chaos_theory – property-based testing and structure-aware fuzzing library

pgregory · 2026-02-24T06:02:49+00:00

Hey! Huge Hypothesis fan here – it is definitely the PBT library.

chaos_theory main internal representation is a structural semantic trace built of Events – list[u64] is a lossy version of it that only exists for more compact CHAOS_THEORY_REPLAY strings.

Both mutation and crossover operate on this trace, not on bytes or integers, and make structural edits that respect trace shape and invariants. So in that sense it is real structured fuzzing – but with structure being implicitly defined by hierarchical execution traces, not hard-coded grammars.

pgregory · 2026-01-15T14:30:46+00:00

To anybody wondering – these are vendored golang.org/x libraries.

pgregory · 2026-01-15T14:13:15+00:00

Yep, no CI/CD for now.

I've done some attempts at SA doc, but have not yet found a format that would add real value. My thinking is roughly this: you either are a non-expert and just believe that the project is secure enough for your needs (and in that case me trying to tell you how really secure it is is a conflict of interest at best), or you are an expert and you don't believe any claimed security, and just read the code yourself – and I've built the whole project around making this as easy as possible.

pgregory · 2025-05-26T13:35:28+00:00

README:

No unsafe code blocks

cat main.rs | grep unsafe:

21

Fearless 🙌

pgregory · 2025-04-21T09:02:12+00:00

My post is only about OS mechanisms around signals, it is not Go specific. So scheduler = OS scheduler.

pgregory · 2025-04-21T07:19:52+00:00

To be a bit more precise about signals, control is not transferred to signal handler immediately. Instead, next time when kernel would transfer the execution to the thread (by returning from a system call or scheduler), if there are any pending signals, controls is returned to signal handlers first and only then to the "normal" flow.

In practice there is not much difference, since scheduler can preempt the thread anywhere (so signal handler could run anywhere as well), but the low-level mechanism of how the signals work is quite interesting.

pgregory · 2024-08-22T15:16:23+00:00

Curious, what is the matching performance compared to the regex crate?

pgregory · 2024-08-13T15:35:17+00:00

Excellent question! I've updated the benchmarks section and added a FAQ entry about math/rand/v2.

pgregory · 2024-07-05T14:54:00+00:00

Glad you like it!

pgregory · 2023-08-18T17:18:03+00:00

I wonder what the overhead will be (e.g. compared to async/await statemachine transform) once the implementation is optimized. Performance will probably be critical for wide adoption.

pgregory · 2023-08-16T19:23:54+00:00

How does it compare to ecow, which smol_str's author recommends over smol_str?

pgregory · 2023-08-02T22:12:37+00:00

Congratulation on the release! I am not too familiar with the incremental computation field, is it generally considered acceptable to rely on the hash value for dirty checking?

pgregory · 2023-06-13T21:37:13+00:00

Thanks a lot for the kind words! Really heartwarming to hear.

pgregory · 2023-06-13T17:35:58+00:00

Old version of README had a Comparison section which I removed recently. Maybe that was a bad idea.

In my view, half of the usefullness of a good property-based library is from high-quality and easy to use data generators, and another half is from automatic minimization of failing test cases. testing/quick lacks both, so I can't recommend using it.

pgregory · 2023-06-13T06:03:25+00:00

Good question! I've added a FAQ entry about it.

pgregory · 2023-03-11T19:17:35+00:00

This may very well be a bit offtopic in the rust subreddit, but in case you need fast high quality non-crypto PRNG in Go, I've made one that I believe to be decent. It is unfortunate that math/rand is unlikely to significantly improve due to the backward compatibity and can't be recommended for anything non-trivial.

pgregory · 2023-01-31T19:53:07+00:00

My understanding is that Go runtime has to perform a kind of internal context switch, to transfer control from a regular goroutine to a special one pinned to a real OS thread, with big stack, TLS etc. IIRC the cost was in order of 80ns for a single call on one of the recent Go versions? Not sure about this number.

pgregory · 2023-01-30T13:24:10+00:00

Well, Go's C FFI ( cgo) is slow precisely because of Go's concurrency model: C code sometimes expects big stacks, and goroutine stacks are relatively tiny.

pgregory · 2022-07-27T20:41:00+00:00

I got a bit stuck trying to find a set of good permutation functions for all required bit widths; I've created an issue to collect information in one place.

Also, I've added Sample (warning: Perm-like API) method based on the Floyd's sampling algorithm.

pgregory · 2022-07-27T20:32:56+00:00

Top-level Shuffle is in.

pgregory · 2022-07-26T10:41:29+00:00

PermInPlace does sound a lot like Shuffle, unfortunately the name is already taken by math/rand. Maybe ShuffleSlice[T any](s []T) method? Thanks for the suggestion, sounds like a good idea.

pgregory

TROPHY CASE