850_regression_cases.c File Reference

Contains a data-driven suite of deterministic unit tests for specific bugs found by fuzzing. More...

#include "common/double_tap.h"
#include "fuzz_helpers.h"
#include "fuzz_regression_helpers.h"
#include <infix/infix.h>

Include dependency graph for 850_regression_cases.c:

Classes
struct	regression_test_case_t

Macros
#define	DBLTAP_IMPLEMENTATION

Enumerations
enum	fuzzer_target_t { TARGET_TYPE_GENERATOR , TARGET_SIGNATURE_PARSER , TARGET_TRAMPOLINE_GENERATOR }

Functions
static void	run_regression_case (const regression_test_case_t *test)
	plan (num_tests)
	for (size_t i=0;i< num_tests;++i) run_regression_case(&regression_tests[i])

Variables
static const regression_test_case_t	regression_tests []
	TEST

Detailed Description

Contains a data-driven suite of deterministic unit tests for specific bugs found by fuzzing.

Copyright (c) 2025 Sanko Robinson

This source code is dual-licensed under the Artistic License 2.0 or the MIT License. You may choose to use this code under the terms of either license.

SPDX-License-Identifier: (Artistic-2.0 OR MIT)

The documentation blocks within this file are licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).

SPDX-License-Identifier: CC-BY-4.0

This file is a crucial part of the development lifecycle. When a fuzzer discovers a crash or a timeout, the minimal input that triggers the bug is captured and added to the regression_tests array in this file as a permanent regression test. This ensures that once a bug is fixed, it can never be accidentally reintroduced without causing an immediate and obvious CI failure.

How to Add a New Regression Test

This process turns a temporary fuzzer artifact into a permanent, valuable test.

Step 1: Get the Fuzzer Artifact

After a fuzzing job fails, download the crash-artifact-* zip file. Inside, you will find one or more crash-* or timeout-* files. Open one.

Step 2: Copy the Base64 Input

Near the bottom of the artifact file, find the Base64: line and copy the long string of characters. This is the fuzzer input.

Step 3: Add a New Entry to the regression_tests Array

In this file, add a new regression_test_case_t struct to the regression_tests array. Fill in the fields:

• .name: A descriptive name of the bug (e.g., "SysV Timeout - Wide Structs").
• .b64_input: The Base64 string you copied.
• .target: Which part of the code is being tested?
  • TARGET_TYPE_GENERATOR: For bugs found in fuzz_types, fuzz_trampoline, or fuzz_abi. The test will call generate_random_type().
  • TARGET_SIGNATURE_PARSER: For bugs found in fuzz_signature. The test will call infix_type_from_signature().
• .expected_status: The correct infix_status the function should now return.
  • For a fixed timeout, this should be INFIX_SUCCESS, as the valid-but-slow input should now be processed quickly and correctly.
  • For a fixed crash, this should be INFIX_ERROR_INVALID_ARGUMENT, as the invalid input should now be rejected gracefully.

Step 4: Update the Plan

The plan() at the top of the TEST block is calculated automatically from the size of the array, so no manual update is needed. Your test is now integrated.

Macro Definition Documentation

DBLTAP_IMPLEMENTATION

#define DBLTAP_IMPLEMENTATION

Enumeration Type Documentation

fuzzer_target_t

enum fuzzer_target_t

Enumerator
TARGET_TYPE_GENERATOR	Tests the generate_random_type function (for timeouts/crashes in Core API).
TARGET_SIGNATURE_PARSER	Tests the infix_type_from_signature function (for bugs in the Signature API).
TARGET_TRAMPOLINE_GENERATOR	Tests infix_*_create_manual functions.

Function Documentation

for()

for

(

)

&

plan()

plan

(

num_tests

)

run_regression_case()

static void run_regression_case ( const regression_test_case_t *  test )

static

Variable Documentation

regression_tests

const regression_test_case_t regression_tests[]

static

TEST

TEST

Initial value:

{
    size_t num_tests = sizeof(regression_tests) / sizeof(regression_tests[0])