pmat 3.14.0

PMAT - Zero-config AI context generation and code quality toolkit (CLI, MCP, HTTP)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305

/// Fuzz-mutation hybrid strategy
pub struct FuzzMutationStrategy {
    /// Base mutation engine
    mutation_engine: MutationEngine,

    /// Fuzzing configuration
    fuzz_config: FuzzConfig,
}

impl FuzzMutationStrategy {
    /// Create new fuzzing strategy
    #[provable_contracts_macros::contract("pmat-core.yaml", equation = "check_compliance")]
    pub fn new(mutation_engine: MutationEngine, fuzz_config: FuzzConfig) -> Self {
        Self {
            mutation_engine,
            fuzz_config,
        }
    }

    /// Get fuzzing configuration
    #[provable_contracts_macros::contract("pmat-core.yaml", equation = "check_compliance")]
    pub fn config(&self) -> &FuzzConfig {
        &self.fuzz_config
    }

    /// Get mutation engine
    #[provable_contracts_macros::contract("pmat-core.yaml", equation = "check_compliance")]
    pub fn engine(&self) -> &MutationEngine {
        &self.mutation_engine
    }

    /// Generate random inputs
    #[provable_contracts_macros::contract("pmat-core.yaml", equation = "check_compliance")]
    pub fn generate_inputs(&self, count: usize) -> Vec<Vec<u8>> {
        use rand::Rng;
        let mut rng = rand::rng();

        (0..count)
            .map(|_| {
                let len = rng.random_range(1..=256);
                (0..len).map(|_| rng.random::<u8>()).collect()
            })
            .collect()
    }

    /// Generate grammar-based inputs for specific format
    #[provable_contracts_macros::contract("pmat-core.yaml", equation = "check_compliance")]
    pub fn generate_grammar_based_inputs(&self, count: usize, _format: &str) -> Vec<Vec<u8>> {
        // Minimal implementation: generate simple JSON structures
        (0..count)
            .map(|i| {
                if i % 3 == 0 {
                    b"{}".to_vec()
                } else if i % 3 == 1 {
                    b"[]".to_vec()
                } else {
                    vec![]
                }
            })
            .collect()
    }

    /// Fuzz a single mutant
    #[provable_contracts_macros::contract("pmat-core.yaml", equation = "check_compliance")]
    pub async fn fuzz_mutant(&self, mutant: &Mutant) -> Result<FuzzResult> {
        use std::panic;
        use std::time::Instant;
        use tokio::time::timeout;

        let mut crashes = Vec::new();
        let mut hangs = Vec::new();

        // Initialize coverage corpus for coverage-guided fuzzing
        let baseline_coverage = CoverageInfo::new();
        let mut corpus = CoverageCorpus::new(baseline_coverage);

        // Generate initial inputs based on strategy
        let inputs = match self.fuzz_config.input_generator {
            InputGeneratorType::Random => self.generate_inputs(self.fuzz_config.iterations),
            InputGeneratorType::GrammarBased => {
                self.generate_grammar_based_inputs(self.fuzz_config.iterations, "generic")
            }
            InputGeneratorType::MutationBased => {
                // Start with random, mutate them
                self.generate_inputs(self.fuzz_config.iterations)
            }
            InputGeneratorType::CoverageGuided => {
                // Start with seed inputs
                self.generate_inputs(std::cmp::min(100, self.fuzz_config.iterations))
            }
        };

        let is_coverage_guided = matches!(
            self.fuzz_config.input_generator,
            InputGeneratorType::CoverageGuided
        );

        // Test each input
        let mut iteration = 0;
        let max_iterations = self.fuzz_config.iterations;

        while iteration < max_iterations {
            let input = if iteration < inputs.len() {
                inputs[iteration].clone()
            } else if is_coverage_guided && !corpus.interesting_inputs.is_empty() {
                // Mutate interesting inputs from corpus
                let seed = &corpus.get_seeds(1)[0];
                mutate_input(seed)
            } else {
                break;
            };

            let _start = Instant::now(); // Reserved for profiling

            // Execute with timeout to detect hangs
            let result = timeout(
                self.fuzz_config.iteration_timeout,
                tokio::task::spawn_blocking({
                    let mutant_source = mutant.mutated_source.clone();
                    let input_clone = input.clone();
                    move || {
                        // Try to execute mutated code with input
                        // For Phase 1, we simulate execution
                        // Real implementation would compile and run
                        let exec_result = panic::catch_unwind(|| {
                            execute_mutant_with_input(&mutant_source, &input_clone)
                        });

                        // Simulate coverage tracking
                        let coverage = CoverageTracker::simulate_coverage(&input_clone);

                        (exec_result, coverage)
                    }
                }),
            )
            .await;

            match result {
                Ok(Ok((Ok(_), coverage))) => {
                    // Execution succeeded, track coverage
                    if is_coverage_guided {
                        corpus.add_if_interesting(input.clone(), coverage);
                    }
                }
                Ok(Ok((Err(_), coverage))) => {
                    // Panic detected = crash
                    if self.fuzz_config.crash_detection {
                        crashes.push(format!("crash_at_input_{}", iteration));
                    }
                    if is_coverage_guided {
                        corpus.add_if_interesting(input.clone(), coverage);
                    }
                }
                Ok(Err(_)) => {
                    // Task join error (shouldn't happen)
                }
                Err(_) => {
                    // Timeout = hang
                    hangs.push(input.clone());
                }
            }

            iteration += 1;

            // Early exit if we've found crashes and hangs
            if !crashes.is_empty() && !hangs.is_empty() {
                break;
            }
        }

        // Calculate coverage increase
        let coverage_increase = if is_coverage_guided {
            corpus.total_coverage_increase()
        } else {
            0.0
        };

        Ok(FuzzResult {
            crashes,
            hangs,
            coverage_increase,
        })
    }

    /// Execute fuzzing from source code
    #[provable_contracts_macros::contract("pmat-core.yaml", equation = "check_compliance")]
    pub async fn execute_from_source(&self, source: &str) -> Result<FuzzMutationReport> {
        use std::time::Instant;

        let start = Instant::now();

        // Generate mutants from source
        let mutants = self
            .mutation_engine
            .generate_mutants_from_source(std::path::Path::new("fuzz_target.rs"), source)
            .await?;

        let total_mutants = mutants.len();
        let mut results = Vec::new();
        let mut mutants_with_crashes = 0;
        let mut mutants_with_hangs = 0;

        // Fuzz each mutant
        for mutant in mutants {
            let fuzz_result = self.fuzz_mutant(&mutant).await?;

            if fuzz_result.has_crashes() {
                mutants_with_crashes += 1;
            }
            if fuzz_result.has_hangs() {
                mutants_with_hangs += 1;
            }

            results.push((mutant, fuzz_result));
        }

        let execution_time = start.elapsed();

        Ok(FuzzMutationReport {
            total_mutants,
            mutants_with_crashes,
            mutants_with_hangs,
            execution_time,
            results,
        })
    }

    /// Execute fuzzing in parallel
    #[provable_contracts_macros::contract("pmat-core.yaml", equation = "check_compliance")]
    pub async fn execute_from_source_parallel(
        &self,
        source: &str,
        workers: usize,
    ) -> Result<FuzzMutationReport> {
        use std::sync::Arc;
        use std::time::Instant;
        use tokio::sync::Semaphore;

        let start = Instant::now();

        // Generate mutants from source
        let mutants = self
            .mutation_engine
            .generate_mutants_from_source(std::path::Path::new("fuzz_target.rs"), source)
            .await?;

        let total_mutants = mutants.len();

        // Use semaphore to limit concurrent fuzzing
        let semaphore = Arc::new(Semaphore::new(workers));
        let mut tasks = Vec::new();

        for mutant in mutants {
            let sem = semaphore.clone();
            let config = self.fuzz_config.clone();
            let engine = self.mutation_engine.clone(); // Clone for thread safety

            let task = tokio::spawn(async move {
                let _permit = sem
                    .acquire()
                    .await
                    .expect("Semaphore must not be closed during fuzzing");

                // Create temporary strategy for this mutant
                let strategy = FuzzMutationStrategy::new(engine, config);
                let fuzz_result = strategy
                    .fuzz_mutant(&mutant)
                    .await
                    .expect("Fuzz mutant operation must succeed");

                (mutant, fuzz_result)
            });

            tasks.push(task);
        }

        // Collect results
        let mut results = Vec::new();
        let mut mutants_with_crashes = 0;
        let mut mutants_with_hangs = 0;

        for task in tasks {
            let (mutant, fuzz_result) = task.await?;

            if fuzz_result.has_crashes() {
                mutants_with_crashes += 1;
            }
            if fuzz_result.has_hangs() {
                mutants_with_hangs += 1;
            }

            results.push((mutant, fuzz_result));
        }

        let execution_time = start.elapsed();

        Ok(FuzzMutationReport {
            total_mutants,
            mutants_with_crashes,
            mutants_with_hangs,
            execution_time,
            results,
        })
    }
}