I think that’s a fair point. It sounds like it’s possible with Miri to write unit tests for specific UB concerns, and it’s more likely to catch them than standard unit tests. This will be useful.
I haven't put any thought or time into it yet, but I assume you could combine it with a fuzzer. cargo-fuzz [1] already does this with LLVM's sanitizers, but I'm thinking something like proptest [2] could be used to help find those specific inputs and run under miri.
It may even be as simple as creating the normal proptest tests and then doing `cargo miri --test` or something similar!
Fuzzing + miri sounds like it will be incredibly slow. Probably slower than just using asan.
The good thing about UB in rust is it's easy to target - you don't need to explore the whole space, just module boundaries that encapsulate that space. So something more fine grained should be fine with miri, and fuzzing can capture more complex errors like panics.
Yes, that's what I mean about using proptest (if you are unfamiliar, it's akin to QuickCheck). You'd write the proptest functions for your dedicated unsafe section.
As an example, I use this with Jetscii [1] in an attempt to throughly test SIMD vs non-SIMD code. If Miri detected errors with SIMD (I don't think it does now), then I could run those tests inside of Miri, having them pull double duty.
It would be very nice if cargo-fuzz targets could be swapped to work with proptest, quickcheck, and miri. It's something I've wanted to do for a while, but I don't have as much time to maintain cargo-fuzz.
