ziglang/zig
261
5.9k
Fork
You've already forked zig
763

rework fuzz testing to be smith based #31205

Merged
andrewrk merged 6 commits from gooncreeper/zig:integrated-smith into master 2026年02月25日 20:23:39 +01:00
Contributor
Copy link

Closes https://github.com/ziglang/zig/issues/25281
Closes https://github.com/ziglang/zig/issues/20816
Closes #30797
Migrated from https://github.com/ziglang/zig/pull/25893 (conflicts, edits)

On the standard library side:

The input: []const u8 parameter of functions passed to testing.fuzz has changed to smith: *testing.Smith. Smith is used to generate values from libfuzzer or input bytes generated by libfuzzer.

Smith contains the following base methods:

  • value as a generic method for generating any type
  • eos for generating end-of-stream markers. Provides the additional guarantee true will eventually by provided.
  • bytes for filling a byte array.
  • slice for filling part of a buffer and providing the length.

Smith.Weight is used for giving value ranges a higher probability of being selected. By default, every value has a weight of zero (i.e. they will not be selected). Weights can only apply to values that fit within a u64. The above functions have corresponding ones that accept weights. Additionally, the following functions are provided:

  • baselineWeights which provides a set of weights containing every possible value of a type.
  • eosSimpleWeighted for unique weights for true and false
  • valueRangeAtMost and valueRangeLessThan for weighing only a range of values.

On the libfuzzer and abi side:

Uids

These are u32s which are used to classify requested values. This solves the problem of a mutation causing a new value to be requested and shifting all future values; for example:

  1. An initial input contains the values 1, 2, 3 which are interpreted as a, b, and c respectively by the test.
  2. The 1 is mutated to a 4 which causes the test to request an extra value interpreted as d. The input is now 4, 2, 3, 5 (new value) which the test corresponds to a, d, b, c; however, b and c no longer correspond to their original values.

Uids contain a hash component and type component. The hash component is currently determined in Smith by taking a hash of the calling @returnAddress() or via an argument in the corresponding WithHash functions. The type component is used extensively in libfuzzer with its hashmaps.

Mutations

At the start of a cycle (a run), a random number of values to mutate is selected with less being exponentially more likely. The indexes of the values are selected from a selected uid with a logarithmic bias to uids with more values.

Mutations may change a single values, several consecutive values in a uid, or several consecutive values in the uid-independent order they were requested. They may generate random values, mutate from previous ones, or copy from other values in the same uid from the same input or spliced from another.

For integers, mutations from previous ones currently only generates random values. For bytes, mutations from previous mix new random data and previous bytes with a set number of mutations.

Passive Minimization

A different approach has been taken for minimizing inputs: instead of trying a fixed set of mutations when a fresh input is found, the input is instead simply added to the corpus and removed when it is no longer valuable.

The quality of an input is measured based off how many unique pcs it hit and how many values it needed from the fuzzer. It is tracked which inputs hold the best qualities for each pc for hitting the minimum and maximum unique pcs while needing the least values.

Once all an input's qualities have been superseded for the pcs it hit, it is removed from the corpus.

Comparison to byte-based smith

A byte-based smith would be much more inefficient and complex than this solution. It would be unable to solve the shifting problem that Uids do. It is unable to provide values from the fuzzer past end-of-stream. Even with feedback, it would be unable to act on dynamic weights which have proven essential with the updated tests (e.g. to constrain values to a range).

Test updates

All the standard library tests have been updated to use the new smith interface. For Deque, an ad hoc allocator was written to improve performance and remove reliance on heap allocation. TokenSmith has been added to aid in testing Ast and help inform decisions on the smith interface.

Closes https://github.com/ziglang/zig/issues/25281 Closes https://github.com/ziglang/zig/issues/20816 Closes #30797 Migrated from https://github.com/ziglang/zig/pull/25893 (conflicts, edits) ## On the standard library side: The `input: []const u8` parameter of functions passed to `testing.fuzz` has changed to `smith: *testing.Smith`. `Smith` is used to generate values from libfuzzer or input bytes generated by libfuzzer. `Smith` contains the following base methods: * `value` as a generic method for generating any type * `eos` for generating end-of-stream markers. Provides the additional guarantee `true` will eventually by provided. * `bytes` for filling a byte array. * `slice` for filling part of a buffer and providing the length. `Smith.Weight` is used for giving value ranges a higher probability of being selected. By default, every value has a weight of zero (i.e. they will not be selected). Weights can only apply to values that fit within a u64. The above functions have corresponding ones that accept weights. Additionally, the following functions are provided: * `baselineWeights` which provides a set of weights containing every possible value of a type. * `eosSimpleWeighted` for unique weights for `true` and `false` * `valueRangeAtMost` and `valueRangeLessThan` for weighing only a range of values. ## On the libfuzzer and abi side: ### Uids These are u32s which are used to classify requested values. This solves the problem of a mutation causing a new value to be requested and shifting all future values; for example: 1. An initial input contains the values 1, 2, 3 which are interpreted as a, b, and c respectively by the test. 2. The 1 is mutated to a 4 which causes the test to request an extra value interpreted as d. The input is now 4, 2, 3, 5 (new value) which the test corresponds to a, d, b, c; however, b and c no longer correspond to their original values. Uids contain a hash component and type component. The hash component is currently determined in `Smith` by taking a hash of the calling `@returnAddress()` or via an argument in the corresponding `WithHash` functions. The type component is used extensively in libfuzzer with its hashmaps. ### Mutations At the start of a cycle (a run), a random number of values to mutate is selected with less being exponentially more likely. The indexes of the values are selected from a selected uid with a logarithmic bias to uids with more values. Mutations may change a single values, several consecutive values in a uid, or several consecutive values in the uid-independent order they were requested. They may generate random values, mutate from previous ones, or copy from other values in the same uid from the same input or spliced from another. For integers, mutations from previous ones currently only generates random values. For bytes, mutations from previous mix new random data and previous bytes with a set number of mutations. ### Passive Minimization A different approach has been taken for minimizing inputs: instead of trying a fixed set of mutations when a fresh input is found, the input is instead simply added to the corpus and removed when it is no longer valuable. The quality of an input is measured based off how many unique pcs it hit and how many values it needed from the fuzzer. It is tracked which inputs hold the best qualities for each pc for hitting the minimum and maximum unique pcs while needing the least values. Once all an input's qualities have been superseded for the pcs it hit, it is removed from the corpus. ## Comparison to byte-based smith A byte-based smith would be much more inefficient and complex than this solution. It would be unable to solve the shifting problem that Uids do. It is unable to provide values from the fuzzer past end-of-stream. Even with feedback, it would be unable to act on dynamic weights which have proven essential with the updated tests (e.g. to constrain values to a range). ## Test updates All the standard library tests have been updated to use the new smith interface. For `Deque`, an ad hoc allocator was written to improve performance and remove reliance on heap allocation. `TokenSmith` has been added to aid in testing Ast and help inform decisions on the smith interface.
The end of the archive needs to also be aligned to a two-byte boundary,
not just the start of records. This was causing lld to reject archives.
Notably, this was happening with compiler_rt when rebuilding in fuzz
mode, which is why this commit is included in this patchset.
The motivation is that libfuzzer is slow in Debug mode and bugs usually
manifest late into fuzzing, which makes testing it in ReleaseSafe
useful.
Runs only one configuration suitable for fuzzing.

Thanks for refreshing this

Thanks for refreshing this
Contributor
Copy link

Hi thanks for these changes, I saw in file zig/lib/std/deque.zig line 661 and a few lines after there is still reference to random that should be smith maybe

Hi thanks for these changes, I saw in file `zig/lib/std/deque.zig` line 661 and a few lines after there is still reference to random that should be smith maybe
gooncreeper force-pushed integrated-smith from ce058c8f3b
Some checks failed
ci / powerpc64le-linux-debug (pull_request) Waiting to run
ci / powerpc64le-linux-release (pull_request) Waiting to run
ci / riscv64-linux-debug (pull_request) Waiting to run
ci / riscv64-linux-release (pull_request) Waiting to run
ci / s390x-linux-debug (pull_request) Waiting to run
ci / s390x-linux-release (pull_request) Waiting to run
ci / x86_64-linux-debug (pull_request) Waiting to run
ci / x86_64-linux-debug-llvm (pull_request) Waiting to run
ci / x86_64-linux-release (pull_request) Waiting to run
ci / x86_64-windows-debug (pull_request) Failing after 2s
ci / x86_64-windows-release (pull_request) Failing after 2s
ci / aarch64-macos-release (pull_request) Failing after 3m45s
ci / aarch64-macos-debug (pull_request) Failing after 4m7s
ci / x86_64-netbsd-debug (pull_request) Failing after 7m13s
ci / x86_64-freebsd-debug (pull_request) Failing after 3m7s
ci / x86_64-netbsd-release (pull_request) Failing after 5m6s
ci / x86_64-freebsd-release (pull_request) Failing after 3m53s
ci / aarch64-linux-debug (pull_request) Failing after 8m19s
ci / aarch64-linux-release (pull_request) Failing after 6m5s
ci / x86_64-openbsd-debug (pull_request) Failing after 5m41s
ci / x86_64-openbsd-release (pull_request) Failing after 3m23s
to 5d58306162
All checks were successful
ci / x86_64-freebsd-release (pull_request) Successful in 30m32s
ci / x86_64-netbsd-release (pull_request) Successful in 32m18s
ci / x86_64-freebsd-debug (pull_request) Successful in 38m53s
ci / aarch64-macos-release (pull_request) Successful in 40m13s
ci / x86_64-openbsd-release (pull_request) Successful in 42m6s
ci / x86_64-netbsd-debug (pull_request) Successful in 42m37s
ci / x86_64-openbsd-debug (pull_request) Successful in 51m17s
ci / aarch64-macos-debug (pull_request) Successful in 1h1m55s
ci / aarch64-linux-release (pull_request) Successful in 1h28m25s
ci / aarch64-linux-debug (pull_request) Successful in 2h15m51s
ci / x86_64-linux-debug (pull_request) Successful in 1h28m26s
ci / x86_64-windows-release (pull_request) Successful in 54m8s
ci / x86_64-windows-debug (pull_request) Successful in 1h3m26s
ci / s390x-linux-debug (pull_request) Successful in 2h3m45s
ci / s390x-linux-release (pull_request) Successful in 1h45m35s
ci / x86_64-linux-release (pull_request) Successful in 2h16m8s
ci / powerpc64le-linux-release (pull_request) Successful in 1h33m13s
ci / x86_64-linux-debug-llvm (pull_request) Successful in 3h47m49s
ci / powerpc64le-linux-debug (pull_request) Successful in 3h17m54s
ci / riscv64-linux-debug (pull_request) Has been skipped
ci / riscv64-linux-release (pull_request) Has been skipped
2026年02月14日 04:13:03 +01:00
Compare
Author
Contributor
Copy link

@grimtyr wrote in #31205 (comment):

Hi thanks for these changes, I saw in file zig/lib/std/deque.zig line 661 and a few lines after there is still reference to random that should be smith maybe

Thanks, I updated it.

@grimtyr wrote in https://codeberg.org/ziglang/zig/pulls/31205#issuecomment-10571070: > Hi thanks for these changes, I saw in file `zig/lib/std/deque.zig` line 661 and a few lines after there is still reference to random that should be smith maybe Thanks, I updated it.
Contributor
Copy link

I tried the zig init default fuzz test, But it gives an error, I don't know if that was intended or if its a bug, I tried to reproduce it normally with this code but It's able to resize the array normally while the fuzz test cannot:

pubfnmain(init:std.process.Init)!void{constgpa=init.gpa;varlist:std.ArrayList(u8)=.empty;deferlist.deinit(gpa);varslice=trylist.addManyAsSlice(gpa,108);fillBytes(slice);slice=trylist.addManyAsSlice(gpa,18);fillBytes(slice);slice=trylist.addManyAsSlice(gpa,8);fillBytes(slice);constlen=14;constoff=83;constitems=list.items[off..][0..len];std.debug.print("llen:len:off:arr\n",.{});std.debug.print("{d:>4}:{d:>3}:{d:>3}:{any:>3}:{any:>3}\n",.{list.items.len,len,off,list.items[off..][0..len],list.items[list.items.len-len..],});trylist.appendSlice(gpa,items);}

fuzz test:

fntestOne(context:void,smith:*std.testing.Smith)!void{_=context;// Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!constgpa=std.testing.allocator;varlist:std.ArrayList(u8)=.empty;deferlist.deinit(gpa);while(!smith.eos())switch(smith.value(enum{add_data,dup_data})){.add_data=>{constslice=trylist.addManyAsSlice(gpa,smith.value(u4));smith.bytes(slice);},.dup_data=>{if(list.items.len==0)continue;if(list.items.len>std.math.maxInt(u32))returnerror.SkipZigTest;constlen=smith.valueRangeAtMost(u32,1,@min(32,list.items.len));constoff=smith.valueRangeAtMost(u32,0,@intCast(list.items.len-len));trylist.appendSlice(gpa,list.items[off..][0..len]);trystd.testing.expectEqualSlices(u8,list.items[off..][0..len],list.items[list.items.len-len..],);},};}

The error:

test
└─ run test failure
Segmentation fault at address 0x7f73bd160053
/home/grimtyr/personal/src/zig-gt/lib/compiler_rt/memcpy.zig:170:17: 0x129a922 in copyFixedLength (compiler_rt)
 d[i] = s[i];
 ^
/home/grimtyr/personal/src/zig-gt/lib/std/array_list.zig:985:42: 0x11cdee5 in appendSliceAssumeCapacity (std.zig)
 @memcpy(self.items[old_len..][0..items.len], items);
 ^
/home/grimtyr/personal/src/zig-gt/lib/std/array_list.zig:974:43: 0x11ca7ff in appendSlice (std.zig)
 self.appendSliceAssumeCapacity(items);
 ^
/tmp/tmp.mCQ89m2R6Y/src/main.zig:113:33: 0x11c96f1 in testOne (main.zig)
 try list.appendSlice(gpa, list.items[off..][0..len]);
 ^
/home/grimtyr/personal/src/zig-gt/lib/compiler/test_runner.zig:414:20: 0x11c53fb in test_one (test_runner.zig)
 testOne(ctx, @constCast(&testing.Smith{ .in = null })) catch |err| switch (err) {
 ^
/home/grimtyr/personal/src/zig-gt/lib/fuzzer.zig:1006:19: 0x12644aa in run (fuzzer)
 f.test_one();
 ^
/home/grimtyr/personal/src/zig-gt/lib/compiler/test_runner.zig:440:33: 0x11c5064 in fuzz__anon_28825 (test_runner.zig)
 fuzz_abi.fuzzer_set_test(&global.test_one, .fromSlice(builtin.test_functions[fuzz_test_index].name));
 ^
/home/grimtyr/personal/src/zig-gt/lib/std/testing.zig:1218:32: 0x11c4dad in fuzz (main.zig)
 return @import("root").fuzz(context, testOne, options);
 ^
/home/grimtyr/personal/src/zig-gt/lib/compiler/test_runner.zig:197:29: 0x11f8dab in mainServer (test_runner.zig)
 test_fn.func() catch |err| switch (err) {
 ^
/home/grimtyr/personal/src/zig-gt/lib/compiler/test_runner.zig:68:26: 0x11f9e10 in main (test_runner.zig)
 return mainServer(init) catch @panic("internal test runner failure");
 ^
/home/grimtyr/personal/src/zig-gt/lib/std/start.zig:678:88: 0x11f4ec6 in callMain (std.zig)
 if (fn_info.params[0].type.? == std.process.Init.Minimal) return wrapMain(root.main(.{
 ^
/home/grimtyr/personal/src/zig-gt/lib/std/start.zig:190:5: 0x11f48d1 in _start (std.zig)
 asm volatile (switch (native_arch) {
 ^
error: test process unexpectedly terminated with signal ABRT
failed command: ./.zig-cache/o/31f8e5f39c60eac47c06b104bc067bea/test --cache-dir=./.zig-cache --seed=0x5f5b0eaf --listen=-
======= FUZZING REPORT =======
error: step 'run test': corrupted coverage file '.zig-cache/v/59e4bde28e630904': pcs_len was zero
error: the following build command failed with exit code 1:
.zig-cache/o/f8784b54cbaed93e4a12c6a611e7a16c/build /home/grimtyr/personal/src/zig-gt/build/stage4/bin/zig /home/grimtyr/personal/src/zig-gt/lib /tmp/tmp.mCQ89m2R6Y .zig-cache /home/grimtyr/.cache/zig --seed 0x5f5b0eaf -Z94002b71308a2e70 test --fuzz=100K
I tried the `zig init` default fuzz test, But it gives an error, I don't know if that was intended or if its a bug, I tried to reproduce it normally with this code but It's able to resize the array normally while the fuzz test cannot: ```zig pub fn main(init: std.process.Init) !void { const gpa = init.gpa; var list: std.ArrayList(u8) = .empty; defer list.deinit(gpa); var slice = try list.addManyAsSlice(gpa, 108); fillBytes(slice); slice = try list.addManyAsSlice(gpa, 18); fillBytes(slice); slice = try list.addManyAsSlice(gpa, 8); fillBytes(slice); const len = 14; const off = 83; const items = list.items[off..][0..len]; std.debug.print("llen:len:off:arr\n", .{}); std.debug.print("{d:>4}:{d:>3}:{d:>3}:{any:>3}:{any:>3}\n", .{ list.items.len, len, off, list.items[off..][0..len], list.items[list.items.len - len ..], }); try list.appendSlice(gpa, items); } ``` fuzz test: ```zig fn testOne(context: void, smith: *std.testing.Smith) !void { _ = context; // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case! const gpa = std.testing.allocator; var list: std.ArrayList(u8) = .empty; defer list.deinit(gpa); while (!smith.eos()) switch (smith.value(enum { add_data, dup_data })) { .add_data => { const slice = try list.addManyAsSlice(gpa, smith.value(u4)); smith.bytes(slice); }, .dup_data => { if (list.items.len == 0) continue; if (list.items.len > std.math.maxInt(u32)) return error.SkipZigTest; const len = smith.valueRangeAtMost(u32, 1, @min(32, list.items.len)); const off = smith.valueRangeAtMost(u32, 0, @intCast(list.items.len - len)); try list.appendSlice(gpa, list.items[off..][0..len]); try std.testing.expectEqualSlices( u8, list.items[off..][0..len], list.items[list.items.len - len ..], ); }, }; } ``` The error: ```shell test └─ run test failure Segmentation fault at address 0x7f73bd160053 /home/grimtyr/personal/src/zig-gt/lib/compiler_rt/memcpy.zig:170:17: 0x129a922 in copyFixedLength (compiler_rt) d[i] = s[i]; ^ /home/grimtyr/personal/src/zig-gt/lib/std/array_list.zig:985:42: 0x11cdee5 in appendSliceAssumeCapacity (std.zig) @memcpy(self.items[old_len..][0..items.len], items); ^ /home/grimtyr/personal/src/zig-gt/lib/std/array_list.zig:974:43: 0x11ca7ff in appendSlice (std.zig) self.appendSliceAssumeCapacity(items); ^ /tmp/tmp.mCQ89m2R6Y/src/main.zig:113:33: 0x11c96f1 in testOne (main.zig) try list.appendSlice(gpa, list.items[off..][0..len]); ^ /home/grimtyr/personal/src/zig-gt/lib/compiler/test_runner.zig:414:20: 0x11c53fb in test_one (test_runner.zig) testOne(ctx, @constCast(&testing.Smith{ .in = null })) catch |err| switch (err) { ^ /home/grimtyr/personal/src/zig-gt/lib/fuzzer.zig:1006:19: 0x12644aa in run (fuzzer) f.test_one(); ^ /home/grimtyr/personal/src/zig-gt/lib/compiler/test_runner.zig:440:33: 0x11c5064 in fuzz__anon_28825 (test_runner.zig) fuzz_abi.fuzzer_set_test(&global.test_one, .fromSlice(builtin.test_functions[fuzz_test_index].name)); ^ /home/grimtyr/personal/src/zig-gt/lib/std/testing.zig:1218:32: 0x11c4dad in fuzz (main.zig) return @import("root").fuzz(context, testOne, options); ^ /home/grimtyr/personal/src/zig-gt/lib/compiler/test_runner.zig:197:29: 0x11f8dab in mainServer (test_runner.zig) test_fn.func() catch |err| switch (err) { ^ /home/grimtyr/personal/src/zig-gt/lib/compiler/test_runner.zig:68:26: 0x11f9e10 in main (test_runner.zig) return mainServer(init) catch @panic("internal test runner failure"); ^ /home/grimtyr/personal/src/zig-gt/lib/std/start.zig:678:88: 0x11f4ec6 in callMain (std.zig) if (fn_info.params[0].type.? == std.process.Init.Minimal) return wrapMain(root.main(.{ ^ /home/grimtyr/personal/src/zig-gt/lib/std/start.zig:190:5: 0x11f48d1 in _start (std.zig) asm volatile (switch (native_arch) { ^ error: test process unexpectedly terminated with signal ABRT failed command: ./.zig-cache/o/31f8e5f39c60eac47c06b104bc067bea/test --cache-dir=./.zig-cache --seed=0x5f5b0eaf --listen=- ======= FUZZING REPORT ======= error: step 'run test': corrupted coverage file '.zig-cache/v/59e4bde28e630904': pcs_len was zero error: the following build command failed with exit code 1: .zig-cache/o/f8784b54cbaed93e4a12c6a611e7a16c/build /home/grimtyr/personal/src/zig-gt/build/stage4/bin/zig /home/grimtyr/personal/src/zig-gt/lib /tmp/tmp.mCQ89m2R6Y .zig-cache /home/grimtyr/.cache/zig --seed 0x5f5b0eaf -Z94002b71308a2e70 test --fuzz=100K ```
Author
Contributor
Copy link

@grimtyr wrote in #31205 (comment):

I tried the zig init default fuzz test, But it gives an error, I don't know if that was intended or if its a bug, I tried to reproduce it normally with this code but It's able to resize the array normally while the fuzz test cannot:

The bug is intentional (see if it manages to fail this test case). It is a bit subtle but the slice passed in try list.appendSlice(gpa, list.items[off..][0..len]); is referencing invalidated memory since list is resized. The point is the fuzz test is exposing a bug that is not immediately obvious and requires verily specific conditions.

@grimtyr wrote in https://codeberg.org/ziglang/zig/pulls/31205#issuecomment-10571798: > I tried the `zig init` default fuzz test, But it gives an error, I don't know if that was intended or if its a bug, I tried to reproduce it normally with this code but It's able to resize the array normally while the fuzz test cannot: The bug is intentional (`see if it manages to fail this test case`). It is a bit subtle but the slice passed in `try list.appendSlice(gpa, list.items[off..][0..len]);` is referencing invalidated memory since `list` is resized. The point is the fuzz test is exposing a bug that is not immediately obvious and requires verily specific conditions.
Contributor
Copy link

Oh yeah that makes sense, It's my bad I didn't check what the capacity was and I though it did not matter, didn't catch it in the list.addManyAsSlice doc comment, thanks again for this and your help.

Oh yeah that makes sense, It's my bad I didn't check what the capacity was and I though it did not matter, didn't catch it in the `list.addManyAsSlice` doc comment, thanks again for this and your help.
andrewrk left a comment
Copy link

Fantastic work.

I appreciate your patience as I've taken a while to review your work. At this point, you've demonstrated mastery and commitment to several areas of the std lib and toolchain, and you can expect to more swift reviews.

Fantastic work. I appreciate your patience as I've taken a while to review your work. At this point, you've demonstrated mastery and commitment to several areas of the std lib and toolchain, and you can expect to more swift reviews.
First-time contributor
Copy link

Just curious, is there anything about FuzzAllocator that requires it to be in lib/std/deque.zig specifically, or is it more generally applicable to other uses of Smith? I can't tell by looking at it what is specific to deques.

Just curious, is there anything about `FuzzAllocator` that requires it to be in `lib/std/deque.zig` specifically, or is it more generally applicable to other uses of `Smith`? I can't tell by looking at it what is specific to deques.
Author
Contributor
Copy link

@Cajunvoodoo wrote in #31205 (comment):

Just curious, is there anything about FuzzAllocator that requires it to be in lib/std/deque.zig specifically, or is it more generally applicable to other uses of Smith? I can't tell by looking at it what is specific to deques.

Yes, it asserts a maximum of two allocations at any time, allocations are asserted to have an alignment of 4, allocation resizes assert only one active allocation, and the maximum allocation size is fixed. These match the fuzz test as it only uses u32 and match deques since they should only have one allocation, except two when resizing.

@Cajunvoodoo wrote in https://codeberg.org/ziglang/zig/pulls/31205#issuecomment-12033456: > Just curious, is there anything about `FuzzAllocator` that requires it to be in `lib/std/deque.zig` specifically, or is it more generally applicable to other uses of `Smith`? I can't tell by looking at it what is specific to deques. Yes, it asserts a maximum of two allocations at any time, allocations are asserted to have an alignment of 4, allocation resizes assert only one active allocation, and the maximum allocation size is fixed. These match the fuzz test as it only uses u32 and match deques since they should only have one allocation, except two when resizing.
Sign in to join this conversation.
No reviewers
Labels
Clear labels
abi/f32
abi/ilp32
abi/sf
accepted
This proposal is planned.
arch/21k
arch/6502
arch/aarch64
arch/alpha
arch/amdgcn
arch/arc
arch/arc32
arch/arc64
arch/arm
arch/avr
arch/bfin
arch/bpf
arch/colossus
arch/cris
arch/csky
arch/dlx
arch/epiphany
arch/fr30
arch/frv
arch/hexagon
arch/hppa
arch/hppa64
arch/ia64
arch/kalimba
arch/kvx
arch/lanai
arch/lm32
arch/loongarch32
arch/loongarch64
arch/m32r
arch/m68k
arch/m88k
arch/mcore
arch/microblaze
arch/mips
arch/mips64
arch/mmix
arch/moxie
arch/mrisc32
arch/msp430
arch/nds32
arch/ns32k
arch/nvptx
arch/or1k
arch/powerpc
arch/powerpc64
arch/propeller
arch/riscv32
arch/riscv64
arch/rl78
arch/rx
arch/s390x
arch/sh
arch/sparc
arch/sparc64
arch/spirv
arch/spu
arch/tricore
arch/v850
arch/vax
arch/vc4
arch/ve
arch/wasm
arch/x86
arch/x86_64
arch/xcore
arch/xtensa
autodoc
The web application for interactive documentation and generation of its assets.
backend/c
The C backend outputs C source code.
backend/llvm
The LLVM backend outputs an LLVM bitcode module.
backend/self-hosted
The self-hosted backends produce machine code directly.
binutils
Zig's included binary utilities: zig ar, zig dlltool, zig lib, zig ranlib, zig objcopy, and zig rc.
breaking
Implementing this issue could cause existing code to no longer compile or have different behavior.
build system
The Zig build system - zig build, std.Build, the build runner, and package management.
debug info
An issue related to debug information (e.g. DWARF) produced by the Zig compiler.
docs
An issue with documentation, e.g. the language reference or standard library doc comments.
error message
This issue points out an error message that is unhelpful and should be improved.
frontend
Tokenization, parsing, AstGen, ZonGen, Sema, Legalize, and Liveness.
fuzzing
An issue related to Zig's integrated fuzz testing.
incremental
Reuse of internal compiler state for faster compilation.
lib/c
This issue relates to Zig's libc implementation and/or vendored libcs.
lib/compiler-rt
This issue relates to Zig's compiler-rt library.
lib/cxx
This issue relates to Zig's vendored libc++ and/or libc++abi.
lib/std
This issue relates to Zig's standard library.
lib/tsan
This issue relates to Zig's vendored libtsan.
lib/ubsan-rt
This issue relates to Zig's ubsan-rt library.
lib/unwind
This issue relates to Zig's vendored libunwind.
linking
Zig's integrated object file and incremental linker.
miscompilation
The compiler reports success but produces semantically incorrect code.
os/android
os/contiki
os/dragonfly
os/driverkit
os/emscripten
os/freebsd
os/fuchsia
os/haiku
os/hermit
os/hurd
os/illumos
os/ios
os/linux
os/maccatalyst
os/macos
os/managarm
os/netbsd
os/ohos
os/openbsd
os/plan9
os/redox
os/rtems
os/serenity
os/tvos
os/uefi
os/visionos
os/wasi
os/watchos
os/windows
proposal
This issue suggests language modifications. If it also has the "accepted" label then it is planned.
release notes
This issue or pull request should be mentioned in the release notes.
testing
This issue is related to testing the compiler, standard library, or other parts of Zig.
zig cc
Zig as a drop-in C-family compiler.
zig fmt
The Zig source code formatter.
zig reduce
The Zig source code reduction tool.
bounty
https://ziglang.org/news/announcing-donor-bounties
bug
Observed behavior contradicts documented or intended behavior.
contributor-friendly
This issue is limited in scope and/or knowledge of project internals.
downstream
An issue with a third-party project that uses this project.
enhancement
Solving this issue will likely involve adding new logic or components to the codebase.
infra
An issue related to project infrastructure, e.g. continuous integration.
optimization
A task to improve performance and/or resource usage.
question
No questions on the issue tracker; use a community space instead.
regression
Something that used to work in a previous version stopped working
upstream
An issue with a third-party project that this project uses.
use case
Describes a real use case that is difficult or impossible, but does not propose a solution.
No labels
abi/f32
abi/ilp32
abi/sf
accepted
arch/21k
arch/6502
arch/aarch64
arch/alpha
arch/amdgcn
arch/arc
arch/arc32
arch/arc64
arch/arm
arch/avr
arch/bfin
arch/bpf
arch/colossus
arch/cris
arch/csky
arch/dlx
arch/epiphany
arch/fr30
arch/frv
arch/hexagon
arch/hppa
arch/hppa64
arch/ia64
arch/kalimba
arch/kvx
arch/lanai
arch/lm32
arch/loongarch32
arch/loongarch64
arch/m32r
arch/m68k
arch/m88k
arch/mcore
arch/microblaze
arch/mips
arch/mips64
arch/mmix
arch/moxie
arch/mrisc32
arch/msp430
arch/nds32
arch/ns32k
arch/nvptx
arch/or1k
arch/powerpc
arch/powerpc64
arch/propeller
arch/riscv32
arch/riscv64
arch/rl78
arch/rx
arch/s390x
arch/sh
arch/sparc
arch/sparc64
arch/spirv
arch/spu
arch/tricore
arch/v850
arch/vax
arch/vc4
arch/ve
arch/wasm
arch/x86
arch/x86_64
arch/xcore
arch/xtensa
autodoc
backend/c
backend/llvm
backend/self-hosted
binutils
breaking
build system
debug info
docs
error message
frontend
fuzzing
incremental
lib/c
lib/compiler-rt
lib/cxx
lib/std
lib/tsan
lib/ubsan-rt
lib/unwind
linking
miscompilation
os/android
os/contiki
os/dragonfly
os/driverkit
os/emscripten
os/freebsd
os/fuchsia
os/haiku
os/hermit
os/hurd
os/illumos
os/ios
os/linux
os/maccatalyst
os/macos
os/managarm
os/netbsd
os/ohos
os/openbsd
os/plan9
os/redox
os/rtems
os/serenity
os/tvos
os/uefi
os/visionos
os/wasi
os/watchos
os/windows
proposal
release notes
testing
zig cc
zig fmt
zig reduce
bounty
bug
contributor-friendly
downstream
enhancement
infra
optimization
question
regression
upstream
use case
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ziglang/zig!31205
Reference in a new issue
ziglang/zig
No description provided.
Delete branch "gooncreeper/zig:integrated-smith"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?