Gtk fuzzer to catch crashes, memory leak and undefined behaviour
Hi, today I started working on simple fuzzer to GTK which should help easily find more bugs (already I found some crashes).
It is written in Python, because Python gives access to info about functions parameters in runtime which is very helpful for such apps.
Of course this will also find crashes with PyGObject which will a little complicate finding issues in GTK/Glib etc.
I want to create similar fuzzer as I already done in Godot Engine - https://github.com/qarmin/Qarminer/blob/master/FunctionExecutor.gd - which use GDScript which is similar to Python(but it is better integrated with engine than Python with GTK)
Since I'm not expert in GTK nor Python, any help is appreciated
Current repository - https://github.com/qarmin/GtkFuzzer
This is how it should work
- Loop, execute steps below x times
- Get list of all classes
- Throw out classes which crashes when instancing etc.(this should be reported before to bug tracer)
- Create object with for each class
- Get list of all methods of this classes
- Throw out all methods which cause bugs - e.g. which crashes or just shouldn't be used like object.free()
- Throw out all methods which arguments are not supported
- Execute every function with random or not parameters
- Clean object before executing next method on object(this is optional, clearing object will allow to have reproducible results)
Currently only points 2-4 are implemented partially
Current PyGobject Script(I know that any other languages than C are not really supported here, but still I think that is good to post it here, since it can find a lot of invalid behavior in GTK)
import gi
gi.require_version("Gtk", "3.0")
from gi.repository import Gtk
def start_test(_unused):
gtk_objects = dir(Gtk)
#This loop creates Gtk objects like Window or ScrolledWindow
for i in gtk_objects:
type_of_thing = eval("type(Gtk." + i + ")")
if type_of_thing is gi.types:
pass
else:
#print(str(type_of_thing) + " " + i)
pass
if i.startswith("_"):
print("Ignoring " + i + ", builtin function")
continue
if i[0].islower():
print("Ignoring " +i + " normal function")
continue
ar = getattr(Gtk,i)
try:
obj = ar()
try:
obj.show()
print("Created and showed object - " + i)
except:
print("Created object but failed to show it - " + i)
continue
except:
print("Failed to create - " + str(i))
continue
print("Ended test")
#Gtk.main_quit() # Uncomment to fix crash
window = Gtk.Window(title="Close close to sta")
window.show()
window.connect("destroy", start_test)
Gtk.main()
shows at the end crash
Segmentation fault (core dumped)
Under Valgrind it doesn't crash but shows a lot of invalid reads/writes valgrind.txt