Skip to content

UB-free and deterministic rustc fuzzer

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

cbeuw/rustlantis

Repository files navigation

Rustlantis

A Rust Mid-level Intermediate Representation fuzzer

It can generate custom MIR programs containing:

  • All primitive integer and floating point types, bool, char, arrays, tuples, references, raw pointers, structs, and enums.
  • Functions containing multiple basic blocks
  • Terminators: Goto, Return, SwitchInt (match), Call.
  • Intrinsic functions: arith_offset (for pointer arithmetics), transmute, bswap, fmaf64.
  • Operators: all arithmetic, logical and bitwise operations on integers and floating points, and checked arithmetic (Add, Sub, Mul) on integers
  • All primitive literal expressions, as well as tuple, array, and struct aggregate expressions
  • Creating references and raw pointers, and dereferencing them
  • Casts between integers, floating points, char, and bool

Generated programs are terminating, UB-free, and deterministic. A discrepancy between testing backends always indicate a bug in them (or a bug in Rustlantis).

Requirements

  • Rust nightly
  • rustup

Config

Install Miri and Cranelift with Rustup rustup component add miri rustc-codegen-cranelift-preview, then copy config.toml.example to config.toml

Usage

To generate and difftest one seed, run

./fuzz-one.sh <seed>

A program will be generated to $TMPDIR and tested. If difftest passes (no bug), it will exit with 0. If difftest spots a difference between testing backends, it will exit with 1 and save the reproduction file to ./repros/.

To generate a program only, run generate

Usage: generate [OPTIONS] <seed>

Arguments:
  <seed>  generation seed

Options:
  -d, --debug                      generate a program where values are printed instead of hashed (slow)
      --call-syntax <call-syntax>  switch between different versions of Call syntaxes [default: v4] [possible values: v1, v2, v3, v4]
  -h, --help                       Print help
  -V, --version                    Print version

To difftest an existing program, run difftest

Usage: difftest <file>

Arguments:
  <file>  

Options:
  -h, --help  Print help

Quirks

Namesake

The Space Shuttle Atlantis docked with Mir space station seven times: https://en.wikipedia.org/wiki/Shuttle%E2%80%93Mir_program

Trophies

🦀: Root cause in Rust 🐉: Root cause in LLVM 🏗️: Root cause in Cranelift

Crashes & ICEs

Silent Miscompilations

Previously known bugs

License

Rustlantis is distributed under the terms of both the MIT License and the Apache License (Version 2.0), at your choice.

© ETH Zurich and contributors

About

UB-free and deterministic rustc fuzzer

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Packages

No packages published

Languages