[racket-dev] fuzz testing the bytecode reader
Caveat Emptor: be wary of running code designed to produce random,
unsafe results if the computer you are running it on has any data you
really care about. Chances of catastrophic failure *should* be low,
but they may not be, and sometimes lightning does strike anyway.
Carl Eastlund
On Tue, Oct 19, 2010 at 4:42 PM, Sam Tobin-Hochstadt <samth at ccs.neu.edu> wrote:
> Earlier today, I wrote a simple fuzz tester for bytecode reading and
> evaluation. The code is attached. It takes an existing zo file, reads
> it in as bytes, randomly flips some small portion of the bits (0.1%),
> and then `read's and `eval's the results. This extremely quickly
> finds segfaults in Racket. Here's a deterministic segfault with git
> HEAD:
>
> [samth at hermes:~/tmp] racket fuzz.rkt -s 1046626898 -f
> ~/sw/plt/collects/redex/tests/compiled/lw-test-util_rkt.zo
> DrDr Ignore! random-seed 1046626898
> name: /home/samth/sw/plt/collects/redex/tests/compiled/lw-test-util_rkt.zo
> SIGSEGV MAPERR si_code 1 fault on addr 0x616ec898
> Aborted
>
> Here's how to traverse a bunch of files to find a segfault:
>> racket fuzz.rkt -d ~/sw/plt/collects/redex/
>
> I'll be adding this to the tree in the stress tests soon.
>
> Thanks to Robby for advice on the code, and to Lars Hansen for the idea.
> --
> sam th
> samth at ccs.neu.edu