[racket-dev] fuzz testing the bytecode reader

From: Sam Tobin-Hochstadt (samth at ccs.neu.edu)
Date: Tue Oct 19 16:42:05 EDT 2010

Earlier today, I wrote a simple fuzz tester for bytecode reading and
evaluation. The code is attached.  It takes an existing zo file, reads
it in as bytes, randomly flips some small portion of the bits (0.1%),
and then `read's and `eval's the results.  This extremely quickly
finds segfaults in Racket.  Here's a deterministic segfault with git

[samth at hermes:~/tmp] racket fuzz.rkt -s  1046626898 -f
DrDr Ignore! random-seed 1046626898
name: /home/samth/sw/plt/collects/redex/tests/compiled/lw-test-util_rkt.zo
SIGSEGV MAPERR si_code 1 fault on addr 0x616ec898

Here's how to traverse a bunch of files to find a segfault:
> racket fuzz.rkt -d ~/sw/plt/collects/redex/

I'll be adding this to the tree in the stress tests soon.

Thanks to Robby for advice on the code, and to Lars Hansen for the idea.
sam th
samth at ccs.neu.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fuzz.rkt
Type: application/octet-stream
Size: 1435 bytes
Desc: not available
URL: <http://lists.racket-lang.org/dev/archive/attachments/20101019/abbbb9ca/attachment.obj>

Posted on the dev mailing list.