mirror of
https://codeberg.org/ziglang/zig.git
synced 2026-05-31 13:27:43 +03:00
Kendall Condon
d8ba173e5e
- New Features -- Multiprocess Fuzzing The fuzzer now is able to utilize multiple cores. This is controllable with the `-j` build option. Limited fuzzing still uses one core. -- Fuzzing Infinite Mode When provided multiple tests, the fuzzer now switches between them and prioritizes the most effective and interesting ones. Over time already explored tests will become barely run compared to tests yielding new inputs. -- Crash Dumps Crashing inputs are now saved to a file indicated by the crash message. It is recommended to use these files to reproduce the crash using `std.testing.FuzzInputOptions.corpus` and @embedFile. - Design Each fuzzing process is assigned an instance id which has the following uses: * In conjunction with the pc hash and running test index, they uniquely identify input files in the case of a crash. * It is combined with the test seed for a unique rng seed. * Instance 0 is solely responsible for syncing the filesystem corpus. When new inputs are found, they are sent to the build server. It then distributes the new input to the other instances. Each instance has a concurrent poller managed by the test runner which sends received inputs to libfuzzer. (note that this is affected by #31718 and so can (rarely) deadlock) For fuzzing infinite mode, the test runner now receives a list of tests from the build server. The fuzzer runs tests in batches of one second, approximated in cycles by the previous batch's run speed. Tests finding new inputs or with few runs are given a higher run chance. The baseline run chance is based off the recency of the last find and the number of pcs the test has hit.
57 lines
2.2 KiB
Zig
57 lines
2.2 KiB
Zig
pub const Message = struct {
|
|
pub const Header = extern struct {
|
|
tag: Tag,
|
|
/// Size of the body only; does not include this Header.
|
|
bytes_len: u32,
|
|
};
|
|
|
|
pub const Tag = enum(u32) {
|
|
/// Tells the compiler to shut down cleanly.
|
|
/// No body.
|
|
exit,
|
|
/// Tells the compiler to detect changes in source files and update the
|
|
/// affected output compilation artifacts.
|
|
/// If one of the compilation artifacts is an executable that is
|
|
/// running as a child process, the compiler will wait for it to exit
|
|
/// before performing the update.
|
|
/// No body.
|
|
update,
|
|
/// Tells the compiler to execute the executable as a child process.
|
|
/// No body.
|
|
run,
|
|
/// Tells the compiler to detect changes in source files and update the
|
|
/// affected output compilation artifacts.
|
|
/// If one of the compilation artifacts is an executable that is
|
|
/// running as a child process, the compiler will perform a hot code
|
|
/// swap.
|
|
/// No body.
|
|
hot_update,
|
|
/// Ask the test runner for metadata about all the unit tests that can
|
|
/// be run. Server will respond with a `test_metadata` message.
|
|
/// No body.
|
|
query_test_metadata,
|
|
/// Ask the test runner to run a particular test.
|
|
/// The message body is a u32 test index.
|
|
run_test,
|
|
/// Ask the test runner to start fuzzing a set of test forever or each for a given amount of
|
|
/// iterations. After this is sent, the only allowed message is `new_fuzz_input`.
|
|
///
|
|
/// The message body is:
|
|
/// - a u8 test limit kind (std.Build.api.fuzz.LimitKind)
|
|
/// - a u64 value whose meaning depends on FuzzLimitKind (either a limit amount or an instance id)
|
|
/// - a u32 number of tests followed by n elements of
|
|
/// - a u32 test name len.
|
|
/// - a test name with the above length
|
|
start_fuzzing,
|
|
/// The message body has the same format as in Server.
|
|
new_fuzz_input,
|
|
|
|
_,
|
|
};
|
|
|
|
comptime {
|
|
const std = @import("std");
|
|
std.debug.assert(@sizeOf(std.Build.abi.fuzz.LimitKind) == 1);
|
|
}
|
|
};
|