Compiler crashes found with fuzzing

[rvantonder]

Remember to search before filing a new report

• I searched for this bug and did not find it in the issue tracker, and furthermore, the title I used above will make this new bug report turn up in the search results for my query.

Zig Version

0.9.0-dev.1583+a7d215759

Steps to Reproduce

Hi, I've been fuzzing the compiler and triaged a bunch of crashes on a recent version that I think you'll find interesting. I'm happy to create an issue for each of these (let me know) but for a start I figure it's easier if to just glance at the findings in this spreadsheet to find ones that might seem more important.

There are 13 unique ones here by my count. I've tried to minimize the programs where possible: https://docs.google.com/spreadsheets/d/1k79eqGpYgXAcwtDbHoIhUjezmlviZrV9M9ueL_JJJ5A/edit#gid=0.

To reproduce, just compile the programs in the second column with zig build-lib <file.zig>

I realize Zig is under heavy development, so don't want this to come across as something that general users are running into, and more as an "FYI these may interest you". These were found as part of a compiler fuzzing project.

Expected Behavior

Compiler probably shouldn't crash for these inputs.

Actual Behavior

Compiler crashes, see spreadsheet. Unfortunately, I don't have a recent development build to give detailed stack traces, but in many cases there isn't any revealing debug info anyway.

[andrewrk]

Hi, we're not ready for fuzz testing compilation yet. There are already enough known bugs that are affecting real world use cases that have not been solved yet. Only once the self-hosted compiler is finished, the language is stabilized, and the existing bugs have been mostly worked out, will it be time to report bugs found with fuzz testing.

There are however some areas that are ready for fuzz testing even now. Standard library APIs that implement something according to a specification are eligible, for example std.json or std.crypto. Or data structures and algorithms such as std.HashMap and std.sort.

[rvantonder]

Cool, makes sense. Again, this is very much "FYI". Something encouraging here is, it looks like two of my previous reports got fixed along the way 1 2 so I suspect more of this sort of thing will get fixed over time. Feel free to close if you think this is overwhelming the issue tracking / prioritization.

Cheers, will have a look at those other targets some time--they'll probably need some work to create harnesses first.

[marler8997]

Love it. I think this work will be great once Zig is ready for it!

[squeek502]

Just FYI, I also have a repository set up for fuzzing the Zig standard library (including the tokenizer/parser, but not the compiler as a whole) using AFL here:

https://github.com/squeek502/zig-std-lib-fuzzing