; volatile int16_t f1; int32_t f2; int8_t * const f3; volatile int64_t f4; }; union U5 { const int8_t * f0; volatile int8_t f1; uint16_t f2; unsigned f3 : 22; }; /* --- GLOBAL VARIABLES --- */ static int8_t g_3[8] = {0x47L,0xE8L,0x47L,0x47L,0xE8L,0x47L,0x47L,0xE8L}; static int32_t g_25 = 0x3421AD7BL; static union U5 g_40 = {0};/* VOLATILE GLOBAL g_40 */ static int32_t g_43[4][3] = {{(-10L),(-10L),(-10L)},{(-10L),(-10L),(-10L)},{(-10L),(-10L),(-10L)},{(-10L),($static int32_t * volatile g_42 = &g_43[0][0];/* VOLATILE GLOBAL g_42 */ static int32_t * volatile g_50 = &g_43[2][0];/* VOLATILE GLOBAL g_50 */ static int32_t g_53 = (-9L); static union U4 g_57 = {0x9C113E7BL};/* VOLATILE GLOBAL g_57 */ /* --- FORWARD DECLARATIONS --- */ static union U4 func_1(void); static int16_t func_4(int32_t p_5); static int32_t func_6(int32_t p_7, union U2 p_8, int8_t * p_9); static int32_t func_10(uint32_t p_11, int8_t * p_12, int8_t * p_13); static int8_t * func_14(int32_t p_15, union U2 p_16); static union U2 func_28(const uint64_t p_29, int8_t * p_30, uint32_t p_31); static union U5 func_34(uint32_t p_35); ```
|
☀️ Test successful - status-travis |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ref #969
An initial version of a script that fuzzes bindgen with csmith. I ran it for maybe 1000 iterations and it did not find something wrong. The programs generated by csmith are probably too simple type wise.
Here is an example output of what csmith generates: