Split into library and binary parts and implement fuzzer

[realchonk]

TODO:

• use cargo workspaces
• remove all dependencies on fuser from the library
• remove anyhow dependency from library
• update ChangeLog once everything is done

[asomers]

What does the "-fuser" part indicate? Simply "fuse-ufs" would be more consistent with precedent.

[realchonk]

There will be a fuse-ufs-fuse2 for OpenBSD in the future.
The right binary will be chosen when building with make and installed as fuse-ufs.

[asomers]

Up until now, make hasn't been necessary for building; it's just been a convenience for development. It would be unfortunate if it suddenly becomes necessary. Plus, it would not be easy to integrate with things like the ports system. May I suggest two alternatives?

• Define a fuser feature which is on-by-default, but which must be turned off to build on OpenBSD.
• Have a single src/bin/fuse-ufs file which is a thin wrapper around either src/bin/fuse-ufs/fuser.rs or src/bin/fuse-ufs/fuse2, #[cfg()]-gated.

[realchonk]

I like this idea. I'll do this, once I have workspace-ified this project.
I think having fuser and fuse2 features would be useful, with only fuser being enabled by default.
On OpenBSD only fuse2 would work, on all other platforms, you could built with both (if you wanted that for some reason).
It sucks that per-platform features don't work

[realchonk]

@asomers Feel free to review this now.

[asomers]

Do you really need to disable these lints for fuzzing? This looks more like something temporary that got left behind.

[casept]

These are required to silence warnings which occur due to parts of the code not being called while fuzzing.

[asomers]

Better to remove those unused parts of code.

[asomers]

I think that when fuzzing, you should guess the endianess just like you do when not fuzzing. You can generate multiple corpuses, right? One based on BE and one based on LE?

[casept]

Same issue as with the superblock check below - wasted fuzz cases due to guessing an invalid magic.

[asomers]

Why disable this check when fuzzing?

[casept]

So the fuzzer doesn't have to guess a valid superblock, which would lead to a lot of wasted fuzz cases as they'd fail at this stage without reaching crashes/panics deeper in the code. It's common practice to disable these sorts of checks while fuzzing for this reason.

[asomers]

The fuzzer doesn't generate totally random input, right? It starts from a valid disk image and then randomly mutates it?

[casept]

Yes.

[asomers]

Given that it starts from a valid disk image, would you really expect to lost very many runs at this stage? And even if you disable the magic check here, wouldn't a run with a corrupt superblock still likely fail during SuperBlock::check ?

[realchonk]

This is no longer relevant, as I just always run the checks, even when fuzzing.

[asomers]

Uh, what do you mean by "I just always run the checks"? Do you have a separate fork or something? Or is there a commit that you forgot to push? Because the magic check is still disabled during fuzzing.

[realchonk]

Oh, I forgot to remove this check. I did the match on the magic.

[realchonk]

@asomers do you have any objections besides the (incomplete) fuzzing?
If not, I'd really like to finally merge this and improve the fuzzer later.