zls
zls copied to clipboard
zigtools
Add fuzzing to preemptively catch errors
@mattnite suggested that we add fuzzing to zls to help catch rarer errors before they even affect users. Any implementation detail ideas?
(disclaimer: I know nothing about the internals of zls)
Something that might be worth noting is that the Zig parser currently doesn't handle a lot of edge cases that can be found via straightforward mutation fuzzing (i.e. nothing language-specific like this). This is something I ran into with https://github.com/squeek502/zig-std-lib-fuzzing and was told to hold off on fuzzing the parser until things are more stabilized. To give you an idea of what types of things I'm talking about, it would be things like hugely nested scopes, hugely nested parenthesis, etc, as well as other more straightforward assertion trips and whatnot.
So that might make fuzzing zls a bit trickier, as you'll likely end up finding quite a few Zig parser bugs.
(the Zig tokenizer can be fuzzed without any crashes, though, so if there's some part of zls that only uses the tokenizer that could be fuzzed without a problem)
I've been updating zig-lsp-codegen recently and I've got a local fuzzer nearly working. For now it'll just throw absolute total random garbage at zls but this might already be helpful for finding fundamental protocol/LSP implementation issues as well as memory problems and index out of bounds sites. zls should never crash or segfault so hopefully this'll bring us closer to that dream. :)
Later, I'll probably start throwing thousands of Zig language test files at zls to see what it thinks, but that'll be in a bit.
