csmith-fuzzing/README.md - platform/external/rust/crates/bindgen - Git at Google

 # Fuzzing `bindgen` with `csmith`

 [`csmith`][csmith] generates random C and C++ programs that can be used as test
 cases for compilers. When testing `bindgen` with `csmith`, we interpret the
 generated programs as header files, and emit Rust bindings to them. If `bindgen`
 panics, the emitted bindings won't compile with `rustc`, or the generated layout
 tests in the bindings fail, then we report an issue containing the test case!

 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->


 - [Prerequisites](#prerequisites)
 - [Running the Fuzzer](#running-the-fuzzer)
 - [Reporting Issues](#reporting-issues)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->

 ## Prerequisites

 Requires `python3`, `csmith`, and `creduce` to be in `$PATH`.

 Many OS package managers have `csmith` and `creduce` packages:

 ```
 $ sudo apt install csmith creduce
 $ brew install csmith creduce
 $ # Etc...
 ```

 ## Running the Fuzzer

 Run `csmith` and test `bindgen` on the generated test cases with this command:

 ```
 $ ./driver.py
 ```

 The driver will keep running until it encounters an error in `bindgen`.

 Each invocation of `./driver.py` will use its own temporary directories, so
 running it in multiple terminals in parallel is supported.

 `csmith` is run with `--no-checksum --nomain --max-block-size 1
 --max-block-depth 1` which disables the `main` function, and makes function
 bodies as simple as possible as `bindgen` does not care about them, but they
 cannot be completely disabled in `csmith`. Run `csmith --help` to see what
 exactly those options do.

 ## Reporting Issues

 Once the fuzz driver finds a test case that causes some kind of error in
 `bindgen` or its emitted bindings, it is helpful to
 [run C-Reduce on the test case][creducing] to remove the parts that are
 irrelevant to reproducing the error. This is ***very*** helpful for the folks
 who further investigate the issue and come up with a fix!

 Additionally, mention that you discovered the issue via `csmith` and we will add
 the `A-csmith` label. You can find all the issues discovered with `csmith`, and
 related to fuzzing with `csmith`, by looking up
 [all issues tagged with the `A-csmith` label][csmith-issues].

 [csmith]: https://github.com/csmith-project/csmith
 [creducing]: ../CONTRIBUTING.md#using-creduce-to-minimize-test-cases
 [csmith-issues]: https://github.com/rust-lang/rust-bindgen/issues?q=label%3AA-csmith
	# Fuzzing `bindgen` with `csmith`

	[`csmith`][csmith] generates random C and C++ programs that can be used as test
	cases for compilers. When testing `bindgen` with `csmith`, we interpret the
	generated programs as header files, and emit Rust bindings to them. If `bindgen`
	panics, the emitted bindings won't compile with `rustc`, or the generated layout
	tests in the bindings fail, then we report an issue containing the test case!

	<!-- START doctoc generated TOC please keep comment here to allow auto update -->
	<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->


	- [Prerequisites](#prerequisites)
	- [Running the Fuzzer](#running-the-fuzzer)
	- [Reporting Issues](#reporting-issues)

	<!-- END doctoc generated TOC please keep comment here to allow auto update -->

	## Prerequisites

	Requires `python3`, `csmith`, and `creduce` to be in `$PATH`.

	Many OS package managers have `csmith` and `creduce` packages:

	```
	$ sudo apt install csmith creduce
	$ brew install csmith creduce
	$ # Etc...
	```

	## Running the Fuzzer

	Run `csmith` and test `bindgen` on the generated test cases with this command:

	```
	$ ./driver.py
	```

	The driver will keep running until it encounters an error in `bindgen`.

	Each invocation of `./driver.py` will use its own temporary directories, so
	running it in multiple terminals in parallel is supported.

	`csmith` is run with `--no-checksum --nomain --max-block-size 1
	--max-block-depth 1` which disables the `main` function, and makes function
	bodies as simple as possible as `bindgen` does not care about them, but they
	cannot be completely disabled in `csmith`. Run `csmith --help` to see what
	exactly those options do.

	## Reporting Issues

	Once the fuzz driver finds a test case that causes some kind of error in
	`bindgen` or its emitted bindings, it is helpful to
	[run C-Reduce on the test case][creducing] to remove the parts that are
	irrelevant to reproducing the error. This is *very* helpful for the folks
	who further investigate the issue and come up with a fix!

	Additionally, mention that you discovered the issue via `csmith` and we will add
	the `A-csmith` label. You can find all the issues discovered with `csmith`, and
	related to fuzzing with `csmith`, by looking up
	[all issues tagged with the `A-csmith` label][csmith-issues].

	[csmith]: https://github.com/csmith-project/csmith
	[creducing]: ../CONTRIBUTING.md#using-creduce-to-minimize-test-cases
	[csmith-issues]: https://github.com/rust-lang/rust-bindgen/issues?q=label%3AA-csmith