Fuzz collections for exception safety

[huonw]

It's easy to accidentally write something that's unsafe in the presence of unwinding, which is a problem if arbitrary user code is being run. This occurs in many methods inside data structures, e.g. ordered maps do many comparisons, calling the user defined cmp method (which could unwind), and the Clone implementations will call clone on the contained data, which possibly unwinds.

It would be a nice assurance to have these tested (exhaustively, if possible), e.g. sort is tested like this: it creates a random vector, counts how many comparisons are required to sort it, and the tests that failing on any of those comparisons is correct (which it checks by seeing that the destructors are run exactly once). It would be nice to do this with comparison-based data structures and especially the clone implementations.

In the best case, we might have some sort of framework for this. E.g. a function like

fn run_failure_test<T: Clone + Send>(data: T, f: fn(T, g: ||))

f would be called repeatedly with different values of the closure g; the user calls that in the location that should fail. The first call of f will have g just counting how many calls, and later calls will have g failing after a certain number.

That is, the sort test above could be written something like:

fn test(mut v: Vec<DropCounter>, g: ||) {
    v.sort_by(|a, b| { g(); a.cmp(b) })
}
run_failure_test(main, test)

(I guess run_failure_test it might need to take "setup" and "check" closures too.)

[Gankra]

CC me

[steveklabnik]

Triage: I'm not aware of any efforts to actually do this.

[steveklabnik]

Triage: this has become a topic lately, but this issue isn't really helping it actually happen. We'd welcome more testing of the standard library, but I don't think this issue is worth it. Closing!