infix
A JIT-Powered FFI Library for C
Loading...
Searching...
No Matches
Functions
fuzz_helpers.c File Reference

Implements the core logic for generating random infix_type graphs from fuzzer input. More...

#include "fuzz_helpers.h"
Include dependency graph for fuzz_helpers.c:

Functions

infix_typegenerate_random_type (infix_arena_t *arena, fuzzer_input *in, int depth, size_t *total_fields)
 Recursively generates a random infix_type graph from a fuzzer input stream.
 

Detailed Description

Implements the core logic for generating random infix_type graphs from fuzzer input.

Copyright (c) 2025 Sanko Robinson

This source code is dual-licensed under the Artistic License 2.0 or the MIT License. You may choose to use this code under the terms of either license.

SPDX-License-Identifier: (Artistic-2.0 OR MIT)

The documentation blocks within this file are licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).

SPDX-License-Identifier: CC-BY-4.0

Function Documentation

◆ generate_random_type()

infix_type * generate_random_type ( infix_arena_t arena,
fuzzer_input in,
int  depth,
size_t *  total_fields 
)

Recursively generates a random infix_type graph from a fuzzer input stream.

This function consumes bytes from the fuzzer_input to make decisions about what kind of type to generate. It can create primitives, pointers, arrays, structs (packed and regular), and unions. For composite types, it calls itself recursively to generate member or element types.

To prevent timeouts and stack overflows from pathological inputs, the function enforces two key limits:

  • MAX_RECURSION_DEPTH: Limits how deeply types can be nested (e.g., struct within a struct).
  • MAX_TOTAL_FUZZ_FIELDS: Limits the total number of primitive fields in the entire graph.

Once a limit is reached, the recursion terminates by generating a simple primitive type.

Parameters
arenaThe memory arena to allocate the new infix_type objects into.
inA pointer to the fuzzer input stream. The stream is consumed as types are generated.
depthThe current recursion depth.
total_fieldsA pointer to a counter for the total number of fields generated so far.
Returns
A pointer to the newly generated infix_type, or nullptr if generation fails or input is exhausted.