Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bhansconnect/roc-fuzz-internal

Attempts to fuzz roc code
https://github.com/bhansconnect/roc-fuzz-internal

fuzzing roc-lang

Last synced: 3 days ago
JSON representation

Attempts to fuzz roc code

Host: GitHub
URL: https://github.com/bhansconnect/roc-fuzz-internal
Owner: bhansconnect
License: mit
Created: 2022-12-15T05:27:08.000Z (about 2 years ago)
Default Branch: trunk
Last Pushed: 2024-01-25T18:21:24.000Z (12 months ago)
Last Synced: 2024-04-16T04:18:50.560Z (9 months ago)
Topics: fuzzing, roc-lang
Language: Rust
Homepage:
Size: 97.7 KB
Stars: 0
Watchers: 3
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Roc-fuzz-internal

Warning: This repro is being deprecated, but is mostly meant for fuzzing compiler implementations for memory leaks.

The goal of this repo is to enable fuzzing of roc applications.
The main target is fuzzing parts of the standard library.
It should hopefully be able to catch some bugs especially memory safety ones in the zig builtins.

Note: On the sanitizers really only fully catch bugs on linux. If you are on mac, fuzzing is likely to be less productive.

## Dependencies

This requires [cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz) which can be installed with: `cargo install cargo-fuzz`

If using any sanitizer other than the fuzzer, it also requires nightly rust to enable.

## How to use

This requires a special build of the compiler with the `sanitizers` feature flag.
Start by [building roc from source](https://github.com/roc-lang/roc/blob/main/BUILDING_FROM_SOURCE.md):
```sh
cargo build --features sanitizers --bin roc
```

Note: From this point forward, `roc` means the binary generate from the above command in `target/debug/roc`

Note: If you have `roc` in your path, you should be able to just use the `run.sh` or `run-many.sh` scripts to do everything below automatically.
That said, the script does require installing [gum](https://github.com/charmbracelet/gum).

Next, we can use roc to build a fuzz target. They all live in the `roc_targets` directory.
For building fuzz targets, we need to enable sanitizers. At a minimum, the `cargo-fuzz` sanitizer is required.
On top of that `address`, `memory`, and `thread` sanitizers are available. I advise using `address` sanitizer in general.
We can build `strFromUtf8.roc` with:
```sh
ROC_SANITIZERS="address,cargo-fuzz" roc build --no-link roc_targets/strFromUtf8.roc
````

This will generate an instrumented object file. For this platform we need a static library.
That can be create with:
```sh
ar rcs roc_targets/libroc-fuzz.a roc_targets/libroc-fuzz.o
```

Now that we have the generated static library, we can compile and run the fuzz target (note that this requires the nightly toolchain):

```sh
cargo +nightly fuzz run roc-fuzz
```

## Other Notes

If you switch from fuzzing one applications to another, remember to clear the `fuzz/corpus` and `fuzz/artifacts` directories.

For more options run `cargo fuzz run --help`.

Fuzzing can be done with optimized builds. Just add `--optimize` to the `roc build` invocation and `-O` to the `cargo fuzz run` invocation.

In the future, I hope to add a way to pretty print the crashes. That should help a human understand them better.