You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/fuzzing.md
+15-14Lines changed: 15 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,8 +5,8 @@
5
5
For the purposes of this guide, *fuzzing* is any testing methodology that
6
6
involves compiling a wide variety of programs in an attempt to uncover bugs in rustc.
7
7
Fuzzing is often used to find internal compiler errors (ICEs).
8
-
Fuzzing can be beneficial, because it can find bugs before users run into them and
9
-
provide small, self-contained programs that make the bug easier to track down.
8
+
Fuzzing can be beneficial, because it can find bugs before users run into them.
9
+
It also provides small, self-contained programs that make the bug easier to track down.
10
10
However, some common mistakes can reduce the helpfulness of fuzzing and end up
11
11
making contributors' lives harder.
12
12
To maximize your positive impact on the Rust
@@ -22,7 +22,7 @@ project, please read this guide before reporting fuzzer-generated bugs!
22
22
- Include a reasonably minimal, standalone example along with any bug report
23
23
- Include all of the information requested in the bug report template
24
24
- Search for existing reports with the same message and query stack
25
-
- Format the test case with `rustfmt`, if it maintains the bug
25
+
- Format the test case with `rustfmt`
26
26
- Indicate that the bug was found by fuzzing
27
27
28
28
*Please don't:*
@@ -36,15 +36,17 @@ project, please read this guide before reporting fuzzer-generated bugs!
36
36
If you're not sure whether or not an ICE is a duplicate of one that's already
37
37
been reported, please go ahead and report it and link to issues you think might be related.
38
38
In general, ICEs on the same line but with different *query stacks* are usually distinct bugs.
39
-
For example, [#109020][#109020] and [#109129][#109129] had similar error messages:
39
+
For example, [#109020] and [#109129] had similar error messages:
40
40
41
41
```
42
42
error: internal compiler error: compiler/rustc_middle/src/ty/normalize_erasing_regions.rs:195:90: Failed to normalize <[closure@src/main.rs:36:25: 36:28] as std::ops::FnOnce<(Emplacable<()>,)>>::Output, maybe try to call `try_normalize_erasing_regions` instead
43
43
```
44
+
44
45
```
45
46
error: internal compiler error: compiler/rustc_middle/src/ty/normalize_erasing_regions.rs:195:90: Failed to normalize <() as Project>::Assoc, maybe try to call `try_normalize_erasing_regions` instead
46
47
```
47
-
but different query stacks:
48
+
49
+
However, they have different query stacks:
48
50
```
49
51
query stack during panic:
50
52
#0 [fn_abi_of_instance] computing call ABI of `<[closure@src/main.rs:36:25: 36:28] as core::ops::function::FnOnce<(Emplacable<()>,)>>::call_once - shim(vtable)`
@@ -64,7 +66,7 @@ end of query stack
64
66
65
67
When building a corpus, be sure to avoid collecting tests that are already known to crash rustc.
66
68
A fuzzer that is seeded with such tests is more likely to
67
-
generate bugs with the same root cause, wasting everyone's time.
69
+
generate bugs with the same root cause.
68
70
The simplest way to avoid this is to loop over each file in the corpus, see if it causes an
69
71
ICE, and remove it if so.
70
72
@@ -73,14 +75,14 @@ To build a corpus, you may want to use:
73
75
- The rustc/rust-analyzer/clippy test suites (or even source code) --- though avoid
74
76
tests that are already known to cause failures, which often begin with comments
75
77
like `//@ failure-status: 101` or `//@ known-bug: #NNN`.
76
-
- The already-fixed ICEs in the archived [Glacier][glacier] repository --- though
78
+
- The already-fixed ICEs in the archived [Glacier] repository --- though
77
79
avoid the unfixed ones in `ices/`!
78
80
79
81
[glacier]: https://github.com/rust-lang/glacier
80
82
81
83
## Extra credit
82
84
83
-
Here are a few things you can do to help the Rust project after filing an ICE.
85
+
Here are a few things you can do to help the Rust project after filing an ICE:
84
86
85
87
-[Bisect][bisect] the bug to figure out when it was introduced.
86
88
If you find the regressing PR / commit, you can mark the issue with the label `S-has-bisection`.
@@ -135,19 +137,18 @@ Of course, it's best to try multiple build configurations and see
135
137
what actually results in superior throughput.
136
138
137
139
You may want to build rustc from source with debug assertions to find
138
-
additional bugs, though this is a trade-off: it can slow down fuzzing by
140
+
additional bugs, though this can slow down fuzzing by
139
141
requiring extra work for every execution.
140
142
To enable debug assertions, add this to `bootstrap.toml` when compiling rustc:
141
143
142
144
```toml
143
-
[rust]
144
-
debug-assertions = true
145
+
rust.debug-assertions = true
145
146
```
146
147
147
-
ICEs that require debug assertions to reproduce should be tagged
0 commit comments