langston-barrett/tree-splicer

GitHub: langston-barrett/tree-splicer

基于语法感知的测试用例生成器，解析并拼接 AST 以生成畸形输入，辅助模糊测试。

Stars: 42 | Forks: 10

# tree-splicer tree-splicer 是一个基于语法测试用例生成器。它解析多个输入文件并使用 [tree-sitter][tree-sitter] 语法，然后将它们的 AST 拼接起来生成新的文件。 tree-splicer 为 [tree-crasher][tree-crasher] 模糊测试器和 [icemaker][icemaker] 生成测试用例，尽管它也可以作为独立工具使用。由于 tree-sitter 语法能够抵抗语法错误，因此 tree-splicer 甚至可以变异语法无效的输入！你也可以在不完整的语法下使用 tree-splicer。 ## 示例给定一个简单的 Rust 程序： ``` use std::env; fn even(x: usize) -> bool { if x % 2 == 0 { return true; } else { return false; } } fn main() -> () { let argc = env::args().len(); println!("Hello, world!"); if even(argc) { println!("Even!"); } else { println!("Odd!"); } return (); } ``` 以下是 `tree-splicer-rust` 创建的几个候选结果： ``` use even::env; fn even() -> bool { if even(argc) { println!("Even!"); } else { println!("Odd!"); } } fn std() -> () { return true; } ``` ``` use args::env; fn argc(main: usize) -> bool { return true; } fn even(x: usize) -> bool { if x % 2 == 0 { return true; } else { return false; } } ``` ``` use std::env; fn x(x: usize) -> bool { return true; } fn x(x: usize) -> () { return false; } ``` ## 支持的语言添加语言很简单，参见 [PR #3](https://github.com/langston-barrett/tree-splicer/pull/3) 了解示例。 - JavaScript - OpenSCAD - Rust - TypeScript ## 发现的漏洞 ### boa [#2717](https://github.com/boa-dev/boa/issues/2717) [#2718](https://github.com/boa-dev/boa/issues/2718) [#2719](https://github.com/boa-dev/boa/issues/2719) ### clang [#61635](https://github.com/llvm/llvm-project/issues/61635) [#61666](https://github.com/llvm/llvm-project/issues/61666) [#61667](https://github.com/llvm/llvm-project/issues/61667) [#61746](https://github.com/llvm/llvm-project/issues/61746) [#61747](https://github.com/llvm/llvm-project/issues/61747) ### deno [#18338](https://github.com/denoland/deno/issues/18338) ### rustc [#109066](https://github.com/rust-lang/rust/issues/109066) [#109071](https://github.com/rust-lang/rust/issues/109071) [#109072](https://github.com/rust-lang/rust/issues/109072) [#109078](https://github.com/rust-lang/rust/issues/109078) [#109079](https://github.com/rust-lang/rust/issues/109079) [#109090](https://github.com/rust-lang/rust/issues/109090) [#109129](https://github.com/rust-lang/rust/issues/109129) [#109141](https://github.com/rust-lang/rust/issues/109141) [#109143](https://github.com/rust-lang/rust/issues/109143) [#109144](https://github.com/rust-lang/rust/issues/109144) [#109146](https://github.com/rust-lang/rust/issues/109146) [#109147](https://github.com/rust-lang/rust/issues/109147) [#109148](https://github.com/rust-lang/rust/issues/109148) [#109152](https://github.com/rust-lang/rust/issues/109152) [#109178](https://github.com/rust-lang/rust/issues/109178) [#109188](https://github.com/rust-lang/rust/issues/109188) [#109191](https://github.com/rust-lang/rust/issues/109191) [#109204](https://github.com/rust-lang/rust/issues/109204) [#109232](https://github.com/rust-lang/rust/issues/109232) [#109239](https://github.com/rust-lang/rust/issues/109239) [#109296](https://github.com/rust-lang/rust/issues/109296) [#109297](https://github.com/rust-lang/rust/issues/109297) [#109298](https://github.com/rust-lang/rust/issues/109298) [#109299](https://github.com/rust-lang/rust/issues/109299) [#109300](https://github.com/rust-lang/rust/issues/109300) [#109304](https://github.com/rust-lang/rust/issues/109304) [#109305](https://github.com/rust-lang/rust/issues/109305) [#123988](https://github.com/rust-lang/rust/issues/123988) ### rustfmt [#5716](https://github.com/rust-lang/rustfmt/issues/5716) [#5738](https://github.com/rust-lang/rustfmt/issues/5738) [#5739](https://github.com/rust-lang/rustfmt/issues/5739)