You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So with #6 and #7 merged in rutenspitz no longer crashes in a fuzz cycle on a panic when both the implementation and the model panic in accordance. This change in behaviour is fine, since the main purpose of this crate is to observe the equivalence of two models. But I think it may be useful to use it also to find panics on malformed input (well, a series of operations to a model). This is exactly what the url::Url fuzzer did, although it did in a rather convoluted way by using url::Url as the supposed doppelganger of url::Url itself.
Rather than doing that we should have a mode which turns off all comparisons, essentially always using
This sounds like a "don't compare, just fuzz" mode to me. Several people including myself attempted implementing that independently, see https://github.com/Eh2406/auto-fuzz-test
But that's just a PoC, so it didn't use any proc macros, just filling in values in a template.
You know, a mode without comparison to a reference model, but also without considering panics as failures would indeed be very useful. For example, it would have found CVE-2018-1000810 if run on std::String
So with #6 and #7 merged in rutenspitz no longer crashes in a fuzz cycle on a panic when both the implementation and the model panic in accordance. This change in behaviour is fine, since the main purpose of this crate is to observe the equivalence of two models. But I think it may be useful to use it also to find panics on malformed input (well, a series of operations to a model). This is exactly what the
url::Url
fuzzer did, although it did in a rather convoluted way by usingurl::Url
as the supposed doppelganger ofurl::Url
itself.Rather than doing that we should have a mode which turns off all comparisons, essentially always using
rutenspitz/lib/src/lib.rs
Lines 482 to 486 in ff2c1b2
This is perhaps somewhat out of scope given the name of this crate but nonetheless seems like a useful extension.
The text was updated successfully, but these errors were encountered: