feat: add support for calling generators from anywhere (#261)

Author: camshaft

examples/basic/Cargo.toml

@@ -36,3 +36,10 @@ inherits = "dev"
 opt-level = 3
 incremental = false
 codegen-units = 1
+
+[lints.rust.unexpected_cfgs]
+level = "warn"
+check-cfg = [
+  'cfg(kani)',
+  'cfg(bolero_should_panic)',
+]

examples/basic/src/lib.rs

@@ -51,6 +51,40 @@ mod tests {
             });
     }
 
+    #[test]
+    #[cfg_attr(kani, kani::proof)]
+    fn exhaustive_test() {
+        let should_panic = should_panic();
+
+        check!()
+            .exhaustive()
+            .with_type()
+            .cloned()
+            .for_each(|(a, b)| assert!(add(a, b, should_panic) >= a));
+    }
+
+    #[test]
+    #[cfg_attr(kani, kani::proof)]
+    fn run_test() {
+        let should_panic = should_panic();
+
+        check!().run(|| {
+            let a = bolero::any();
+            let b = bolero::any();
+            assert!(add(a, b, should_panic) >= a)
+        });
+    }
+
+    #[test]
+    #[cfg_attr(kani, kani::proof)]
+    fn unit_test() {
+        let should_panic = should_panic();
+
+        let a = bolero::any();
+        let b = bolero::any();
+        assert!(add(a, b, should_panic) >= a);
+    }
+
     #[test]
     fn panicking_generator_test() {
         #[derive(Debug)]

examples/boolean-tree/Cargo.toml

@@ -17,3 +17,10 @@ inherits = "dev"
 opt-level = 3
 incremental = false
 codegen-units = 1
+
+[lints.rust.unexpected_cfgs]
+level = "warn"
+check-cfg = [
+  'cfg(kani)',
+  'cfg(bolero_should_panic)',
+]

examples/rle-stack/Cargo.toml

@@ -14,3 +14,10 @@ inherits = "dev"
 opt-level = 3
 incremental = false
 codegen-units = 1
+
+[lints.rust.unexpected_cfgs]
+level = "warn"
+check-cfg = [
+  'cfg(kani)',
+  'cfg(bolero_should_panic)',
+]

lib/bolero-afl/src/lib.rs

@@ -5,7 +5,7 @@
 #[doc(hidden)]
 #[cfg(any(test, all(feature = "lib", fuzzing_afl)))]
 pub mod fuzzer {
-    use bolero_engine::{driver, input, panic, Engine, Never, TargetLocation, Test};
+    use bolero_engine::{driver, input, panic, Engine, Never, ScopedEngine, TargetLocation, Test};
     use std::io::Read;
 
     extern "C" {
@@ -54,6 +54,44 @@ pub mod fuzzer {
         }
     }
 
+    impl ScopedEngine for AflEngine {
+        type Output = Never;
+
+        fn run<F, R>(self, mut test: F, options: driver::Options) -> Self::Output
+        where
+            F: FnMut() -> R,
+            R: bolero_engine::IntoResult,
+        {
+            panic::set_hook();
+
+            // extend the lifetime of the bytes so it can be stored in local storage
+            let driver = bolero_engine::driver::bytes::Driver::new(vec![], &options);
+            let driver = bolero_engine::driver::object::Object(driver);
+            let mut driver = Box::new(driver);
+
+            let mut input = AflInput::new(options);
+
+            unsafe {
+                __afl_manual_init();
+            }
+
+            while unsafe { __afl_persistent_loop(1000) } != 0 {
+                input.reset();
+                let bytes = core::mem::take(&mut input.input);
+                let tmp = driver.reset(bytes, &input.options);
+                let (drv, result) = bolero_engine::any::run(driver, &mut test);
+                driver = drv;
+                input.input = driver.reset(tmp, &input.options);
+
+                if result.is_err() {
+                    std::process::abort();
+                }
+            }
+
+            std::process::exit(0);
+        }
+    }
+
     #[derive(Debug)]
     pub struct AflInput {
         options: driver::Options,

lib/bolero-engine/Cargo.toml

@@ -12,6 +12,7 @@ readme = "../../README.md"
 rust-version = "1.66.0"
 
 [features]
+any = ["bolero-generator/any"]
 cache = ["bolero-generator/alloc"]
 rng = ["rand", "rand_xoshiro", "bolero-generator/alloc"]
 

lib/bolero-engine/src/any.rs

@@ -0,0 +1,33 @@
+pub use bolero_generator::any::*;
+
+/// Runs a function that overrides the default driver for `bolero_generator::any` and
+/// returns the result
+#[cfg(not(kani))]
+pub fn run<D, F, R>(driver: Box<D>, test: F) -> (Box<D>, Result<bool, crate::panic::PanicError>)
+where
+    D: 'static + bolero_generator::driver::object::DynDriver + core::any::Any + Sized,
+    F: FnMut() -> R,
+    R: super::IntoResult,
+{
+    let mut test = core::panic::AssertUnwindSafe(test);
+    scope::with(driver, || {
+        crate::panic::catch(|| test.0().into_result().map(|_| true))
+    })
+}
+
+/// Runs a function that overrides the default driver for `bolero_generator::any` and
+/// returns the result
+#[cfg(kani)]
+pub fn run<F, R>(
+    driver: bolero_generator::kani::Driver,
+    mut test: F,
+) -> (
+    bolero_generator::kani::Driver,
+    Result<bool, crate::panic::PanicError>,
+)
+where
+    F: FnMut() -> R,
+    R: super::IntoResult,
+{
+    scope::with(driver, || test().into_result().map(|_| true))
+}

lib/bolero-engine/src/failure.rs

@@ -21,6 +21,7 @@ impl<Input: Debug> Display for Failure<Input> {
         if let Some(seed) = &self.seed {
             writeln!(f, "BOLERO_RANDOM_SEED={}\n", seed)?;
         }
+
         writeln!(f, "Input: \n{:#?}\n", self.input)?;
         writeln!(f, "Error: \n{}", self.error)?;
 

lib/bolero-engine/src/lib.rs

@@ -1,39 +1,35 @@
-pub use anyhow::Error;
-pub use bolero_generator::{
-    driver::{self, Driver},
-    TypeGenerator, ValueGenerator,
-};
-
-#[cfg(kani)]
-pub use bolero_generator::kani;
-
 pub type Seed = u128;
 
+#[cfg(feature = "any")]
+pub mod any;
+pub mod failure;
+pub mod input;
 #[cfg(not(kani))]
 pub mod panic;
 #[cfg(kani)]
 #[path = "./noop/panic.rs"]
 pub mod panic;
-
+mod result;
 #[cfg(feature = "rng")]
 pub mod rng;
 pub mod shrink;
+#[doc(hidden)]
+pub mod target_location;
 mod test;
-pub use test::*;
 
-pub mod failure;
 pub use crate::failure::Failure;
-
-pub mod input;
+pub use anyhow::Error;
+#[cfg(kani)]
+pub use bolero_generator::kani;
+pub use bolero_generator::{
+    driver::{self, Driver},
+    TypeGenerator, ValueGenerator,
+};
 pub use input::Input;
-
-#[doc(hidden)]
-pub mod target_location;
+pub use result::IntoResult;
 #[doc(hidden)]
 pub use target_location::TargetLocation;
-
-mod result;
-pub use result::IntoResult;
+pub use test::*;
 
 /// Trait for defining an engine that executes a test
 pub trait Engine<T: Test>: Sized {
@@ -42,6 +38,15 @@ pub trait Engine<T: Test>: Sized {
     fn run(self, test: T, options: driver::Options) -> Self::Output;
 }
 
+pub trait ScopedEngine {
+    type Output;
+
+    fn run<F, R>(self, test: F, options: driver::Options) -> Self::Output
+    where
+        F: FnMut() -> R,
+        R: IntoResult;
+}
+
 // TODO change this to `!` when stabilized
 #[doc(hidden)]
 pub type Never = ();

lib/bolero-engine/src/panic.rs

@@ -83,9 +83,9 @@ impl PanicError {
 }
 
 #[inline]
-pub fn catch<F: RefUnwindSafe + FnOnce() -> Result<Output, PanicError>, Output>(
+pub fn catch<F: RefUnwindSafe + FnOnce() -> Result<bool, PanicError>>(
     fun: F,
-) -> Result<Output, PanicError> {
+) -> Result<bool, PanicError> {
     let res = catch_unwind(AssertUnwindSafe(|| __panic_marker_start__(fun)));
     match res {
         Ok(Ok(v)) => Ok(v),
@@ -101,6 +101,13 @@ pub fn catch<F: RefUnwindSafe + FnOnce() -> Result<Output, PanicError>, Output>(
                     }
                 };
             }
+
+            // if an `any::Error` was returned, then the input wasn't valid
+            #[cfg(feature = "any")]
+            if err.downcast_ref::<bolero_generator::any::Error>().is_some() {
+                return Ok(false);
+            }
+
             try_downcast!(PanicInfo, "{}");
             try_downcast!(anyhow::Error, "{}");
             try_downcast!(String, "{}");

lib/bolero-generator/src/any/kani.rs

@@ -1,5 +1,3 @@
-use std::cell::RefCell;
-
 type Type = crate::kani::Driver;
 
 pub use core::convert::Infallible as Error;

lib/bolero-honggfuzz/src/lib.rs

@@ -6,7 +6,7 @@
 #[cfg(any(test, all(feature = "lib", fuzzing_honggfuzz)))]
 pub mod fuzzer {
     use bolero_engine::{
-        driver, input, panic as bolero_panic, Engine, Never, TargetLocation, Test,
+        driver, input, panic as bolero_panic, Engine, Never, ScopedEngine, TargetLocation, Test,
     };
     use std::{mem::MaybeUninit, slice};
 
@@ -39,6 +39,35 @@ pub mod fuzzer {
         }
     }
 
+    impl ScopedEngine for HonggfuzzEngine {
+        type Output = Never;
+
+        fn run<F, R>(self, mut test: F, options: driver::Options) -> Self::Output
+        where
+            F: FnMut() -> R,
+            R: bolero_engine::IntoResult,
+        {
+            bolero_panic::set_hook();
+
+            // extend the lifetime of the bytes so it can be stored in local storage
+            let driver = bolero_engine::driver::bytes::Driver::new(&[][..], &options);
+            let driver = bolero_engine::driver::object::Object(driver);
+            let mut driver = Box::new(driver);
+
+            let mut input = HonggfuzzInput::new(options);
+
+            loop {
+                driver.reset(input.get_slice(), &input.options);
+                let (drv, result) = bolero_engine::any::run(driver, &mut test);
+                driver = drv;
+
+                if result.is_err() {
+                    std::process::abort();
+                }
+            }
+        }
+    }
+
     pub struct HonggfuzzInput {
         buf_ptr: MaybeUninit<*const u8>,
         len_ptr: MaybeUninit<usize>,
@@ -54,11 +83,15 @@ pub mod fuzzer {
             }
         }
 
-        fn test_input(&mut self) -> input::Bytes {
-            let input = unsafe {
+        fn get_slice(&mut self) -> &'static [u8] {
+            unsafe {
                 HF_ITER(self.buf_ptr.as_mut_ptr(), self.len_ptr.as_mut_ptr());
                 slice::from_raw_parts(self.buf_ptr.assume_init(), self.len_ptr.assume_init())
-            };
+            }
+        }
+
+        fn test_input(&mut self) -> input::Bytes {
+            let input = self.get_slice();
             input::Bytes::new(input, &self.options)
         }
     }

lib/bolero-kani/src/lib.rs

@@ -8,7 +8,9 @@ pub mod lib {
     #[allow(unused_imports)]
     use super::*;
 
-    use bolero_engine::{driver, input, kani::Driver as KaniDriver, Engine, TargetLocation, Test};
+    use bolero_engine::{
+        driver, input, kani::Driver as KaniDriver, Engine, ScopedEngine, TargetLocation, Test,
+    };
 
     #[derive(Debug, Default)]
     pub struct KaniEngine {}
@@ -45,6 +47,34 @@ pub mod lib {
         }
     }
 
+    impl ScopedEngine for KaniEngine {
+        type Output = ();
+
+        fn run<F, R>(self, test: F, options: driver::Options) -> Self::Output
+        where
+            F: FnMut() -> R,
+            R: bolero_engine::IntoResult,
+        {
+            let driver = KaniDriver::new(&options);
+            let (_driver, result) = bolero_engine::any::run(driver, test);
+            match result {
+                Ok(was_valid) => {
+                    // show if the generator was satisfiable
+                    // TODO fail the harness if it's not: https://github.com/model-checking/kani/issues/2792
+                    #[cfg(kani)]
+                    kani::cover!(
+                        was_valid,
+                        "the generator should produce at least one valid value"
+                    );
+                    let _ = was_valid;
+                }
+                Err(_) => {
+                    panic!("test failed");
+                }
+            }
+        }
+    }
+
     struct KaniInput {
         options: driver::Options,
     }