mutagen VS miri

There are two testing techniques you didn't mention: Snapshot tests (which are greatly simplified using the insta crate and mutation testing (which can be done on nightly with my mutagen crate.

How does this compare to mutagen?

Do you mean as part of build.rs? Yes, that's certainly doable, and has been done in the past. You can use env!("OUT_DIR") for that. Examples you may want to refer to include my mutagen crate and criterion.

Would be great if this could include mutation testing.

I wrote a good number of macros though, both macro_rules! and various proc_macros. The latest iteration of overflower has both, for example. mutagen is a mutation testing tool built as a proc macro, and it's helper library has a bunch of macros, too. compact_arena uses macros to tie unique lifetime tags to arenas.

Also there are far more mutation testing frameworks. I maintain the rust-based mutagen one. There are also LLVM-based ones (etc. mull) that can cover multiple languages (but may yield mutations not expressible in your preferred one).

Cargo (and Rust) makes it so easy to write test cases that you should really use it to find these kinds of bugs. And there are other good test crates available: mutagen, quickcheck, etc.

I had a student completely reachitecture my mutagen tool, and saw some working on various clippy contributions.

Provenance is a dynamic property of pointer values. The actual underlying rules that a program must follow, even when using raw pointers and `unsafe`, are written in terms of provenance. Miri (https://github.com/rust-lang/miri) represents provenance as an actual value stored alongside each pointer's address, so it can check for violations of these rules.

Lifetimes are a static approximation of provenance. They are erased after being validated by the borrow checker, and do not exist in Miri or have any impact on what transformations the optimizer may perform. In other words, the provenance rules allow a superset of what the borrow checker allows.

There has been discussion of doing this with MIRI, which would be easier than all of rustc.

This issue has been fixed: https://github.com/rust-lang/miri/issues/2964

Actually, I've done more advanced tests with MIRI (see https://github.com/rust-lang/miri/issues/2920 for example) which allowed me to fix some issues. I've also made the code compatible with loom, but I didn't found the time yet to write and execute loom tests. That's on the TODO-list, and I need to track it with an issue too.

He is one of the big brains behind Miri, which is a interpreter that runs on the MIR (compiler representation between human code and asm/machine code) and detects undefined behavior. Super useful tool for language safety, pretty interesting on its own.

I would also run your tests in Miri (https://github.com/rust-lang/miri) to try to cover more bases.

You can run miri and it will tell you if the given run triggered any undefined behavior. It will not analyze it for every possible use of the code, but checking for the presence of this specific issue using it should be fairly simple.

If you do encounter a piece of code on which TB performs much worse than SB, do submit it as an issue! There was one recently and we massively improved TB performance on this case by improving garbage collection.