csmith generates random C and C++ programs that can be used as test cases for compilers. When testing
csmith, we interpret the generated programs as header files, and emit Rust bindings to them. If
bindgen panics, the emitted bindings won't compile with
rustc, or the generated layout tests in the bindings fail, then we report an issue containing the test case!
creduce to be in
Many OS package managers have
$ sudo apt install csmith creduce $ brew install csmith creduce $ # Etc...
csmith and test
bindgen on the generated test cases with this command:
The driver will keep running until it encounters an error in
Each invocation of
./driver.py will use its own temporary directories, so running it in multiple terminals in parallel is supported.
csmith is run with
--no-checksum --nomain --max-block-size 1 --max-block-depth 1 which disables the
main function, and makes function bodies as simple as possible as
bindgen does not care about them, but they cannot be completely disabled in
csmith --help to see what exactly those options do.
Once the fuzz driver finds a test case that causes some kind of error in
bindgen or its emitted bindings, it is helpful to run C-Reduce on the test case to remove the parts that are irrelevant to reproducing the error. This is very helpful for the folks who further investigate the issue and come up with a fix!
Additionally, mention that you discovered the issue via
csmith and we will add the
A-csmith label. You can find all the issues discovered with
csmith, and related to fuzzing with
csmith, by looking up all issues tagged with the