[racket-dev] fuzz testing the bytecode reader

From: Carl Eastlund (cce at ccs.neu.edu)
Date: Tue Oct 19 16:51:25 EDT 2010

Caveat Emptor: be wary of running code designed to produce random,
unsafe results if the computer you are running it on has any data you
really care about.  Chances of catastrophic failure *should* be low,
but they may not be, and sometimes lightning does strike anyway.

Carl Eastlund

On Tue, Oct 19, 2010 at 4:42 PM, Sam Tobin-Hochstadt <samth at ccs.neu.edu> wrote:
> Earlier today, I wrote a simple fuzz tester for bytecode reading and
> evaluation. The code is attached.  It takes an existing zo file, reads
> it in as bytes, randomly flips some small portion of the bits (0.1%),
> and then `read's and `eval's the results.  This extremely quickly
> finds segfaults in Racket.  Here's a deterministic segfault with git
> [samth at hermes:~/tmp] racket fuzz.rkt -s  1046626898 -f
> ~/sw/plt/collects/redex/tests/compiled/lw-test-util_rkt.zo
> DrDr Ignore! random-seed 1046626898
> name: /home/samth/sw/plt/collects/redex/tests/compiled/lw-test-util_rkt.zo
> SIGSEGV MAPERR si_code 1 fault on addr 0x616ec898
> Aborted
> Here's how to traverse a bunch of files to find a segfault:
>> racket fuzz.rkt -d ~/sw/plt/collects/redex/
> I'll be adding this to the tree in the stress tests soon.
> Thanks to Robby for advice on the code, and to Lars Hansen for the idea.
> --
> sam th
> samth at ccs.neu.edu

Posted on the dev mailing list.