Run loom tests in oss-fuzz

We already have a few fuzz tests running in oss-fuzz, but it's pretty minimal (see #5391). I think a really good candidate for expanding our fuzz test coverage would be our [loom][1] tests.

Loom normally runs the model checker exhaustively, but if the model becomes too large to do that, you can use the `LOOM_MAX_PREEMPTIONS` and `LOOM_MAX_BRANCHES` options to reduce the search space (see [large models][2]). And in the Tokio CI, we have to enable those settings:

https://github.com/tokio-rs/tokio/blob/92a3455c6652ab0ae7273c6273a35007adacaf2c/.github/workflows/loom.yml#L14-L20

To close this gap, we would like to set up our loom tests to accept data as input that determines which execution loom should try, and use that to turn them into fuzz tests that we can run in Google's oss-fuzz program.

Closing this issue will probably involve changes to both loom, Tokio's codebase, and our CI setup. I imagine that the changes to loom will amount to adjusting the existing checkpoint debugging feature. 

For mentoring, please ask in Tokio's discord server. You can use the #tokio-dev channel or contact me directly.

[1]: https://github.com/tokio-rs/loom
[2]: https://docs.rs/loom/latest/loom/#large-models

	env:
	RUSTFLAGS: -Dwarnings --cfg loom --cfg tokio_unstable -C debug_assertions
	LOOM_MAX_PREEMPTIONS: 2
	LOOM_MAX_BRANCHES: 10000
	RUST_BACKTRACE: 1
	# Change to specific Rust release to pin
	rust_stable: stable

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run loom tests in oss-fuzz #6208

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development