Run loom tests in oss-fuzz #6208
Labels
A-ci
Area: The continuous integration setup
A-tokio
Area: The main tokio crate
E-hard
Call for participation: Experience needed to fix: Hard / a lot
E-help-wanted
Call for participation: Help is requested to fix this issue.
Comments
Darksonn
added
E-help-wanted
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We already have a few fuzz tests running in oss-fuzz, but it's pretty minimal (see #5391). I think a really good candidate for expanding our fuzz test coverage would be our loom tests.
Loom normally runs the model checker exhaustively, but if the model becomes too large to do that, you can use the
LOOM_MAX_PREEMPTIONSandLOOM_MAX_BRANCHESoptions to reduce the search space (see large models). And in the Tokio CI, we have to enable those settings:tokio/.github/workflows/loom.yml
Lines 14 to 20 in 92a3455
To close this gap, we would like to set up our loom tests to accept data as input that determines which execution loom should try, and use that to turn them into fuzz tests that we can run in Google's oss-fuzz program.
Closing this issue will probably involve changes to both loom, Tokio's codebase, and our CI setup. I imagine that the changes to loom will amount to adjusting the existing checkpoint debugging feature.
For mentoring, please ask in Tokio's discord server. You can use the #tokio-dev channel or contact me directly.
The text was updated successfully, but these errors were encountered: