diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 84b9f4e03be..5cd9028c067 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -102,14 +102,18 @@ path = "fuzz_targets/rome_format_tsx.rs" name = "rome_format_typescript" path = "fuzz_targets/rome_format_typescript.rs" +# enabling debug seems to cause a massive use of RAM (>12GB) [profile.release] -opt-level = 2 -debug = true +opt-level = 3 +#debug = true +debug = false [profile.dev] -opt-level = 2 -debug = true +opt-level = 3 +#debug = true +debug = false [profile.test] -opt-level = 2 -debug = true +opt-level = 3 +#debug = true +debug = false diff --git a/fuzz/README.md b/fuzz/README.md index 25ded63c66e..58efc1bb211 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -21,7 +21,7 @@ without it (very unlikely for the fuzzer to generate valid python code from "thi Once you have initialised the fuzzers, you can then execute any fuzzer with: ```bash -cargo fuzz run -s none name_of_fuzzer -- -timeout=1 +cargo fuzz run --strip-dead-code -s none name_of_fuzzer -- -timeout=1 ``` **Users using Apple M1 devices must use a nightly compiler and omit the `-s none` portion of this @@ -40,7 +40,7 @@ triggered with a smaller input. `cargo-fuzz` supports this out of the box with: ```bash -cargo fuzz tmin -s none name_of_fuzzer artifacts/name_of_fuzzer/crash-... +cargo fuzz tmin --strip-dead-code -s none name_of_fuzzer artifacts/name_of_fuzzer/crash-... ``` From here, you will need to analyse the input and potentially the behaviour of the program. @@ -116,4 +116,11 @@ preservation property of formatting. Of particular note: these fuzzers may have false negative results if e.g. two tokens are turned into one token and the reformatting result is the same. Unfortunately, we can't necessarily control for this because the formatter may reorganise the -sequence of tokens. \ No newline at end of file +sequence of tokens. + +## Errata + +Unfortunately, `--strip-dead-code` is necessary to build the target with a suitable amount of +memory. +This seems to be caused by some issue in LLVM, but I haven't been able to spend the time to +investigate this fully yet. diff --git a/fuzz/init-fuzzer.sh b/fuzz/init-fuzzer.sh index 984a5924fe2..e1e208c2777 100644 --- a/fuzz/init-fuzzer.sh +++ b/fuzz/init-fuzzer.sh @@ -24,7 +24,7 @@ if [ ! -d corpus/rome_format_all ]; then cp -r "../../../crates/rome_js_parser/test_data" . find . -name \*.rast -delete cd - - cargo fuzz cmin --features rome_all -s none rome_format_all + cargo fuzz cmin --strip-dead-code --features rome_all -s none rome_format_all fi if [ ! -d corpus/rome_format_json ]; then @@ -33,7 +33,7 @@ if [ ! -d corpus/rome_format_json ]; then cp -r "../../../crates/rome_json_parser/tests/json_test_suite" . find . -name \*.rast -delete cd - - cargo fuzz cmin -s none rome_format_json + cargo fuzz cmin --strip-dead-code -s none rome_format_json fi echo "Done! You are ready to fuzz." diff --git a/fuzz/reinit-fuzzer.sh b/fuzz/reinit-fuzzer.sh index a9215365afd..378ea0f0026 100644 --- a/fuzz/reinit-fuzzer.sh +++ b/fuzz/reinit-fuzzer.sh @@ -10,13 +10,13 @@ cd corpus/rome_format_all cp -r "../../../crates/rome_js_parser/test_data" . find . -name \*.rast -delete cd - -cargo fuzz cmin --features rome_all -s none rome_format_all +cargo fuzz cmin --strip-dead-code --features rome_all -s none rome_format_all mkdir -p corpus/rome_format_json cd corpus/rome_format_json cp -r "../../../crates/rome_json_parser/tests/json_test_suite" . find . -name \*.rast -delete cd - -cargo fuzz cmin -s none rome_format_json +cargo fuzz cmin --strip-dead-code -s none rome_format_json echo "Done! You are ready to fuzz."