Learn R Programming

CBTF: Caught by the Fuzz! A minimalistic fuzz-test runner for R

The CBTF package implements a very simple mechanism for fuzz-testing functions in the public interface of an R package.

Fuzz testing helps identify functions lacking sufficient argument validation, and uncovers sets of inputs that, while valid by function signature, may cause issues within the function body.

The core functionality of the package is in the fuzz() function, which calls each provided function with a certain input and records the output produced. If an error or a warning is generated, this is captured and reported to the user, unless it matches a pattern of whitelisted messages, as specified in the ignore_patterns argument. The objects returned by fuzz() can be inspected with summary() and print().

Whitelisting can also be done after a fuzz run has been completed via the whitelist() function, so that only messages that need to be acted upon are actually shown. Using whitelist() has the advantage of not requiring the completion of a fuzz run of all functions over all inputs again.

The helper function get_exported_functions() identifies the functions in the public interface of a given package, facilitating the generation of the list of functions to be fuzzed.

The helper function test_inputs() is invoked by fuzz() if the user doesn’t specify the set of inputs to be tested. By default it generates a large set of potentially problematic inputs, but these can be limited just to the desired classes of inputs.

The helper function namify() can be used to generate automatically pretty names in the list of input object, which can improve the output, especially when structures such as data frames, matrices, and more complex objects are involved. These names are based on the deparsed representation of the unevaluated inputs.

At the moment the functionality of the package is extremely limited: it operates only on the first argument and it doesn’t introduce any randomness. However, it’s convenient when there are a large number of functions to test.

Usage

This is a simple example that displays how to use CBTF to fuzz an R package. We consider mime because it is small enough to run quickly and is likely installed on most systems.

library(CBTF)
funs <- get_exported_functions("mime")
(res <- fuzz(funs, what = list(TRUE)))
## ℹ Fuzzing 2 functions on 1 input
## ✖

Copy Link

Version

Install

install.packages('CBTF')

Monthly Downloads

117

Version

0.5.0

License

GPL-3

Maintainer

Marco Colombo

Last Published

August 21st, 2025

Functions in CBTF (0.5.0)

summary.cbtf

Results summary from a fuzz run
print.cbtf

Print the results from a fuzz run
CBTF-package

CBTF: Caught by the Fuzz! A minimalistic fuzz-test runner
length.cbtf

Compute the number of tests performed
whitelist

Apply additional whitelist patterns to the results of a fuzz run
get_exported_functions

Get the names of the exported functions of a package
fuzz

Fuzz-test the specified functions
test_inputs

Default input tests
namify

Add names to a list of inputs