Fuzzer to automatically find side-channel (timing) vulnerabilities

Last update: Sep 29, 2022

Overview

SideFuzz: Fuzzing for side-channel vulnerabilities

SideFuzz is an adaptive fuzzer that uses a genetic-algorithm optimizer in combination with t-statistics to find side-channel (timing) vulnerabilities in cryptography compiled to wasm.

Fuzzing Targets can be found here: https://github.com/phayes/sidefuzz-targets

How it works

SideFuzz works by counting instructions executed in the wasmi wasm interpreter. It works in two phases:

Phase 1. Uses a genetic-algorithm optimizer that tries to maximize the difference in instructions executed between two different inputs. It will continue optimizing until subsequent generations of input-pairs no longer produce any meaningful differences in the number of instructions executed. This means that it will optimize until it finds finds a local optimum in the fitness of input pairs.

Phase 2. Once a local optimum is found, the leading input-pairs are sampled until either:

A large t-statistic (p = 0.001) is found, indicating that there is a statistically significant difference in running-time between the two inputs. This is indicative of a timing side-channel vulnerability; or
The t-statistic stays low, even after significant sampling. In this case the candidate input pairs are rejected and SideFuzz returns to phase 1, resuming the genetic-algorithm optimizer to find another local optimum.

What it gets you

Fuzzing with SideFuzz shows that your Rust code can be constant-time, but doesn't show that it is constant-time on all architectures. This is because LLVM backends can and will ruin constant-time Rust / LLVM-IR when compiling to machine-code. SideFuzz should be considered a "good first step" to be followed up with dudect-bencher and ctgrind. It should also be noted that proper compiler support for constant-time code-generation is an unsolved problem in the Rust ecosystem. There have been some ideas around using cranelift for constant-time code generation, but things are still in the brainstorming phase.

Installation

rustup target add wasm32-unknown-unknown
git clone [email protected]:phayes/sidefuzz.git
cd sidefuzz && cargo install --path .

(Cannot currently do cargo install sidefuzz because of this issue)

Creating a Rust fuzz target

Creating a target in rust is very easy.

// lib.rs
#[no_mangle]
pub extern "C" fn fuzz() {
  let input = sidefuzz::fetch_input(32); // 32 bytes of of fuzzing input as a &[u8]
  sidefuzz::black_box(my_hopefully_constant_fn(input));
}

# Cargo.toml
[lib]
crate-type = ["cdylib"]

[dependencies]
sidefuzz = "0.1.1"

Compile and fuzz the target like so:

cargo build --release --target wasm32-unknown-unknown                # Always build in release mode
sidefuzz fuzz ./target/wasm32-unknown-unknown/release/my_target.wasm # Fuzzing!

Results can be checked like so:

sidefuzz check my_target.wasm 01250bf9 ff81f7b3

When fixing variable-time code, sidefuzz can also help with sidefuzz count to quickly count the number of instructions executed by the target.

sidefuzz count my_target.wasm 01250bf9

Creating a fuzz target in other languages

SideFuzz works with Go, C, C++ and other langauges that compile to wasm.

The wasm module should provide four exports:

Memory exported to "memory"
A function named "fuzz". This function will be repeatedly called during the fuzzing process.
A function named "input_pointer" that returns an i32 pointer to a location in linear memory where we can can write an array of input bytes. The "fuzz" function should read this array of bytes as input for it's fuzzing.
A function named "input_len" that returns an i32 with the desired length of input in bytes.

FAQ

1. Why wasm?

Web Assembly allows us to precisely track the number of instructions executed, the type of instructions executed, and the amount of memory used. This is much more precise than other methods such as tracking wall-time or counting CPU cycles.

2. Why do I always need to build in release mode?

Many constant-time functions include calls to variable-time debug_assert!() functions that get removed during a release build. Rust's and LLVM optimizer may also mangle supposedly constant-time code in the name of optimization, introducing subtle timing vulnerabilities. Running in release mode let's us surface these issues.

3. I need an RNG (Random Number Generator). What do?

You should make use of a PRNG with a static seed. While this is a bad idea for production code, it's great for fuzzing. See the rsa_encrypt_pkcs1v15_message target for an example on how to do this.

4. What's up with `black_box` ?

sidefuzz::black_box is used to avoid dead-code elimination. Because we are interested in exercising the fuzzed code instead of getting results from it, the exported fuzz function doesn't return anything. The Rust optimizer sees all functions that don't return as dead-code and will try to eliminate them as part of it's optimizations. black_box is a function that is opaque to the optimizer, allowing us to exercise functions that don't return without them being optimized away. It should be used whenever calling a function that doesn't return anything or where we are ignoring the output returned.

5. The fuzzer gave me invalid inputs, what now?

You should panic (causing a wasm trap). This will signal to the fuzzer that the inputs are invalid.

6. I need to do some variable-time set-up. How do I do that?

You should use lazy_static to do any set-up work (like generating keys etc). The target is always run once to prime lazy statics before the real fuzzing starts.

Related Tools

dudect-bencher. An implementation of the DudeCT constant-time function tester. In comparison to SideFuzz, this tool more closely adheres to the original dudect design. https://crates.io/crates/dudect-bencher
ctgrind. Tool for checking that functions are constant time using Valgrind. https://github.com/RustCrypto/utils/tree/master/ctgrind

Contributors

Patrick Hayes (linkedin) (github) - Available for hire.

Comments

Improvement: Provide macro attribute

It would be nice if we had the following attribute:

#[sidefuzz = 123]
fn fuzz_some_stuff(input: &[u8) {
   sidefuzz::blackbox(some_constant_fn(input));
}

This attribute would expand to:

use std::ptr;
use std::slice;

#[no_mangle]
pub extern "C" fn len() -> i32 {
    return 123;
}

#[no_mangle]
pub extern "C" fn sidefuzz(ptr: i32, len: i32) {
  let input: &[u8] = unsafe { slice::from_raw_parts(ptr as _, len as _) };

  // Body of function copied here:
  sidefuzz::blackbox(some_constant_fn(input));
}```

enhancement help wanted

opened by phayes 2

Update rand requirement from 0.7.3 to 0.8.3
Updates the requirements on rand to permit the latest version.

Changelog

Sourced from rand's changelog.

[0.8.3] - 2021-01-25

Fixes

Fix no-std + alloc build by gating choose_multiple_weighted on std (#1088)

[0.8.2] - 2021-01-12

Fixes

Fix panic in UniformInt::sample_single_inclusive and Rng::gen_range when providing a full integer range (eg 0..=MAX) (#1087)

[0.8.1] - 2020-12-31

Other

Enable all stable features in the playground (#1081)

[0.8.0] - 2020-12-18

Platform support

The minimum supported Rust version is now 1.36 (#1011)

getrandom updated to v0.2 (#1041)

Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)

ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)

The nightly feature no longer implies the simd_support feature (#1048)

Fix simd_support feature to work on current nightlies (#1056)

Rngs

ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)

gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)

Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)

Restrict rand::rngs::adapter to std (#1027; see also #928)

StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)

StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)

SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

Sequences

Add IteratorRandom::choose_stable as an alternative to choose which does not depend on size hints (#1057)

Improve accuracy and performance of IteratorRandom::choose (#1059)

Implement IntoIterator for IndexVec, replacing the into_iter method (#1007)

Add value stability tests for seq module (#933)

Misc

Support PartialEq and Eq for StdRng, SmallRng and StepRng (#979)

Added a serde1 feature and added Serialize/Deserialize to UniformInt and WeightedIndex (#974)

Drop some unsafe code (#962, #963, #1011)

Reduce packaged crate size (#983)

Migrate to GitHub Actions from Travis+AppVeyor (#1073)

Distributions

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update rand requirement from 0.7.3 to 0.8.2
Updates the requirements on rand to permit the latest version.

Changelog

Sourced from rand's changelog.

[0.8.2] - 2021-01-12

Fixes

Fix panic in UniformInt::sample_single_inclusive and Rng::gen_range when providing a full integer range (eg 0..=MAX) (#1087)

[0.8.1] - 2020-12-31

Other

Enable all stable features in the playground (#1081)

[0.8.0] - 2020-12-18

Platform support

The minimum supported Rust version is now 1.36 (#1011)

getrandom updated to v0.2 (#1041)

Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)

ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)

The nightly feature no longer implies the simd_support feature (#1048)

Fix simd_support feature to work on current nightlies (#1056)

Rngs

ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)

gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)

Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)

Restrict rand::rngs::adapter to std (#1027; see also #928)

StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)

StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)

SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

Sequences

Add IteratorRandom::choose_stable as an alternative to choose which does not depend on size hints (#1057)

Improve accuracy and performance of IteratorRandom::choose (#1059)

Implement IntoIterator for IndexVec, replacing the into_iter method (#1007)

Add value stability tests for seq module (#933)

Misc

Support PartialEq and Eq for StdRng, SmallRng and StepRng (#979)

Added a serde1 feature and added Serialize/Deserialize to UniformInt and WeightedIndex (#974)

Drop some unsafe code (#962, #963, #1011)

Reduce packaged crate size (#983)

Migrate to GitHub Actions from Travis+AppVeyor (#1073)

Distributions

Alphanumeric samples bytes instead of chars (#935)

Uniform now supports char, enabling rng.gen_range('A'..='Z') (#1068)

Add UniformSampler::sample_single_inclusive (#1003)

Commits

6a6b9fd Merge pull request #1087 from GautierMinster/fix_uniform_int_panic_on_full_in...

2c9085a Bump to 0.8.2 and update changelog

4e8c7a4 distributions/uniform: fix panic in gen_range(0..=MAX)

bda9974 Merge pull request #1083 from dhardy/work

594aed8 seed_from_u64: use newpavlov's suggestion

eb4b8a4 Fix #1082 (seed_from_u64 with non multiple of 4)

34aa769 Merge pull request #1081 from taiki-e/playground

e5eec8e Prepare rand 0.8.1

a63eb3a Prepare rand_core 0.6.1

3c19b97 Enable all stable features in the playground

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update rand requirement from 0.7.3 to 0.8.1
Updates the requirements on rand to permit the latest version.

Changelog

Sourced from rand's changelog.

[0.8.1] - 2020-12-31

Other

Enable all stable features in the playground (#1081)

[0.8.0] - 2020-12-18

Platform support

The minimum supported Rust version is now 1.36 (#1011)

getrandom updated to v0.2 (#1041)

Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)

ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)

The nightly feature no longer implies the simd_support feature (#1048)

Fix simd_support feature to work on current nightlies (#1056)

Rngs

ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)

gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)

Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)

Restrict rand::rngs::adapter to std (#1027; see also #928)

StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)

StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)

SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

Sequences

Add IteratorRandom::choose_stable as an alternative to choose which does not depend on size hints (#1057)

Improve accuracy and performance of IteratorRandom::choose (#1059)

Implement IntoIterator for IndexVec, replacing the into_iter method (#1007)

Add value stability tests for seq module (#933)

Misc

Support PartialEq and Eq for StdRng, SmallRng and StepRng (#979)

Added a serde1 feature and added Serialize/Deserialize to UniformInt and WeightedIndex (#974)

Drop some unsafe code (#962, #963, #1011)

Reduce packaged crate size (#983)

Migrate to GitHub Actions from Travis+AppVeyor (#1073)

Distributions

Alphanumeric samples bytes instead of chars (#935)

Uniform now supports char, enabling rng.gen_range('A'..='Z') (#1068)

Add UniformSampler::sample_single_inclusive (#1003)

Weighted sampling

Implement weighted sampling without replacement (#976, #1013)

rand::distributions::alias_method::WeightedIndex was moved to rand_distr::WeightedAliasIndex. The simpler alternative rand::distribution::WeightedIndex remains. (#945)

Improve treatment of rounding errors in WeightedIndex::update_weights (#956)

Commits

bda9974 Merge pull request #1083 from dhardy/work

594aed8 seed_from_u64: use newpavlov's suggestion

eb4b8a4 Fix #1082 (seed_from_u64 with non multiple of 4)

34aa769 Merge pull request #1081 from taiki-e/playground

e5eec8e Prepare rand 0.8.1

a63eb3a Prepare rand_core 0.6.1

3c19b97 Enable all stable features in the playground

98a1aaf Merge pull request #1076 from dhardy/work

46082d5 Fix installation of multilib

d109f18 Update changelog for rand v0.8

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update rand requirement from 0.7.3 to 0.8.0
Updates the requirements on rand to permit the latest version.

Changelog

Sourced from rand's changelog.

[0.8.0] - 2020-12-18

Platform support

The minimum supported Rust version is now 1.36 (#1011)

getrandom updated to v0.2 (#1041)

Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)

ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)

The nightly feature no longer implies the simd_support feature (#1048)

Fix simd_support feature to work on current nightlies (#1056)

Rngs

ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)

gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)

Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)

Restrict rand::rngs::adapter to std (#1027; see also #928)

StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)

StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)

SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

Sequences

Add IteratorRandom::choose_stable as an alternative to choose which does not depend on size hints (#1057)

Improve accuracy and performance of IteratorRandom::choose (#1059)

Implement IntoIterator for IndexVec, replacing the into_iter method (#1007)

Add value stability tests for seq module (#933)

Misc

Support PartialEq and Eq for StdRng, SmallRng and StepRng (#979)

Added a serde1 feature and added Serialize/Deserialize to UniformInt and WeightedIndex (#974)

Drop some unsafe code (#962, #963, #1011)

Reduce packaged crate size (#983)

Migrate to GitHub Actions from Travis+AppVeyor (#1073)

Distributions

Alphanumeric samples bytes instead of chars (#935)

Uniform now supports char, enabling rng.gen_range('A'..='Z') (#1068)

Add UniformSampler::sample_single_inclusive (#1003)

Weighted sampling

Implement weighted sampling without replacement (#976, #1013)

rand::distributions::alias_method::WeightedIndex was moved to rand_distr::WeightedAliasIndex. The simpler alternative rand::distribution::WeightedIndex remains. (#945)

Improve treatment of rounding errors in WeightedIndex::update_weights (#956)

WeightedIndex: return error on NaN instead of panic (#1005)

Documentation

Document types supported by random (#994)

Commits

98a1aaf Merge pull request #1076 from dhardy/work

46082d5 Fix installation of multilib

d109f18 Update changelog for rand v0.8

cc93dae Merge pull request #1079 from JJPennington/master

9aa8bc1 Modified the StdRng documentation

34423a6 Use cp to create redirect

d4b180d Merge pull request #1078 from rust-random/work2

1959b1a Adjust homepage to point at the book

e9adf45 Switch documentation links to docs.rs

da3458b Add HTML redirect

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update color-backtrace requirement from 0.4.2 to 0.5.0
Updates the requirements on color-backtrace to permit the latest version.

Changelog

Sourced from color-backtrace's changelog.

[v0.5.0] (2020-11-21)

Add __rust_begin_short_backtrace filter

Remove experimental failure support

[v0.4.2] (2020-05-19)

Added

Clone and Debug impls for BacktracePrinter

COLORBT_SHOW_HIDDEN env variable, disabling frame filtering

[v0.4.1] (2020-05-08)

Fixed

Use correct verbosity level for string formatting

Fix off-by-one in frame hiding code

Hides one additional post-panic frame

Slightly improved doc

[v0.4.0] (2020-05-06)

Added

BacktracePrinter::format_trace_to_string

Ability to add custom frame filter callbacks

BacktracePrinter::add_frame_filter

BacktracePrinter::clear_frame_filters

default_frame_filter

Thanks to [@yaahc] for helping out with this!

Prefer RUST_LIB_BACKTRACE env var when determining the default verbosity to print non-panic backtraces

Also contributed by [@yaahc]

Changed

Rename Settings → BacktracePrinter

Move print_backtrace → BacktracePrinter::print_trace

Move print_panic_info → BacktracePrinter::print_panic_info

Move color_backtrace::failure::print_backtrace → BacktracePrinter::print_failure_trace

The majority of old APIs have deprecated shims that forward calls to their new place to ease porting

The out setting is no longer part of the BacktracePrinter and instead supplied as an argument to all functions that need it

The previous design forced Sync + Send + 'static constraints on any output stream since they are required when registering the panic handler, but are unnecessary when printing to strings

As a bonus, all format and print functions no longer require mutable access to the BacktracePrinter instance

Commits

dc53c08 Bump version to v0.5

a7240e7 Remove experimental failure support

c68832a Add badge for Apache license

390e22b Add __rust_begin_short_backtrace filter

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update statrs requirement from 0.10.0 to 0.13.0
Updates the requirements on statrs to permit the latest version.

Changelog

Sourced from statrs's changelog.

v0.13.0

Implemented MultivariateNormal distribution (depends on nalgebra 0.19)

Implemented Dirac distribution

Implemented Negative Binomial distribution

v0.12.0

upgrade rand dependency to 0.7

v0.11.0

upgrade rand dependency to 0.6

Implement CheckedInverseCDF and InverseCDF for Normal distribution

v0.10.0

upgrade rand dependency to 0.5

Removes the Distribution trait in favor of the rand::distributions::Distribution trait

Removed functions deprecated in 0.8.0 (periodic, periodic_custom, sinusoidal, sinusoidal_custom)

v0.9.0

implemented infinite sequence generator for periodic sequence

implemented infinite sequence generator for sinusoidal sequence

implemented infinite sequence generator for square sequence

implemented infinite sequence generator for triangle sequence

implemented infinite sequence generator for sawtooth sequence

deprecate old non-infinite iterators in favor of new infinite iterators with take

Implemented Pareto distribution

Implemented Entropy trait for the Categorical distribution

Add a checked_ interface to all distribution methods and functions that may panic

v0.8.0

cdf(x), pdf(x) and pmf(x) now return the correct value instead of panicking when x is outside the range of values that the distribution can attain.

Fixed a bug in the Uniform distribution implementation where samples were drawn from range [min, max + 1) instead of [min, max]. The samples are now drawn correctly from the range [min, max].

Implement generate::log_spaced function

Implement generate::Periodic iterator

Implement generate::Sinusoidal iterator

Implement generate::Square iterator

Implement generate::Triangle iterator

Implement generate::Sawtooth iterator

Deprecate generate::periodic and generate::periodic_custom

Deprecate generate::sinusoidal and generate::sinusoidal_custom

Note: A recent commit to the Rust nightly build causes compile errors when using empty slices with the Statistics trait, specifically the Statistics::min and Statistics::max methods. This only affects the case where the compiler must infer the type of the empty slice:

Commits

1a07238 release 0.13.0

6b2c726 fix: formatting, disable discrete test for nbinom for now

660eb9e feat: Add negative binomial distribution (#113)

72c767f fix: dirac docstring tests

e929775 feat: Added Dirac Distribution [Feature Request] (#111)

83aa6b5 maintenance: A stab at removing unsafes (#109)

7b20b39 feat: Implement Multivariate Normal Distribution with nalgebra (#100)

49a5209 format: run rustfmt

372ad4d update travis to install correct rustfmt component

2048dc4 release: 0.12.0

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update color-backtrace requirement from 0.1 to 0.4
Updates the requirements on color-backtrace to permit the latest version.

Changelog

Sourced from color-backtrace's changelog.

[v0.4.0] (2020-05-06)

Added

BacktracePrinter::format_trace_to_string

Ability to add custom frame filter callbacks

BacktracePrinter::add_frame_filter

BacktracePrinter::clear_frame_filters

default_frame_filter

Thanks to [@yaahc] for helping out with this!

Prefer RUST_LIB_BACKTRACE env var when determining the default verbosity to print non-panic backtraces

Also contributed by [@yaahc]

Changed

Rename Settings → BacktracePrinter

Move print_backtrace → BacktracePrinter::print_trace

Move print_panic_info → BacktracePrinter::print_panic_info

Move color_backtrace::failure::print_backtrace → BacktracePrinter::print_failure_trace

The majority of old APIs have deprecated shims that forward calls to their new place to ease porting

The out setting is no longer part of the BacktracePrinter and instead supplied as an argument to all functions that need it

The previous design forced Sync + Send + 'static constraints on any output stream since they are required when registering the panic handler, but are unnecessary when printing to strings

As a bonus, all format and print functions no longer require mutable access to the BacktracePrinter instance

[v0.3.0] (2019-11-12)

Added

Custom ColorScheme support

Forward backtrace-rs' gimli-symbolize feature, which is default enabled

This is done by adding default-features = false to the Cargo.toml dependency entry for color-backtrace

Disabling it reduces transitive dependencies from ~50 → ~10

However, you'll pay for it with inaccurate source info on macOS and Linux

Changed

Replace term crate for colorful term printing with termcolor

This crate is more actively maintained, has fewer deps and a better API

This made adding color scheme support very easy

Settings::dim_function_hash_part was replaced

Hash part color is now controlled via ColorScheme

Removed

Colorize, ColorizedStderrOutput, StreamOutput, PanicOutputStream

This functionality is now all provided by the termcolor crate

... (truncated)

Commits

013102a Semantic versions in since clause of deprecations

c23e924 Bump version to v0.4.0 & update changelog

3cdf151 Fix off-by-one in default frame filter

eb8ce74 Add support for RUST_LIB_BACKTRACE variable (#38)

d8660e9 Provide custom frame filtering options (#37)

c5f5e9c Switch CI to GitHub Actions

268b092 Rename PanicPrinter → BacktracePrinter

ccc2699 Update examples and changelog

f7afbc2 Port failure support & add backward compat shims

f31fd90 Refactor public interface

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update hex requirement from 0.3.2 to 0.4.2
Updates the requirements on hex to permit the latest version.

Commits

be0c32f fix: Bump to v0.4.2

4bc3e21 Fix compile error on older rustc versions

78359a8 Bump version (v0.4.1)

85fe726 README reworks and copyright dates update

83a0261 tests/serde: Fix test names

e8e2506 github-workflows: Improve GitHub Workflow tests.

3b8a77d Add serde support

b1d2318 Fix broken tests

764ee61 Fix Error::InvalidHexCharacter::to_string

f98cad4 Remove deprecated Error::description implementation

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update hex requirement from 0.3.2 to 0.4.1
Updates the requirements on hex to permit the latest version.

Commits

78359a8 Bump version (v0.4.1)

85fe726 README reworks and copyright dates update

83a0261 tests/serde: Fix test names

e8e2506 github-workflows: Improve GitHub Workflow tests.

3b8a77d Add serde support

b1d2318 Fix broken tests

764ee61 Fix Error::InvalidHexCharacter::to_string

f98cad4 Remove deprecated Error::description implementation

fff3af1 Improvements to tests

34fdc9a Minor improvements to the documentation (#31)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update rand requirement from 0.6.5 to 0.7.3
Updates the requirements on rand to permit the latest version.

Changelog

Sourced from rand's changelog.

[0.7.3] - 2020-01-10

Fixes

The Bernoulli distribution constructors now reports an error on NaN and on denominator == 0. (#925)

Use std::sync::Once to register fork handler, avoiding possible atomicity violation (#928)

Fix documentation on the precision of generated floating-point values

Changes

Unix: make libc dependency optional; only use fork protection with std feature (#928)

Additions

Implement std::error::Error for BernoulliError (#919)

[0.7.2] - 2019-09-16

Fixes

Fix dependency on rand_core 0.5.1 (#890)

Additions

Unit tests for value stability of distributions added (#888)

[0.7.1] - 2019-09-13

Yanked

This release was yanked since it depends on rand_core::OsRng added in 0.5.1 but specifies a dependency on version 0.5.0 (#890), causing a broken builds when updating from rand 0.7.0 without also updating rand_core.

Fixes

Fix no_std behaviour, appropriately enable c2-chacha's std feature (#844)

alloc feature in no_std is available since Rust 1.36 (#856)

Fix or squelch issues from Clippy lints (#840)

Additions

Add a no_std target to CI to continously evaluate no_std status (#844)

WeightedIndex: allow adjusting a sub-set of weights (#866)

[0.7.0] - 2019-06-28

Fixes

Fix incorrect pointer usages revealed by Miri testing (#780, #781)

Fix (tiny!) bias in Uniform for 8- and 16-bit ints (#809)

Crate

Bumped MSRV (min supported Rust version) to 1.32.0

Updated to Rust Edition 2018 (#823, #824)

Removed dependence on rand_xorshift, rand_isaac, rand_jitter crates (#759, #765)

Remove dependency on winapi (#724)

Removed all build.rs files (#824)

Removed code already deprecated in version 0.6 (#757)

Removed the serde1 feature (It's still available for backwards compatibility, but it does not do anything. #830)

Many documentation changes

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
Update rand requirement from 0.7.3 to 0.8.4
Updates the requirements on rand to permit the latest version.

Changelog

Sourced from rand's changelog.

[0.8.4] - 2021-06-15

Additions

Use const-generics to support arrays of all sizes (#1104)

Implement Clone and Copy for Alphanumeric (#1126)

Add Distribution::map to derive a distribution using a closure (#1129)

Add Slice distribution (#1107)

Add DistString trait with impls for Standard and Alphanumeric (#1133)

Other

Reorder asserts in Uniform float distributions for easier debugging of non-finite arguments (#1094, #1108)

Add range overflow check in Uniform float distributions (#1108)

Deprecate rngs::adapter::ReadRng (#1130)

[0.8.3] - 2021-01-25

Fixes

Fix no-std + alloc build by gating choose_multiple_weighted on std (#1088)

[0.8.2] - 2021-01-12

Fixes

Fix panic in UniformInt::sample_single_inclusive and Rng::gen_range when providing a full integer range (eg 0..=MAX) (#1087)

[0.8.1] - 2020-12-31

Other

Enable all stable features in the playground (#1081)

[0.8.0] - 2020-12-18

Platform support

The minimum supported Rust version is now 1.36 (#1011)

getrandom updated to v0.2 (#1041)

Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)

ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)

The nightly feature no longer implies the simd_support feature (#1048)

Fix simd_support feature to work on current nightlies (#1056)

Rngs

ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)

gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)

Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)

Restrict rand::rngs::adapter to std (#1027; see also #928)

StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)

StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)

SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

Sequences

... (truncated)

Commits

8792268 Merge pull request #1137 from rust-random/work2

1bfc53d Update changelogs and bump version numbers

4534311 Merge pull request #1133 from rust-random/work2

81f1af8 Correct usage of reserve

fa17d1c Add comment to append_string for Standard

b4c1d66 Add DistString

1947c89 Move Distribution trait and associates to sub-module

98a0339 Merge pull request #1135 from dhardy/work

a7f8fb7 Prepare rand_chacha v0.3.1 release

09d3df3 Merge pull request #1130 from dhardy/work

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
Update statrs requirement from 0.13.0 to 0.14.0
Updates the requirements on statrs to permit the latest version.

Changelog

Sourced from statrs's changelog.

v0.14.0

upgrade rand dependency to 0.8

fix inaccurate sampling of Gamma

Implemented Empirical distribution

Implemented Laplace distribution

Removed Checked* traits

Almost clippy-clean

Almost fully enabled rustfmt

Begin applying consistent numeric relative-accuracy targets with the approx crate

Introduce macro to generate testing boilerplate, yet not all tests use this yet

Moved to dynamic vectors in the MultivariateNormal distribution

Reduced a number of distribution-specific traits into the Distribution and DiscreteDistribution traits

v0.13.0

Implemented MultivariateNormal distribution (depends on nalgebra 0.19)

Implemented Dirac distribution

Implemented Negative Binomial distribution

v0.12.0

upgrade rand dependency to 0.7

v0.11.0

upgrade rand dependency to 0.6

Implement CheckedInverseCDF and InverseCDF for Normal distribution

v0.10.0

upgrade rand dependency to 0.5

Removes the Distribution trait in favor of the rand::distributions::Distribution trait

Removed functions deprecated in 0.8.0 (periodic, periodic_custom, sinusoidal, sinusoidal_custom)

v0.9.0

implemented infinite sequence generator for periodic sequence

implemented infinite sequence generator for sinusoidal sequence

implemented infinite sequence generator for square sequence

implemented infinite sequence generator for triangle sequence

implemented infinite sequence generator for sawtooth sequence

deprecate old non-infinite iterators in favor of new infinite iterators with take

Implemented Pareto distribution

Implemented Entropy trait for the Categorical distribution

Add a checked_ interface to all distribution methods and functions that may panic

v0.8.0

cdf(x), pdf(x) and pmf(x) now return the correct value instead of panicking when x is outside the range of values that the distribution can attain.

Fixed a bug in the Uniform distribution implementation where samples were drawn from range [min, max + 1) instead of [min, max]. The samples are now drawn correctly from the range [min, max].

Implement generate::log_spaced function

... (truncated)

Commits

763e293 Merge pull request #139 from vks/fix-doctests

0b59c4e fix: clippy warnings

9d6ca0e Update changelog

0a96239 Update changelog

a79b4b6 statistics: Fix doctests

8e51645 Merge pull request #132 from doraneko94/master

2fa0e88 fix: README.md to match current development

8f08cda Merge pull request #134 from vks/fixes-and-updates

dd64d20 Try to fix tests on stable Rust

4538ff7 Apply cargo fmt

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
Upgrade to GitHub-native Dependabot

Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then.

Dependabot has been fully integrated into GitHub, so you no longer have to install and manage a separate app. This pull request migrates your configuration from Dependabot.com to a config file, using the new syntax. When merged, we'll swap out dependabot-preview (me) for a new dependabot app, and you'll be all set!

With this change, you'll now use the Dependabot page in GitHub, rather than the Dependabot dashboard, to monitor your version updates, and you'll configure Dependabot through the new config file rather than a UI.

If you've got any questions or feedback for us, please let us know by creating an issue in the dependabot/dependabot-core repository.

Learn more about migrating to GitHub-native Dependabot

Please note that regular @dependabot commands do not work on this pull request.
dependencies

opened by dependabot-preview[bot] 0
Update color-backtrace requirement from 0.4.2 to 0.5.1
Updates the requirements on color-backtrace to permit the latest version.

Changelog

Sourced from color-backtrace's changelog.

[v0.5.1] (2021-04-25)

Add the ability to print module_name:offset, or address of frame

Contributed by [@s1341], thanks!

[v0.5.0] (2020-11-21)

Add __rust_begin_short_backtrace filter

Remove experimental failure support

[v0.4.2] (2020-05-19)

Added

Clone and Debug impls for BacktracePrinter

COLORBT_SHOW_HIDDEN env variable, disabling frame filtering

[v0.4.1] (2020-05-08)

Fixed

Use correct verbosity level for string formatting

Fix off-by-one in frame hiding code

Hides one additional post-panic frame

Slightly improved doc

[v0.4.0] (2020-05-06)

Added

BacktracePrinter::format_trace_to_string

Ability to add custom frame filter callbacks

BacktracePrinter::add_frame_filter

BacktracePrinter::clear_frame_filters

default_frame_filter

Thanks to [@yaahc] for helping out with this!

Prefer RUST_LIB_BACKTRACE env var when determining the default verbosity to print non-panic backtraces

Also contributed by [@yaahc]

Changed

Rename Settings → BacktracePrinter

Move print_backtrace → BacktracePrinter::print_trace

Move print_panic_info → BacktracePrinter::print_panic_info

Move color_backtrace::failure::print_backtrace → BacktracePrinter::print_failure_trace

The majority of old APIs have deprecated shims that forward calls to their new place to ease porting

The out setting is no longer part of the BacktracePrinter and instead supplied as an argument to all functions that need it

The previous design forced Sync + Send + 'static constraints on any output stream since they are required when registering

... (truncated)

Commits

f8dbec3 Update CHANGELOG, bump version

d25c611 Add the ability to print module_name:offset, or address of frame (#44)

dc53c08 Bump version to v0.5

a7240e7 Remove experimental failure support

c68832a Add badge for Apache license

390e22b Add __rust_begin_short_backtrace filter

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
Update rolling-stats requirement from 0.3.0 to 0.4.0
Updates the requirements on rolling-stats to permit the latest version.

Commits

8bb49c9 (cargo-release) version 0.4.0

0c1c23e implement display for stats object, add merge function

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
wasm error on `sidefuzz` execution
Hi, I' trying to sidefuzz the sha3 implementation of RustCrypto, but it gives the following error: Error: wasm error: Function: Module doesn't have export input_is_str Here is the code:

use sha3::{Digest, Sha3_512}; #[no_mangle] pub extern "C" fn fuzz() { let input = sidefuzz::fetch_input(80); sidefuzz::black_box(Sha3_512::default().chain(input).result()); }

Do you know what is going wrong?
opened by niluxv 3