1 //! A library to generate __fuzzed__ C headers for use with `quickcheck`
2 //!
3 //! ## Example
4 //!
5 //! ```rust
6 //! use quickcheck::{Arbitrary, Gen};
7 //! use quickchecking::fuzzers;
8 //!
9 //! fn main() {
10 //! let generate_range: usize = 10; // Determines things like the length of
11 //! // arbitrary vectors generated.
12 //! let header = fuzzers::HeaderC::arbitrary(
13 //! &mut Gen::new(generate_range));
14 //! println!("{}", header);
15 //! }
16 //! ```
17 #![deny(missing_docs)]
18
19 use quickcheck::{Gen, QuickCheck, TestResult};
20 use std::error::Error;
21 use std::fs::File;
22 use std::io::Write;
23 use std::path::{Path, PathBuf};
24 use std::process::{Command, Output};
25 use std::sync::Mutex;
26 use tempfile::Builder;
27
28 /// Contains definitions of and impls for types used to fuzz C declarations.
29 pub mod fuzzers;
30
31 // Global singleton, manages context across tests. For now that context is
32 // only the output_path for inspecting fuzzed headers (if specified).
33 struct Context {
34 output_path: Option<String>,
35 }
36
37 // Initialize global context.
38 static CONTEXT: Mutex<Context> = Mutex::new(Context { output_path: None });
39
40 // Passes fuzzed header to the `csmith-fuzzing/predicate.py` script, returns
41 // output of the associated command.
run_predicate_script( header: fuzzers::HeaderC, ) -> Result<Output, Box<dyn Error>>42 fn run_predicate_script(
43 header: fuzzers::HeaderC,
44 ) -> Result<Output, Box<dyn Error>> {
45 let dir = Builder::new().prefix("bindgen_prop").tempdir()?;
46 let header_path = dir.path().join("prop_test.h");
47
48 let mut header_file = File::create(&header_path)?;
49 header_file.write_all(header.to_string().as_bytes())?;
50 header_file.sync_all()?;
51
52 let header_path_string = header_path
53 .into_os_string()
54 .into_string()
55 .map_err(|_| "error converting path into String")?;
56
57 let mut predicate_script_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
58 predicate_script_path.push("../../csmith-fuzzing/predicate.py");
59
60 let predicate_script_path_string = predicate_script_path
61 .into_os_string()
62 .into_string()
63 .map_err(|_| "error converting path into String")?;
64
65 // Copy generated temp files to output_path directory for inspection.
66 // If `None`, output path not specified, don't copy.
67 if let Some(ref path) = CONTEXT.lock().unwrap().output_path {
68 Command::new("cp")
69 .arg("-a")
70 .arg(dir.path().to_str().unwrap())
71 .arg(path)
72 .output()?;
73 }
74
75 Ok(Command::new(predicate_script_path_string)
76 .arg(&header_path_string)
77 .output()?)
78 }
79
80 // Generatable property. Pass generated headers off to run through the
81 // `csmith-fuzzing/predicate.py` script. Success is measured by the success
82 // status of that command.
bindgen_prop(header: fuzzers::HeaderC) -> TestResult83 fn bindgen_prop(header: fuzzers::HeaderC) -> TestResult {
84 match run_predicate_script(header) {
85 Ok(o) => TestResult::from_bool(o.status.success()),
86 Err(e) => {
87 println!("{:?}", e);
88 TestResult::from_bool(false)
89 }
90 }
91 }
92
93 /// Instantiate a Quickcheck object and use it to run property tests using
94 /// fuzzed C headers generated with types defined in the `fuzzers` module.
95 /// Success/Failure is dictated by the result of passing the fuzzed headers
96 /// to the `csmith-fuzzing/predicate.py` script.
test_bindgen( generate_range: usize, tests: u64, output_path: Option<&Path>, )97 pub fn test_bindgen(
98 generate_range: usize,
99 tests: u64,
100 output_path: Option<&Path>,
101 ) {
102 if let Some(path) = output_path {
103 CONTEXT.lock().unwrap().output_path = Some(path.display().to_string());
104 }
105
106 QuickCheck::new()
107 .tests(tests)
108 .gen(Gen::new(generate_range))
109 .quickcheck(bindgen_prop as fn(fuzzers::HeaderC) -> TestResult)
110 }
111