rust-bindgen icon indicating copy to clipboard operation
rust-bindgen copied to clipboard

Published 20 hours ago verified publisher icon rust-lang

Investigate fuzzing with `cargo fuzz`

Open fitzgen opened this issue 8 years ago • 1 comments

https://github.com/rust-fuzz/cargo-fuzz

Uses libFuzzer behind the scenes.

Unsure if this is really worth it, hence "investigate" rather than "use". libFuzzer is pretty much throwing random bytes (whose next generations are then guided by coverage information from the last generations) at a function and seeing if it can trigger a panic or segfault or something. For us, the function would be something like "treat these bytes as C/C++ header source and generate bindings to them". This is likely to bounce off of libclang's parser more than it would ever even get into bindgen code, but who knows: maybe the coverage guiding works better than I think?

fitzgen avatar Sep 08 '17 17:09 fitzgen

maybe we could do a more structured approach but that would require being able to emit valid c code out of nowhere. This c_quote! crate idea it's becoming more and more necessary :p

pvdrz avatar Sep 19 '22 19:09 pvdrz