Home Explore Blog CI



rustc
2nd chunk of `src/fuzzing.md`
0d99ecae7083117b70611cd30903c94d5944e4c102fad9e80000000100000834
query stack during panic:
#0 [fn_abi_of_instance] computing call ABI of `<[closure@src/main.rs:36:25: 36:28] as core::ops::function::FnOnce<(Emplacable<()>,)>>::call_once - shim(vtable)`
end of query stack
```
```
query stack during panic:
#0 [check_mod_attrs] checking attributes in top-level module
#1 [analysis] running analysis passes on this crate
end of query stack
```


## Building a corpus

When building a corpus, be sure to avoid collecting tests that are already
known to crash rustc. A fuzzer that is seeded with such tests is more likely to
generate bugs with the same root cause, wasting everyone's time. The simplest
way to avoid this is to loop over each file in the corpus, see if it causes an
ICE, and remove it if so.

To build a corpus, you may want to use:

- The rustc/rust-analyzer/clippy test suites (or even source code) --- though avoid
  tests that are already known to cause failures, which often begin with comments
  like `//@ failure-status: 101` or `//@ known-bug: #NNN`.
- The already-fixed ICEs in the archived [Glacier][glacier] repository --- though
  avoid the unfixed ones in `ices/`!


## Extra credit

Here are a few things you can do to help the Rust project after filing an ICE.

- [Bisect][bisect] the bug to figure out when it was introduced.
  If you find the regressing PR / commit, you can mark the issue with the label
  `S-has-bisection`. If not, consider applying `E-needs-bisection` instead.
- Fix "distractions": problems with the test case that don't contribute to
  triggering the ICE, such as syntax errors or borrow-checking errors
- Minimize the test case (see below). If successful, you can label the
  issue with `S-has-mcve`. Otherwise, you can apply `E-needs-mcve`.
- Add the minimal test case to the rust-lang/rust repo as a [crashes test].
  While you're at it, consider including other "untracked" crashes in your PR.
  Please don't forget to mark your issue with `S-bug-has-test` afterwards.

See also [applying and removing labels][labeling].


## Minimization

It is helpful to carefully *minimize* the fuzzer-generated input. When
Title: Corpus Building and Extra Credit for Fuzzing
Summary
The passage discusses how to build a corpus for fuzzing rustc, emphasizing the avoidance of tests already known to crash the compiler. It suggests using rustc, rust-analyzer, and clippy test suites, while excluding those with known failures. It also recommends leveraging the Glacier repository's archived fixed ICEs. Additionally, it outlines extra steps to aid the Rust project post-ICE filing, including bisecting, fixing distractions, minimizing test cases, and adding them as crashes tests.