search

rust-fuzz / cargo-fuzz

Command line helpers for fuzzing
https://rust-fuzz.github.io/book/cargo-fuzz.html
Apache License 2.0
1.48k stars 108 forks source link

Integrate cargo-careful #331

Closed elichai closed 1 year ago

elichai commented 1 year ago

cargo-careful enables debug assertions and some UB checks in libstd, I think it would be useful if we can fuzz under that configuration https://github.com/RalfJung/cargo-careful

(@RalfJung Might be of interest to you)

elichai commented 1 year ago

I see now there's an open PR to enable -Zbuild-std https://github.com/rust-fuzz/cargo-fuzz/pull/292

fitzgen commented 1 year ago

Does this have any advantages over adding -Zbuild-std support given that we already have sanitizer support?

elichai commented 1 year ago

@fitzgen -Zbuild-std together with -Cdebug-assertions=on -Zextra-const-ub-checks -Zstrict-init-checks --cfg "careful" will basically give cargo-careful, the upside of these over just build-std+sanitizer is:

  1. Add more UB checks in const evaluation (these never reach LLVM).
  2. Add assertions that could catch invariants failing even if they haven't manifested into UB just yet (I think), and catch rust-specific UB that aren't necessarily LLVM UB.
  3. Not sure about the strict-init-checks flag, on one hand, any invalid operation on uninitialized data should be catched by memsan, on the other hand, MIR optimization could also influence this (not sure what's the current state of MIR optimizations)
fitzgen commented 1 year ago

Yeah I guess I would rather use these -Z rustc flags ourselves than add another layer around cargo.