physdes-rs 0.1.6

Physical Design in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

# Fuzzing Guide for physdes-rs

This document explains how to set up and run fuzzing tests for physdes-rs.

## What is Fuzzing?

Fuzzing is a testing technique that automatically generates random inputs to find bugs, crashes, and edge cases in code that might be missed by traditional testing.

## Installation

### Install cargo-fuzz

```bash
cargo install cargo-fuzz
```

### Install Python and pre-commit (optional but recommended)

```bash
# On Windows
# Download Python from https://www.python.org/downloads/
pip install pre-commit
```

## Running Fuzzers

### Run a specific fuzzer

```bash
# Fuzz polygon operations
cargo fuzz run polygon_ops

# Fuzz interval operations
cargo fuzz run interval_ops

# Fuzz point operations
cargo fuzz run point_ops
```

### Run fuzzers with a corpus

You can use existing test inputs as a corpus to guide the fuzzer:

```bash
cargo fuzz run polygon_ops fuzz/corpus/polygon_ops
```

### Run fuzzer for a specific duration

```bash
# Run for 60 seconds
cargo fuzz run polygon_ops -- -max_total_time=60

# Run for 5 minutes
cargo fuzz run interval_ops -- -max_total_time=300
```

### Minimize the corpus

After fuzzing, you can minimize the corpus to keep only interesting inputs:

```bash
cargo fuzz tmin interval_ops
```

## Available Fuzzers

### 1. polygon_ops

Tests polygon-related operations:
- Polygon creation
- Area calculation
- Convexity checking
- Bounding box computation
- Rectilinear checking

### 2. interval_ops

Tests interval-related operations:
- Interval creation
- Length calculation
- Overlap detection
- Intersection computation
- Convex hull calculation

### 3. point_ops

Tests point-related operations:
- Point creation
- Point arithmetic
- Comparison operations
- Distance calculation

## Understanding Fuzzer Output

### Normal Operation

The fuzzer will display:
- Number of executions per second
- Current corpus size
- Coverage statistics
- Unique crashes/findings

### Finding a Crash

If the fuzzer finds a crash, it will:
1. Save the crashing input to `fuzz/artifacts/`
2. Display the crash location
3. Show the input that caused the crash

### Example Crash Output

```
==9432== ERROR: libFuzzer: deadly signal
    #0 0x5555555a7e0f in std::sys::backtrace::tracing::imp::write::h423e5a2f5a9d3c5d
    #1 0x5555555a7e0f in std::panicking::default_hook::hb0f9e8c6d5e8a5c7
    ...
SUMMARY: libFuzzer: deadly signal
artifact_prefix='fuzz/artifacts/'; Test unit written to fuzz/artifacts/crash-<id>
```

## Fixing Issues Found by Fuzzing

1. **Reproduce the crash**:
   ```bash
   cargo fuzz run <fuzzer_name> fuzz/artifacts/crash-<id>
   ```

2. **Debug the issue**:
   - Use `gdb` or `lldb` to debug
   - Add logging to understand the failing case
   - Write a unit test for the specific input

3. **Fix the bug**:
   - Add proper validation
   - Handle edge cases
   - Add error handling where appropriate

4. **Verify the fix**:
   ```bash
   cargo test
   cargo fuzz run <fuzzer_name>
   ```

5. **Add to corpus**:
   Move the minimized input to the corpus to prevent regression:
   ```bash
   cp fuzz/artifacts/minimized-<id> fuzz/corpus/<fuzzer_name>/
   ```

## Continuous Fuzzing

### With pre-commit hooks

Add to `.git/hooks/pre-commit` (or use the provided `.pre-commit-config.yaml`):

```bash
#!/bin/bash
# Run fuzzers for a short time before committing
cargo fuzz run polygon_ops -- -max_total_time=10
cargo fuzz run interval_ops -- -max_total_time=10
```

### With CI/CD

Add to your CI configuration (`.github/workflows/fuzz.yml`):

```yaml
name: Fuzz
on: [push, pull_request]
jobs:
  fuzz:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions-rs/toolchain@v1
        with:
          toolchain: stable
      - run: cargo install cargo-fuzz
      - run: cargo fuzz run polygon_ops -- -max_total_time=60
      - run: cargo fuzz run interval_ops -- -max_total_time=60
```

## Best Practices

1. **Start with short runs**: Begin with 10-30 second runs to catch obvious bugs
2. **Use corpora**: Maintain a good corpus of interesting test cases
3. **Regular fuzzing**: Run fuzzers regularly, especially after code changes
4. **Address findings**: Fix issues found by fuzzers promptly
5. **Add unit tests**: Convert interesting fuzz findings into unit tests

## Troubleshooting

### Fuzzer won't run

- Ensure `cargo-fuzz` is installed
- Check that Rust is up to date
- Verify the fuzzer target exists

### Fuzzer is slow

- Reduce the number of test cases in corpus
- Use `-jobs=N` to run multiple fuzzer instances
- Limit fuzzing time with `-max_total_time`

### Out of memory

- Use `-rss_limit_mb=256` to limit memory usage
- Reduce corpus size
- Run fuzzer for shorter periods

## Additional Resources

- [libFuzzer documentation](https://llvm.org/docs/LibFuzzer.html)
- [cargo-fuzz book](https://rust-fuzz.github.io/book/cargo-fuzz.html)
- [Google OSS-Fuzz](https://github.com/google/oss-fuzz)