Introduction

Welcome to the libmagic-rs developer guide! This documentation provides comprehensive information about the pure-Rust implementation of libmagic, the library that powers the file command for identifying file types.

What is libmagic-rs?

libmagic-rs is a clean-room implementation of the libmagic library, written entirely in Rust. It provides:

• Memory Safety: Pure Rust with no unsafe code (except vetted dependencies)
• Performance: Memory-mapped I/O for efficient file processing
• Compatibility: Support for standard magic file syntax and formats
• Modern Design: Extensible architecture for contemporary file formats
• Multiple Outputs: Both human-readable text and structured JSON formats

Project Status

🚀 Active Development - Core components are complete with ongoing feature additions.

What’s Complete

• ✅ Core AST Structures: Complete data model for magic rules with full serialization
• ✅ Magic File Parser: Full text magic file parsing with hierarchical structure, comments, continuations, and parse_text_magic_file() API
• ✅ Format Detection: Automatic detection of text files, directories (Magdir), and binary .mgc files with helpful error messages
• ✅ Rule Evaluation Engine: Complete hierarchical evaluation with offset resolution, type interpretation, comparison operators, and graceful error recovery
• ✅ Memory-Mapped I/O: FileBuffer implementation with memmap2 and comprehensive safety
• ✅ CLI Framework: Command-line interface with clap, multiple output formats, and magic file discovery
• ✅ Project Infrastructure: Build system, strict linting, and comprehensive testing
• ✅ Extensive Test Coverage: 650+ comprehensive tests covering all modules
• ✅ Memory Safety: Zero unsafe code with comprehensive bounds checking
• ✅ Error Handling: Structured error types with graceful degradation
• ✅ Code Quality: Strict clippy linting with zero-warnings policy

What’s In Progress

• 🔄 Indirect Offset Support: Complex offset indirection patterns (e.g., pointer dereferencing)
• 🔄 MIME Type Mapping: Standard MIME type detection and mapping
• 🔄 Strength Calculation: Rule priority scoring for match ordering

Next Milestones

• 📋 Binary .mgc Support: Compiled magic database format (Phase 2)
• 📋 Rule Caching: Pre-compiled magic database support
• 📋 Parallel Evaluation: Multi-file processing support
• 📋 Extended Type Support: Additional magic types (regex, date, etc.)

Why Rust?

The choice of Rust for this implementation provides several key advantages:

1. Memory Safety: Eliminates entire classes of security vulnerabilities
2. Performance: Zero-cost abstractions and efficient compiled code
3. Concurrency: Safe parallelism for processing multiple files
4. Ecosystem: Rich crate ecosystem for parsing, I/O, and serialization
5. Maintainability: Strong type system and excellent tooling

Architecture Overview

The library follows a clean parser-evaluator architecture:

flowchart LR
    MF[Magic File] --> P[Parser]
    P --> AST[AST]
    AST --> E[Evaluator]
    TF[Target File] --> FB[File Buffer]
    FB --> E
    E --> R[Results]
    R --> F[Formatter]

    style MF fill:#e3f2fd
    style TF fill:#e3f2fd
    style F fill:#c8e6c9

This separation allows for:

• Independent testing of each component
• Flexible output formatting
• Efficient rule caching and optimization
• Clear error handling and debugging

How to Use This Guide

This documentation is organized into five main parts:

• Part I: User Guide - Getting started, CLI usage, and basic library integration
• Part II: Architecture & Implementation - Deep dive into the codebase structure and components
• Part III: Advanced Topics - Magic file formats, testing, and performance optimization
• Part IV: Integration & Migration - Moving from libmagic and troubleshooting
• Part V: Development & Contributing - Contributing guidelines and development setup

The appendices provide quick reference materials for commands, examples, and compatibility information.

Getting Help

• Documentation: This comprehensive guide covers all aspects of the library
• API Reference: Generated rustdoc for detailed API information (Appendix A)
• Command Reference: Complete CLI documentation (Appendix B)
• Examples: Magic file examples and patterns (Appendix C)
• Issues: GitHub Issues for bugs and feature requests
• Discussions: GitHub Discussions for questions and ideas

Contributing

We welcome contributions! See the CONTRIBUTING.md file in the repository root and the Development Setup guide for information on how to get started.

License

This project is licensed under the Apache License 2.0. See the LICENSE file for details.

Acknowledgments

This project is inspired by and respects the original libmagic implementation by Ian Darwin and the current maintainers led by Christos Zoulas. We aim to provide a modern, safe alternative while maintaining compatibility with the established magic file format.

Getting Started

This guide will help you get up and running with libmagic-rs, whether you want to use it as a CLI tool or integrate it into your Rust applications.

Installation

Prerequisites

• Rust 1.85+ (2024 edition)
• Git for cloning the repository
• Cargo (comes with Rust)

From Source

Currently, libmagic-rs is only available from source as it’s in early development:

# Clone the repository
git clone https://github.com/EvilBit-Labs/libmagic-rs.git
cd libmagic-rs

# Build the project
cargo build --release

# Run tests to verify installation
cargo test

The compiled binary will be available at target/release/rmagic.

Development Build

For development or testing the latest features:

# Clone and build in debug mode
git clone https://github.com/EvilBit-Labs/libmagic-rs.git
cd libmagic-rs
cargo build

# The debug binary is at target/debug/rmagic

Quick Start

CLI Usage

# Basic file identification
./target/release/rmagic example.bin

# JSON output format
./target/release/rmagic example.bin --json

# Help and options
./target/release/rmagic --help

Current Output:

$ ./target/release/rmagic README.md
README.md: data

Library Usage

Add libmagic-rs to your Cargo.toml:

[dependencies]
libmagic-rs = { git = "https://github.com/EvilBit-Labs/libmagic-rs.git" }

Basic usage example:

use libmagic_rs::{EvaluationConfig, LibmagicError, MagicDatabase};

fn main() -> Result<(), LibmagicError> {
    // Load magic rules from a magic file or directory
    let db = MagicDatabase::load_from_file("magic.db")?;

    // Evaluate a file against the loaded rules
    let result = db.evaluate_file("example.bin")?;

    println!("File type: {}", result.description);
    println!("Confidence: {}", result.confidence);

    if let Some(mime_type) = result.mime_type {
        println!("MIME type: {}", mime_type);
    }

    Ok(())
}

Project Structure

Understanding the project layout will help you navigate the codebase:

libmagic-rs/
├── Cargo.toml              # Project configuration
├── CONTRIBUTING.md         # Contribution guidelines
├── src/
│   ├── lib.rs              # Library API with EvaluationConfig
│   ├── main.rs             # CLI implementation (basic)
│   ├── error.rs            # Error types (ParseError, EvaluationError, etc.)
│   ├── parser/
│   │   ├── mod.rs          # Magic file parser ✅ Complete
│   │   ├── ast.rs          # AST data structures ✅ Complete
│   │   └── grammar.rs      # nom-based parsing combinators ✅ Complete
│   ├── evaluator/
│   │   ├── mod.rs          # Evaluation engine ✅ Complete
│   │   ├── offset.rs       # Offset resolution ✅ Complete
│   │   ├── operators.rs    # Comparison operators ✅ Complete
│   │   └── types.rs        # Type interpretation ✅ Complete
│   ├── output/
│   │   └── mod.rs          # Output formatting
│   └── io/
│       └── mod.rs          # Memory-mapped I/O ✅ Complete
├── tests/                  # Integration tests
├── third_party/            # Canonical libmagic tests and magic files
└── docs/                   # This documentation

Development Setup

If you want to contribute or modify the library:

1. Clone and Setup

git clone https://github.com/EvilBit-Labs/libmagic-rs.git
cd libmagic-rs

# Install development dependencies
cargo install cargo-nextest  # Faster test runner
cargo install cargo-watch    # Auto-rebuild on changes

2. Development Workflow

# Check code without building
cargo check

# Run tests (fast)
cargo nextest run

# Run tests with coverage
cargo test

# Format code
cargo fmt

# Lint code (strict mode)
cargo clippy -- -D warnings

# Build documentation
cargo doc --open

3. Continuous Development

# Auto-rebuild and test on file changes
cargo watch -x check -x test

# Auto-run specific tests
cargo watch -x "test ast_structures"

Current Capabilities

What Works Now

• ✅ AST Data Structures: Complete implementation with full serialization
• ✅ Magic File Parser: nom-based parser for magic file DSL with hierarchical rules
• ✅ Rule Evaluator: Engine for executing rules against files with graceful error handling
• ✅ Memory-Mapped I/O: Efficient file access with comprehensive bounds checking
• ✅ CLI Framework: Basic argument parsing and structure
• ✅ Build System: Cargo configuration with strict linting
• ✅ Testing: Comprehensive unit tests for all modules
• ✅ Documentation: This guide, API documentation, and architecture docs

What’s Coming Soon

• 🔄 Indirect Offsets: Support for offset indirection in magic rules
• 🔄 Output Formatters: Text and JSON result formatting
• 🔄 MIME Type Mapping: Automatic MIME type detection
• 🔄 Rule Caching: Pre-compiled rule database support

Example Magic Rules

You can parse magic rules from text or work with AST structures directly:

Parsing Magic Files

#![allow(unused)]
fn main() {
use libmagic_rs::parser::parse_text_magic_file;

// Parse a simple magic file
let magic_content = r#"
ELF file format
0 string \x7fELF ELF executable
>4 byte 1 32-bit
>4 byte 2 64-bit
"#;

let rules = parse_text_magic_file(magic_content)?;
assert_eq!(rules.len(), 1);
assert_eq!(rules[0].children.len(), 2);
}

Working with AST Directly

#![allow(unused)]
fn main() {
use libmagic_rs::parser::ast::*;

// Create a simple ELF detection rule
let elf_rule = MagicRule {
    offset: OffsetSpec::Absolute(0),
    typ: TypeKind::Byte,
    op: Operator::Equal,
    value: Value::Uint(0x7f), // First byte of ELF magic
    message: "ELF executable".to_string(),
    children: vec![],
    level: 0,
};

// Serialize to JSON for inspection
let json = serde_json::to_string_pretty(&elf_rule)?;
println!("{}", json);
}

Evaluating Rules

#![allow(unused)]
fn main() {
use libmagic_rs::evaluator::{evaluate_rules_with_config, EvaluationContext};
use libmagic_rs::parser::ast::*;
use libmagic_rs::EvaluationConfig;

// Create a rule to detect ELF files
let rule = MagicRule {
    offset: OffsetSpec::Absolute(0),
    typ: TypeKind::Byte,
    op: Operator::Equal,
    value: Value::Uint(0x7f),
    message: "ELF magic".to_string(),
    children: vec![],
    level: 0,
};

// Evaluate against a buffer
let buffer = &[0x7f, 0x45, 0x4c, 0x46]; // ELF magic bytes
let config = EvaluationConfig::default();
let matches = evaluate_rules_with_config(&[rule], buffer, config)?;

assert_eq!(matches.len(), 1);
assert_eq!(matches[0].message, "ELF magic");
}

Testing Your Setup

Verify everything is working correctly:

# Run all tests
cargo test

# Run specific AST tests
cargo test ast_structures

# Check code quality
cargo clippy -- -D warnings

# Verify documentation builds
cargo doc

# Test CLI
cargo run -- README.md

Next Steps

1. Explore the AST: Check out AST Data Structures to understand the core types
2. Read the Architecture: See Architecture Overview for the big picture
3. Follow Development: Watch the GitHub repository for updates
4. Contribute: See Development Setup for contribution guidelines

Getting Help

• Documentation: This guide covers all current functionality
• API Reference: Run cargo doc --open for detailed API docs
• Issues: Report bugs or request features
• Discussions: Ask questions or share ideas

The project is in active development, so check back regularly for new features and capabilities!

CLI Usage

Note

The CLI is currently in early development with placeholder functionality. This documentation describes the planned interface.

The rmagic command-line tool provides a drop-in replacement for the GNU file command, with additional features for modern workflows.

Basic Usage

# Identify a single file
rmagic file.bin

# Identify multiple files
rmagic file1.bin file2.exe file3.pdf

# Get help
rmagic --help

Output Formats

Text Output (Default)

rmagic example.bin
# Output: example.bin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV)

JSON Output

rmagic example.bin --json

{
  "filename": "example.bin",
  "description": "ELF 64-bit LSB executable, x86-64, version 1 (SYSV)",
  "mime_type": "application/x-executable",
  "confidence": 0.95
}

Command-Line Options

Input Options

• FILE... - Files to analyze (required)
• --magic-file FILE - Use custom magic file database

Output Options

• --text - Text output format (default)
• --json - JSON output format
• --mime - Output MIME type only

Behavior Options

• --brief - Don’t prepend filenames to output lines
• --no-buffer - Don’t buffer output (useful for pipes)

Examples

Coming soon with full implementation.

Exit Codes

• 0 - Success
• 1 - Error processing files
• 2 - Invalid command-line arguments

Library API

Note

The library API is currently in early development with placeholder functionality. This documentation describes the planned interface.

The libmagic-rs library provides a safe, efficient API for file type identification in Rust applications.

Core Types

MagicDatabase

The main interface for loading and using magic rules:

#![allow(unused)]
fn main() {
pub struct MagicDatabase {
    // Internal implementation
}

impl MagicDatabase {
    pub fn load_from_file<P: AsRef<Path>>(path: P) -> Result<Self>;
    pub fn evaluate_file<P: AsRef<Path>>(&self, path: P) -> Result<EvaluationResult>;
}
}

EvaluationResult

Contains the results of file type identification:

#![allow(unused)]
fn main() {
pub struct EvaluationResult {
    pub description: String,
    pub mime_type: Option<String>,
    pub confidence: f64,
}
}

EvaluationConfig

Configuration options for rule evaluation:

#![allow(unused)]
fn main() {
pub struct EvaluationConfig {
    pub max_recursion_depth: u32,
    pub max_string_length: usize,
    pub stop_at_first_match: bool,
}
}

Basic Usage

#![allow(unused)]
fn main() {
use libmagic_rs::{MagicDatabase, EvaluationConfig};

// Load magic database
let db = MagicDatabase::load_from_file("magic.db")?;

// Evaluate a file
let result = db.evaluate_file("example.bin")?;

println!("File type: {}", result.description);
if let Some(mime) = result.mime_type {
    println!("MIME type: {}", mime);
}
}

Error Handling

All operations return Result types with descriptive errors:

#![allow(unused)]
fn main() {
use libmagic_rs::LibmagicError;

match db.evaluate_file("missing.bin") {
    Ok(result) => println!("Type: {}", result.description),
    Err(LibmagicError::IoError(e)) => eprintln!("File error: {}", e),
    Err(LibmagicError::EvaluationError(e)) => eprintln!("Evaluation error: {}", e),
    Err(e) => eprintln!("Other error: {}", e),
}
}

Advanced Usage

Coming soon with full implementation.

Configuration

Note

Configuration options are planned for future releases. This documentation describes the intended configuration system.

libmagic-rs provides flexible configuration options for customizing behavior, performance, and output formatting.

EvaluationConfig

The main configuration structure for rule evaluation:

#![allow(unused)]
fn main() {
pub struct EvaluationConfig {
    /// Maximum recursion depth for nested rules
    pub max_recursion_depth: u32,

    /// Maximum string length to read
    pub max_string_length: usize,

    /// Stop at first match or continue for all matches
    pub stop_at_first_match: bool,
}

impl Default for EvaluationConfig {
    fn default() -> Self {
        Self {
            max_recursion_depth: 20,
            max_string_length: 8192,
            stop_at_first_match: true,
        }
    }
}
}

Usage Examples

Basic Configuration

#![allow(unused)]
fn main() {
use libmagic_rs::{MagicDatabase, EvaluationConfig};

let config = EvaluationConfig {
    max_recursion_depth: 10,
    max_string_length: 1024,
    stop_at_first_match: true,
};

let db = MagicDatabase::load_from_file("magic.db")?;
let result = db.evaluate_file_with_config("example.bin", &config)?;
}

Performance-Optimized Configuration

#![allow(unused)]
fn main() {
// Fast evaluation for large-scale processing
let fast_config = EvaluationConfig {
    max_recursion_depth: 5,      // Shallow nesting
    max_string_length: 256,      // Short strings only
    stop_at_first_match: true,   // Exit early
};
}

Comprehensive Analysis Configuration

#![allow(unused)]
fn main() {
// Thorough analysis for detailed results
let thorough_config = EvaluationConfig {
    max_recursion_depth: 50,     // Deep nesting allowed
    max_string_length: 16384,    // Long strings
    stop_at_first_match: false,  // Find all matches
};
}

Configuration Sources (Planned)

Environment Variables

export LIBMAGIC_RS_MAX_RECURSION=15
export LIBMAGIC_RS_MAX_STRING_LENGTH=4096
export LIBMAGIC_RS_STOP_AT_FIRST_MATCH=true

Configuration Files

TOML configuration file support:

# ~/.config/libmagic-rs/config.toml
[evaluation]
max_recursion_depth = 25
max_string_length = 8192
stop_at_first_match = true

[performance]
enable_caching = true
cache_size_mb = 64

[output]
default_format = "text"
include_confidence = false

Builder Pattern

#![allow(unused)]
fn main() {
let config = EvaluationConfig::builder()
    .max_recursion_depth(15)
    .max_string_length(2048)
    .stop_at_first_match(false)
    .build();
}

Advanced Configuration (Planned)

Cache Configuration

#![allow(unused)]
fn main() {
pub struct CacheConfig {
    pub enable_rule_caching: bool,
    pub enable_result_caching: bool,
    pub max_cache_size_mb: usize,
    pub cache_ttl_seconds: u64,
}
}

Output Configuration

#![allow(unused)]
fn main() {
pub struct OutputConfig {
    pub format: OutputFormat,
    pub include_confidence: bool,
    pub include_mime_type: bool,
    pub include_metadata: bool,
}

pub enum OutputFormat {
    Text,
    Json,
    Yaml,
}
}

Security Configuration

#![allow(unused)]
fn main() {
pub struct SecurityConfig {
    pub max_file_size_mb: usize,
    pub allow_indirect_offsets: bool,
    pub max_evaluation_time_ms: u64,
}
}

Configuration Validation

#![allow(unused)]
fn main() {
impl EvaluationConfig {
    pub fn validate(&self) -> Result<(), ConfigError> {
        if self.max_recursion_depth == 0 {
            return Err(ConfigError::InvalidValue(
                "max_recursion_depth must be greater than 0".to_string(),
            ));
        }

        if self.max_string_length > 1_000_000 {
            return Err(ConfigError::InvalidValue(
                "max_string_length too large (max 1MB)".to_string(),
            ));
        }

        Ok(())
    }
}
}

Configuration Precedence (Planned)

1. Explicit parameters: Direct function arguments
2. Environment variables: Runtime environment settings
3. Configuration files: User and system config files
4. Default values: Built-in defaults

Best Practices

Performance Tuning

#![allow(unused)]
fn main() {
// For high-throughput scenarios
let performance_config = EvaluationConfig {
    max_recursion_depth: 5,
    max_string_length: 512,
    stop_at_first_match: true,
};

// For detailed analysis
let analysis_config = EvaluationConfig {
    max_recursion_depth: 30,
    max_string_length: 8192,
    stop_at_first_match: false,
};
}

Security Considerations

#![allow(unused)]
fn main() {
// For untrusted files
let secure_config = EvaluationConfig {
    max_recursion_depth: 10,     // Prevent deep recursion attacks
    max_string_length: 1024,     // Limit memory usage
    stop_at_first_match: true,   // Minimize processing time
};
}

Memory Management

#![allow(unused)]
fn main() {
// For memory-constrained environments
let minimal_config = EvaluationConfig {
    max_recursion_depth: 3,
    max_string_length: 256,
    stop_at_first_match: true,
};
}

This configuration system provides flexibility while maintaining safe defaults and preventing resource exhaustion attacks.

Architecture Overview

The libmagic-rs library is designed around a clean separation of concerns, following a parser-evaluator architecture that promotes maintainability, testability, and performance.

High-Level Architecture

flowchart LR
    subgraph Input
        MF[Magic File]
        TF[Target File]
    end

    subgraph Processing
        P[Parser]
        AST[AST]
        FB[File Buffer]
        E[Evaluator]
    end

    subgraph Output
        R[Results]
        F[Formatter]
        O[Output]
    end

    MF --> P --> AST --> E
    TF --> FB --> E
    E --> R --> F --> O

    style MF fill:#e1f5fe
    style TF fill:#e1f5fe
    style P fill:#fff3e0
    style AST fill:#fff3e0
    style FB fill:#fff3e0
    style E fill:#fff3e0
    style R fill:#e8f5e9
    style F fill:#e8f5e9
    style O fill:#e8f5e9

Core Components

1. Parser Module (src/parser/)

The parser is responsible for converting magic files (text-based DSL) into an Abstract Syntax Tree (AST).

Key Files:

• ast.rs: Core data structures representing magic rules (✅ Complete)
• grammar.rs: nom-based parsing components for magic file syntax (✅ Complete)
• mod.rs: Parser interface, format detection, and hierarchical rule building (✅ Complete)

Responsibilities:

• Parse magic file syntax into structured data (✅ Complete)
• Handle hierarchical rule relationships (✅ Complete)
• Validate syntax and report meaningful errors (✅ Complete)
• Detect file format (text, directory, binary) (✅ Complete)
• Support incremental parsing for large magic databases (📋 Planned)

Current Implementation Status:

• ✅ Number parsing: Decimal and hexadecimal with overflow protection
• ✅ Offset parsing: Absolute offsets with comprehensive validation
• ✅ Operator parsing: Equality, inequality, and bitwise AND operators
• ✅ Value parsing: Strings, numbers, and hex byte sequences with escape sequences
• ✅ Error handling: Comprehensive nom error handling with meaningful messages
• ✅ Rule parsing: Complete rule parsing via parse_magic_rule()
• ✅ File parsing: Complete magic file parsing with parse_text_magic_file()
• ✅ Hierarchy building: Parent-child relationships via build_rule_hierarchy()
• ✅ Format detection: Text, directory, and binary format detection
• 📋 Indirect offsets: Pointer dereferencing patterns

2. AST Data Structures (src/parser/ast.rs)

The AST provides a complete representation of magic rules in memory.

Core Types:

#![allow(unused)]
fn main() {
pub struct MagicRule {
    pub offset: OffsetSpec,       // Where to read data
    pub typ: TypeKind,            // How to interpret bytes
    pub op: Operator,             // Comparison operation
    pub value: Value,             // Expected value
    pub message: String,          // Human-readable description
    pub children: Vec<MagicRule>, // Nested rules
    pub level: u32,               // Indentation level
}
}

Design Principles:

• Immutable by default: Rules don’t change after parsing
• Serializable: Full serde support for caching
• Self-contained: No external dependencies in AST nodes
• Type-safe: Rust’s type system prevents invalid rule combinations

3. Evaluator Module (src/evaluator/)

The evaluator executes magic rules against file buffers to identify file types. (✅ Complete)

Structure:

• mod.rs: Main evaluation engine with EvaluationContext and MatchResult
• offset.rs: Offset resolution (absolute, relative, from-end)
• types.rs: Type interpretation with endianness handling
• operators.rs: Comparison and bitwise operations

Implemented Features:

• ✅ Hierarchical Evaluation: Parent rules must match before children
• ✅ Lazy Evaluation: Only process rules when necessary
• ✅ Bounds Checking: Safe buffer access with overflow protection
• ✅ Context Preservation: Maintain state across rule evaluations
• ✅ Graceful Degradation: Skip problematic rules, continue evaluation
• ✅ Timeout Protection: Configurable time limits
• ✅ Recursion Limiting: Prevent stack overflow from deep nesting
• 📋 Indirect Offsets: Pointer dereferencing (planned)

4. I/O Module (src/io/)

Provides efficient file access through memory-mapped I/O. (✅ Complete)

Implemented Features:

• FileBuffer: Memory-mapped file buffers using memmap2
• Safe buffer access: Comprehensive bounds checking with safe_read_bytes and safe_read_byte
• Error handling: Structured IoError types for all failure scenarios
• Resource management: RAII patterns with automatic cleanup
• File validation: Size limits, empty file detection, and metadata validation
• Overflow protection: Safe arithmetic in all buffer operations

Key Components:

#![allow(unused)]
fn main() {
pub struct FileBuffer {
    mmap: Mmap,
    path: PathBuf,
}

pub fn safe_read_bytes(buffer: &[u8], offset: usize, length: usize) -> Result<&[u8], IoError>
pub fn safe_read_byte(buffer: &[u8], offset: usize) -> Result<u8, IoError>
pub fn validate_buffer_access(buffer_size: usize, offset: usize, length: usize) -> Result<(), IoError>
}

5. Output Module (src/output/)

Formats evaluation results into different output formats.

Planned Formatters:

• text.rs: Human-readable output (GNU file compatible)
• json.rs: Structured JSON output with metadata
• mod.rs: Format selection and coordination

Data Flow

1. Magic File Loading

flowchart LR
    A[Magic File\ntext] --> B[Parser]
    B --> C[AST]
    C --> D[Validation]
    D --> E[Cached Rules]

    style A fill:#e3f2fd
    style E fill:#c8e6c9

1. Parsing: Convert text DSL to structured AST
2. Validation: Check rule consistency and dependencies
3. Optimization: Reorder rules for evaluation efficiency
4. Caching: Serialize compiled rules for reuse

2. File Evaluation

flowchart LR
    A[Target File] --> B[Memory Map]
    B --> C[Buffer]
    C --> D[Rule Evaluation]
    D --> E[Results]
    E --> F[Formatting]

    style A fill:#e3f2fd
    style F fill:#c8e6c9

1. File Access: Create memory-mapped buffer
2. Rule Matching: Execute rules hierarchically
3. Result Collection: Gather matches and metadata
4. Output Generation: Format results as text or JSON

Design Patterns

Parser-Evaluator Separation

The clear separation between parsing and evaluation provides:

• Independent Testing: Each component can be tested in isolation
• Performance Optimization: Rules can be pre-compiled and cached
• Flexible Input: Support for different magic file formats
• Error Isolation: Parse errors vs. evaluation errors are distinct

Hierarchical Rule Processing

Magic rules form a tree structure where:

• Parent rules define broad file type categories
• Child rules provide specific details and variants
• Evaluation stops when a definitive match is found
• Context flows from parent to child evaluations

flowchart TD
    R[Root Rule<br/>e.g., "0 string PK"]
    R -->|match| C1[Child Rule 1<br/>e.g., ">4 byte 0x14"]
    R -->|match| C2[Child Rule 2<br/>e.g., ">4 byte 0x06"]
    C1 -->|match| G1[Grandchild<br/>ZIP archive v2.0]
    C2 -->|match| G2[Grandchild<br/>ZIP archive v1.0]

    style R fill:#e3f2fd
    style C1 fill:#fff3e0
    style C2 fill:#fff3e0
    style G1 fill:#c8e6c9
    style G2 fill:#c8e6c9

Memory-Safe Buffer Access

All buffer operations use safe Rust patterns:

#![allow(unused)]
fn main() {
// Safe buffer access with bounds checking
fn read_bytes(buffer: &[u8], offset: usize, length: usize) -> Option<&[u8]> {
    buffer.get(offset..offset.saturating_add(length))
}
}

Error Handling Strategy

The library uses Result types with nested error enums throughout:

#![allow(unused)]
fn main() {
pub type Result<T> = std::result::Result<T, LibmagicError>;

#[derive(Debug, thiserror::Error)]
pub enum LibmagicError {
    #[error("Parse error: {0}")]
    ParseError(#[from] ParseError),

    #[error("Evaluation error: {0}")]
    EvaluationError(#[from] EvaluationError),

    #[error("I/O error: {0}")]
    IoError(#[from] std::io::Error),

    #[error("Evaluation timeout exceeded after {timeout_ms}ms")]
    Timeout { timeout_ms: u64 },
}

#[derive(Debug, thiserror::Error)]
pub enum ParseError {
    #[error("Invalid syntax at line {line}: {message}")]
    InvalidSyntax { line: usize, message: String },

    #[error("Unsupported format at line {line}: {format_type}")]
    UnsupportedFormat { line: usize, format_type: String, message: String },
    // ... additional variants
}

#[derive(Debug, thiserror::Error)]
pub enum EvaluationError {
    #[error("Buffer overrun at offset {offset}")]
    BufferOverrun { offset: usize },

    #[error("Recursion limit exceeded (depth: {depth})")]
    RecursionLimitExceeded { depth: u32 },
    // ... additional variants
}
}

Performance Considerations

Memory Efficiency

• Zero-copy operations where possible
• Memory-mapped I/O to avoid loading entire files
• Lazy evaluation to skip unnecessary work
• Rule caching to avoid re-parsing magic files

Computational Efficiency

• Early termination when definitive matches are found
• Optimized rule ordering based on match probability
• Efficient string matching using algorithms like Aho-Corasick
• Minimal allocations in hot paths

Scalability

• Parallel evaluation for multiple files (future)
• Streaming support for large files (future)
• Incremental parsing for large magic databases
• Resource limits to prevent runaway evaluations

Module Dependencies

flowchart TD
    L[lib.rs<br/>Public API and coordination]
    L --> P[parser/<br/>Magic file parsing]
    L --> E[evaluator/<br/>Rule evaluation engine]
    L --> O[output/<br/>Result formatting]
    L --> I[io/<br/>File I/O utilities]
    L --> ER[error.rs<br/>Error types]

    P --> ER
    E --> P
    E --> I
    E --> ER
    O --> ER

    style L fill:#e8eaf6
    style P fill:#fff8e1
    style E fill:#fff8e1
    style O fill:#fff8e1
    style I fill:#e8f5e9
    style ER fill:#ffebee

Dependency Rules:

• No circular dependencies between modules
• Clear interfaces with well-defined responsibilities
• Minimal coupling between components
• Testable boundaries for each module

This architecture ensures the library is maintainable, performant, and extensible while providing a clean API for both CLI and library usage.

AST Data Structures

The Abstract Syntax Tree (AST) is the core representation of magic rules in libmagic-rs. This chapter provides detailed documentation of the fully implemented AST data structures with comprehensive test coverage (29 unit tests) and their usage patterns.

Overview

The AST consists of several key types that work together to represent magic rules:

• MagicRule: The main rule structure containing all components
• OffsetSpec: Specifies where to read data in files
• TypeKind: Defines how to interpret bytes
• Operator: Comparison and bitwise operations
• Value: Expected values for matching
• Endianness: Byte order specifications

MagicRule Structure

The MagicRule struct is the primary AST node representing a complete magic rule:

#![allow(unused)]
fn main() {
pub struct MagicRule {
    pub offset: OffsetSpec,       // Where to read data
    pub typ: TypeKind,            // How to interpret bytes
    pub op: Operator,             // Comparison operation
    pub value: Value,             // Expected value
    pub message: String,          // Human-readable description
    pub children: Vec<MagicRule>, // Nested rules
    pub level: u32,               // Indentation level
}
}

Example Usage

#![allow(unused)]
fn main() {
use libmagic_rs::parser::ast::*;

// ELF magic number rule
let elf_rule = MagicRule {
    offset: OffsetSpec::Absolute(0),
    typ: TypeKind::Long {
        endian: Endianness::Little,
        signed: false
    },
    op: Operator::Equal,
    value: Value::Bytes(vec![0x7f, 0x45, 0x4c, 0x46]), // "\x7fELF"
    message: "ELF executable".to_string(),
    children: vec![],
    level: 0,
};
}

Hierarchical Rules

Magic rules can contain child rules that are evaluated when the parent matches:

#![allow(unused)]
fn main() {
let parent_rule = MagicRule {
    offset: OffsetSpec::Absolute(0),
    typ: TypeKind::Byte,
    op: Operator::Equal,
    value: Value::Uint(0x7f),
    message: "ELF".to_string(),
    children: vec![
        MagicRule {
            offset: OffsetSpec::Absolute(4),
            typ: TypeKind::Byte,
            op: Operator::Equal,
            value: Value::Uint(1),
            message: "32-bit".to_string(),
            children: vec![],
            level: 1,
        },
        MagicRule {
            offset: OffsetSpec::Absolute(4),
            typ: TypeKind::Byte,
            op: Operator::Equal,
            value: Value::Uint(2),
            message: "64-bit".to_string(),
            children: vec![],
            level: 1,
        },
    ],
    level: 0,
};
}

OffsetSpec Variants

The OffsetSpec enum defines where to read data within a file:

Absolute Offsets

#![allow(unused)]
fn main() {
pub enum OffsetSpec {
    /// Absolute offset from file start
    Absolute(i64),
    // ... other variants
}
}

Examples:

#![allow(unused)]
fn main() {
// Read at byte 0 (file start)
let start = OffsetSpec::Absolute(0);

// Read at byte 16
let offset_16 = OffsetSpec::Absolute(16);

// Read 4 bytes before current position (negative offset)
let relative_back = OffsetSpec::Absolute(-4);
}

Indirect Offsets

Indirect offsets read a pointer value and use it as the actual offset:

#![allow(unused)]
fn main() {
Indirect {
    base_offset: i64,        // Where to read the pointer
    pointer_type: TypeKind,  // How to interpret the pointer
    adjustment: i64,         // Value to add to pointer
    endian: Endianness,      // Byte order for pointer
}
}

Example:

#![allow(unused)]
fn main() {
// Read a 32-bit little-endian pointer at offset 0x20,
// then read data at (pointer_value + 4)
let indirect = OffsetSpec::Indirect {
    base_offset: 0x20,
    pointer_type: TypeKind::Long {
        endian: Endianness::Little,
        signed: false
    },
    adjustment: 4,
    endian: Endianness::Little,
};
}

Relative and FromEnd Offsets

#![allow(unused)]
fn main() {
// Relative to previous match position
Relative(i64),

// Relative to end of file
FromEnd(i64),
}

Examples:

#![allow(unused)]
fn main() {
// 8 bytes after previous match
let relative = OffsetSpec::Relative(8);

// 16 bytes before end of file
let from_end = OffsetSpec::FromEnd(-16);
}

TypeKind Variants

The TypeKind enum specifies how to interpret bytes at the given offset:

Numeric Types

#![allow(unused)]
fn main() {
pub enum TypeKind {
    /// Single byte (8-bit)
    Byte,

    /// 16-bit integer
    Short { endian: Endianness, signed: bool },

    /// 32-bit integer
    Long { endian: Endianness, signed: bool },

    /// String data
    String { max_length: Option<usize> },
}
}

Examples:

#![allow(unused)]
fn main() {
// Single byte
let byte_type = TypeKind::Byte;

// 16-bit little-endian unsigned integer
let short_le = TypeKind::Short {
    endian: Endianness::Little,
    signed: false
};

// 32-bit big-endian signed integer
let long_be = TypeKind::Long {
    endian: Endianness::Big,
    signed: true
};

// Null-terminated string, max 256 bytes
let string_type = TypeKind::String {
    max_length: Some(256)
};
}

Endianness Options

#![allow(unused)]
fn main() {
pub enum Endianness {
    Little, // Little-endian (x86, ARM in little mode)
    Big,    // Big-endian (network byte order, PowerPC)
    Native, // Host system byte order
}
}

Operator Types

The Operator enum defines comparison operations:

#![allow(unused)]
fn main() {
pub enum Operator {
    Equal,      // ==
    NotEqual,   // !=
    BitwiseAnd, // & (bitwise AND for pattern matching)
}
}

Usage Examples:

#![allow(unused)]
fn main() {
// Exact match
let equal_op = Operator::Equal;

// Not equal
let not_equal_op = Operator::NotEqual;

// Bitwise AND (useful for flag checking)
let bitwise_op = Operator::BitwiseAnd;
}

Value Types

The Value enum represents expected values for comparison:

#![allow(unused)]
fn main() {
pub enum Value {
    Uint(u64),      // Unsigned integer
    Int(i64),       // Signed integer
    Bytes(Vec<u8>), // Byte sequence
    String(String), // String value
}
}

Examples:

#![allow(unused)]
fn main() {
// Unsigned integer value
let uint_val = Value::Uint(0x464c457f);

// Signed integer value
let int_val = Value::Int(-1);

// Byte sequence (magic numbers)
let bytes_val = Value::Bytes(vec![0x50, 0x4b, 0x03, 0x04]); // ZIP signature

// String value
let string_val = Value::String("#!/bin/sh".to_string());
}

Serialization Support

All AST types implement Serialize and Deserialize for caching and interchange with comprehensive test coverage:

#![allow(unused)]
fn main() {
use serde_json;

// Serialize a rule to JSON (fully tested)
let rule = MagicRule { /* ... */ };
let json = serde_json::to_string(&rule)?;

// Deserialize from JSON (fully tested)
let rule: MagicRule = serde_json::from_str(&json)?;

// All edge cases are tested including:
// - Empty collections (Vec::new(), String::new())
// - Extreme values (u64::MAX, i64::MIN, i64::MAX)
// - Complex nested structures with multiple levels
// - All enum variants and their serialization round-trips
}

Implementation Status:

• ✅ Complete serialization for all AST types
• ✅ Comprehensive testing with edge cases and boundary values
• ✅ JSON compatibility for rule caching and interchange
• ✅ Round-trip validation ensuring data integrity

Common Patterns

ELF File Detection

#![allow(unused)]
fn main() {
let elf_rules = vec![
    MagicRule {
        offset: OffsetSpec::Absolute(0),
        typ: TypeKind::Long { endian: Endianness::Little, signed: false },
        op: Operator::Equal,
        value: Value::Bytes(vec![0x7f, 0x45, 0x4c, 0x46]),
        message: "ELF".to_string(),
        children: vec![
            MagicRule {
                offset: OffsetSpec::Absolute(4),
                typ: TypeKind::Byte,
                op: Operator::Equal,
                value: Value::Uint(1),
                message: "32-bit".to_string(),
                children: vec![],
                level: 1,
            },
            MagicRule {
                offset: OffsetSpec::Absolute(4),
                typ: TypeKind::Byte,
                op: Operator::Equal,
                value: Value::Uint(2),
                message: "64-bit".to_string(),
                children: vec![],
                level: 1,
            },
        ],
        level: 0,
    }
];
}

ZIP Archive Detection

#![allow(unused)]
fn main() {
let zip_rule = MagicRule {
    offset: OffsetSpec::Absolute(0),
    typ: TypeKind::Long { endian: Endianness::Little, signed: false },
    op: Operator::Equal,
    value: Value::Bytes(vec![0x50, 0x4b, 0x03, 0x04]),
    message: "ZIP archive".to_string(),
    children: vec![],
    level: 0,
};
}

Script Detection with String Matching

#![allow(unused)]
fn main() {
let script_rule = MagicRule {
    offset: OffsetSpec::Absolute(0),
    typ: TypeKind::String { max_length: Some(32) },
    op: Operator::Equal,
    value: Value::String("#!/bin/bash".to_string()),
    message: "Bash script".to_string(),
    children: vec![],
    level: 0,
};
}

Best Practices

Rule Organization

1. Start with broad patterns and use child rules for specifics
2. Order rules by probability of matching (most common first)
3. Use appropriate types for the data being checked
4. Minimize indirection for performance

Type Selection

1. Use Byte for single-byte values and flags
2. Use Short/Long with explicit endianness for multi-byte integers
3. Use String with length limits for text patterns
4. Use Bytes for exact binary sequences

Performance Considerations

1. Prefer absolute offsets over indirect when possible
2. Use bitwise AND for flag checking instead of multiple equality rules
3. Limit string lengths to prevent excessive reading
4. Structure hierarchies to fail fast on non-matches

The AST provides a flexible, type-safe foundation for representing magic rules while maintaining compatibility with existing magic file formats.

Parser Implementation

The libmagic-rs parser is built using the nom parser combinator library, providing a robust and efficient way to parse magic file syntax into our AST representation.

Architecture Overview

The parser follows a modular design where individual components are implemented and tested separately, then composed into higher-level parsers:

Magic File Text → Individual Parsers → Combined Parsers → Complete AST
                      ↓
              Numbers, Offsets, Operators, Values → Rules → Rule Hierarchies

Implemented Components

Number Parsing (parse_number)

Handles both decimal and hexadecimal number formats with comprehensive overflow protection:

#![allow(unused)]
fn main() {
// Decimal numbers
parse_number("123")    // Ok(("", 123))
parse_number("-456")   // Ok(("", -456))

// Hexadecimal numbers
parse_number("0x1a")   // Ok(("", 26))
parse_number("-0xFF")  // Ok(("", -255))
}

Features:

• ✅ Decimal and hexadecimal format support
• ✅ Signed and unsigned number handling
• ✅ Overflow protection with proper error reporting
• ✅ Comprehensive test coverage (15+ test cases)

Offset Parsing (parse_offset)

Converts numeric values into OffsetSpec::Absolute variants:

#![allow(unused)]
fn main() {
// Basic offsets
parse_offset("0")      // Ok(("", OffsetSpec::Absolute(0)))
parse_offset("0x10")   // Ok(("", OffsetSpec::Absolute(16)))
parse_offset("-4")     // Ok(("", OffsetSpec::Absolute(-4)))

// With whitespace handling
parse_offset(" 123 ")  // Ok(("", OffsetSpec::Absolute(123)))
}

Features:

• ✅ Absolute offset parsing with full number format support
• ✅ Whitespace handling (leading and trailing)
• ✅ Negative offset support for relative positioning
• 📋 Indirect offset parsing (planned)
• 📋 Relative offset parsing (planned)

Operator Parsing (parse_operator)

Parses comparison and bitwise operators with multiple syntax variants:

#![allow(unused)]
fn main() {
// Equality operators
parse_operator("=")    // Ok(("", Operator::Equal))
parse_operator("==")   // Ok(("", Operator::Equal))

// Inequality operators
parse_operator("!=")   // Ok(("", Operator::NotEqual))
parse_operator("<>")   // Ok(("", Operator::NotEqual))

// Bitwise operators
parse_operator("&")    // Ok(("", Operator::BitwiseAnd))
}

Features:

• ✅ Multiple syntax variants for compatibility
• ✅ Precedence handling (longer operators matched first)
• ✅ Whitespace tolerance
• ✅ Invalid operator rejection with clear errors

Value Parsing (parse_value)

Handles multiple value types with intelligent type detection:

#![allow(unused)]
fn main() {
// String literals with escape sequences
parse_value("\"Hello\"")           // Value::String("Hello".to_string())
parse_value("\"Line1\\nLine2\"")   // Value::String("Line1\nLine2".to_string())

// Numeric values
parse_value("123")                 // Value::Uint(123)
parse_value("-456")                // Value::Int(-456)
parse_value("0x1a")                // Value::Uint(26)

// Hex byte sequences
parse_value("\\x7f\\x45")          // Value::Bytes(vec![0x7f, 0x45])
parse_value("7f454c46")            // Value::Bytes(vec![0x7f, 0x45, 0x4c, 0x46])
}

Features:

• ✅ Quoted string parsing with escape sequence support
• ✅ Numeric literal parsing (decimal and hexadecimal)
• ✅ Hex byte sequence parsing (with and without \x prefix)
• ✅ Intelligent type precedence to avoid parsing conflicts
• ✅ Comprehensive escape sequence handling (\n, \t, \r, \\, \", \', \0)

Parser Design Principles

Error Handling

All parsers use nom’s IResult type for consistent error handling:

#![allow(unused)]
fn main() {
pub fn parse_number(input: &str) -> IResult<&str, i64> {
    // Implementation with proper error propagation
}
}

Error Categories:

• Syntax Errors: Invalid characters or malformed input
• Overflow Errors: Numbers too large for target type
• Format Errors: Invalid hex digits, unterminated strings, etc.

Memory Safety

All parsing operations are memory-safe with no unsafe code:

• Bounds Checking: All buffer access is bounds-checked
• Overflow Protection: Numeric parsing includes overflow detection
• Resource Management: No manual memory management required

Performance Optimization

The parser is designed for efficiency:

• Zero-Copy: String slices used where possible to avoid allocations
• Early Termination: Parsers fail fast on invalid input
• Minimal Backtracking: Parser combinators designed to minimize backtracking

Testing Strategy

Each parser component has comprehensive test coverage:

Test Categories

1. Basic Functionality: Core parsing behavior
2. Edge Cases: Boundary values, empty input, etc.
3. Error Conditions: Invalid input handling
4. Whitespace Handling: Leading/trailing whitespace tolerance
5. Remaining Input: Proper handling of unconsumed input

Example Test Structure

#![allow(unused)]
fn main() {
#[test]
fn test_parse_number_positive() {
    assert_eq!(parse_number("123"), Ok(("", 123)));
    assert_eq!(parse_number("0x1a"), Ok(("", 26)));
}

#[test]
fn test_parse_number_with_remaining_input() {
    assert_eq!(parse_number("123abc"), Ok(("abc", 123)));
    assert_eq!(parse_number("0xFF rest"), Ok((" rest", 255)));
}

#[test]
fn test_parse_number_edge_cases() {
    assert_eq!(parse_number("0"), Ok(("", 0)));
    assert_eq!(parse_number("-0"), Ok(("", 0)));
    assert!(parse_number("").is_err());
    assert!(parse_number("abc").is_err());
}
}

Complete Magic File Parsing

The parser now provides complete magic file parsing through the parse_text_magic_file() function:

#![allow(unused)]
fn main() {
use libmagic_rs::parser::parse_text_magic_file;

let magic_content = r#"
ELF file format
0 string \x7fELF ELF executable
>4 byte 1 32-bit
>4 byte 2 64-bit
"#;

let rules = parse_text_magic_file(magic_content)?;
assert_eq!(rules.len(), 1);           // One root rule
assert_eq!(rules[0].children.len(), 2); // Two child rules
}

Format Detection

The parser automatically detects magic file formats:

#![allow(unused)]
fn main() {
use libmagic_rs::parser::{detect_format, MagicFileFormat};

match detect_format(path)? {
    MagicFileFormat::Text => // Parse as text magic file
    MagicFileFormat::Directory => // Load all files from Magdir
    MagicFileFormat::Binary => // Show helpful error (not yet supported)
}
}

Current Limitations

Not Yet Implemented

• Indirect Offsets: Pointer dereferencing patterns (e.g., (0x3c.l))
• Regex Support: Regular expression matching in rules
• Binary .mgc Format: Compiled magic database format
• Strength Modifiers: !:strength parsing for rule priority

Planned Enhancements

• Better Error Messages: More descriptive error reporting with source locations
• Performance Optimization: Specialized parsers for common patterns
• Streaming Support: Incremental parsing for large magic files

Integration Points

The parser provides a complete pipeline from text to AST:

#![allow(unused)]
fn main() {
use libmagic_rs::parser::{parse_text_magic_file, detect_format, MagicFileFormat};

// Detect format and parse accordingly
let rules = match detect_format(path)? {
    MagicFileFormat::Text => {
        let content = std::fs::read_to_string(path)?;
        parse_text_magic_file(&content)?
    }
    MagicFileFormat::Directory => {
        // Load and merge all files in directory
        load_magic_directory(path)?
    }
    MagicFileFormat::Binary => {
        return Err(ParseError::UnsupportedFormat { ... });
    }
};
}

The hierarchical structure is automatically built from indentation levels (> prefixes), enabling parent-child rule relationships for detailed file type identification.

Evaluator Engine

The evaluator engine executes magic rules against file buffers to identify file types. It provides safe, efficient rule evaluation with hierarchical processing, graceful error recovery, and configurable resource limits.

Overview

The evaluator processes magic rules hierarchically:

1. Load file into memory-mapped buffer
2. Resolve offsets (absolute, relative, from-end)
3. Read typed values from buffer with bounds checking
4. Apply operators for comparison
5. Process children if parent rule matches
6. Collect results with match metadata

Architecture

File Buffer → Offset Resolution → Type Reading → Operator Application → Results
     ↑              ↑                  ↑              ↑                    ↑
Memory Map    Context State      Endian Handling   Match Logic      Hierarchical

Core Components

EvaluationContext (evaluator/mod.rs)

Maintains state during rule processing:

#![allow(unused)]
fn main() {
pub struct EvaluationContext {
    /// Current offset position for relative calculations
    current_offset: usize,
    /// Current recursion depth for safety limits
    recursion_depth: u32,
    /// Configuration for evaluation behavior
    config: EvaluationConfig,
}
}

Note: Fields are private; use accessor methods like current_offset(), recursion_depth(), and config().

Key Methods:

• new() - Create context with default configuration
• with_config() - Create context with custom configuration
• check_timeout() - Verify evaluation hasn’t exceeded time limit
• increment_depth() / decrement_depth() - Track recursion safely

MatchResult (evaluator/mod.rs)

Represents a successful rule match:

#![allow(unused)]
fn main() {
pub struct MatchResult {
    /// Human-readable description from the matched rule
    pub message: String,
    /// Offset where the match occurred
    pub offset: usize,
    /// Depth in the rule hierarchy (0 = root rule)
    pub level: u32,
    /// The matched value (parsed according to rule type)
    pub value: Value,
}
}

The Value type is from parser::ast::Value and represents the actual matched content according to the rule’s type specification.

Offset Resolution (evaluator/offset.rs)

Handles all offset types safely:

• Absolute offsets: Direct file positions (0, 0x100)
• Relative offsets: Based on previous match positions (&+4)
• From-end offsets: Calculated from file size (-4 from end)
• Bounds checking: All offset calculations are validated

#![allow(unused)]
fn main() {
pub fn resolve_offset(
    spec: &OffsetSpec,
    buffer: &[u8],
    context: &EvaluationContext,
) -> Result<usize, EvaluationError>
}

Type Reading (evaluator/types.rs)

Interprets bytes according to type specifications:

• Byte: Single byte values
• Short: 16-bit integers with endianness
• Long: 32-bit integers with endianness
• String: Byte sequences with length limits
• Bounds checking: Prevents buffer overruns

#![allow(unused)]
fn main() {
pub fn read_type_value(
    buffer: &[u8],
    offset: usize,
    type_kind: &TypeKind,
) -> Result<TypeValue, TypeReadError>
}

Operator Application (evaluator/operators.rs)

Applies comparison operations:

• Equal (=, ==): Exact value matching
• NotEqual (!=, <>): Non-matching values
• BitwiseAnd (&): Pattern matching for flags
• BitwiseAndMask: AND with mask then compare

#![allow(unused)]
fn main() {
pub fn apply_operator(
    op: &Operator,
    actual: &TypeValue,
    expected: &Value,
) -> bool
}

Evaluation Algorithm

The evaluator uses a depth-first hierarchical algorithm:

#![allow(unused)]
fn main() {
pub fn evaluate_rules(
    rules: &[MagicRule],
    buffer: &[u8],
) -> Result<Vec<MatchResult>, EvaluationError>
}

Algorithm:

1. For each root rule:

   • Resolve offset from buffer
   • Read value at offset according to type
   • Apply operator to compare actual vs expected
   • If match: add to results, recursively evaluate children
   • If no match: skip children, continue to next rule

2. Child rules inherit context from parent match

3. Results accumulate hierarchically (parent message + child details)

Hierarchical Processing

flowchart TD
    R[Root Rule<br/>e.g., "0 string \x7fELF"]
    R -->|match| C1[Child Rule 1<br/>e.g., ">4 byte 1"]
    R -->|match| C2[Child Rule 2<br/>e.g., ">4 byte 2"]
    C1 -->|match| G1[Result:<br/>ELF 32-bit]
    C2 -->|match| G2[Result:<br/>ELF 64-bit]

    style R fill:#e3f2fd
    style C1 fill:#fff3e0
    style C2 fill:#fff3e0
    style G1 fill:#c8e6c9
    style G2 fill:#c8e6c9

Configuration

Evaluation behavior is controlled via EvaluationConfig:

#![allow(unused)]
fn main() {
pub struct EvaluationConfig {
    /// Maximum recursion depth for nested rules (default: 20)
    pub max_recursion_depth: u32,
    /// Maximum string length to read (default: 8192)
    pub max_string_length: usize,
    /// Stop at first match or continue for all matches (default: true)
    pub stop_at_first_match: bool,
    /// Enable MIME type mapping in results (default: false)
    pub enable_mime_types: bool,
    /// Timeout for evaluation in milliseconds (default: None)
    pub timeout_ms: Option<u64>,
}
}

Preset Configurations:

#![allow(unused)]
fn main() {
// Default balanced configuration
let config = EvaluationConfig::default();

// Optimized for speed
let config = EvaluationConfig::performance();

// Find all matches with full details
let config = EvaluationConfig::comprehensive();
}

Safety Features

Memory Safety

• Bounds checking: All buffer access is validated before reading
• Integer overflow protection: Safe arithmetic using checked_* and saturating_*
• Resource limits: Configurable limits prevent resource exhaustion

Error Handling

The evaluator uses graceful degradation:

• Invalid offsets: Skip rule, continue with others
• Type mismatches: Skip rule, continue with others
• Timeout exceeded: Return partial results collected so far
• Recursion limit: Stop descent, continue siblings

#![allow(unused)]
fn main() {
pub enum EvaluationError {
    BufferOverrun { offset: usize },
    InvalidOffset { offset: i64 },
    UnsupportedType { type_name: String },
    RecursionLimitExceeded { depth: u32 },
    StringLengthExceeded { length: usize, max_length: usize },
    InvalidStringEncoding { offset: usize },
    Timeout { timeout_ms: u64 },
    TypeReadError(TypeReadError),
}
}

Timeout Protection

#![allow(unused)]
fn main() {
// With 5 second timeout
let config = EvaluationConfig {
    timeout_ms: Some(5000),
    ..Default::default()
};

let result = evaluate_rules_with_config(&rules, buffer, config)?;
}

API Reference

Primary Functions

#![allow(unused)]
fn main() {
/// Evaluate rules with default configuration
pub fn evaluate_rules(
    rules: &[MagicRule],
    buffer: &[u8],
) -> Result<Vec<MatchResult>, EvaluationError>;

/// Evaluate rules with custom configuration
pub fn evaluate_rules_with_config(
    rules: &[MagicRule],
    buffer: &[u8],
    config: EvaluationConfig,
) -> Result<Vec<MatchResult>, EvaluationError>;

/// Evaluate a single rule (used internally and for testing)
pub fn evaluate_single_rule(
    rule: &MagicRule,
    buffer: &[u8],
    context: &mut EvaluationContext,
) -> Result<Option<MatchResult>, EvaluationError>;
}

Usage Example

#![allow(unused)]
fn main() {
use libmagic_rs::{evaluate_rules, EvaluationConfig};
use libmagic_rs::parser::parse_text_magic_file;

// Parse magic rules
let magic_content = r#"
0 string \x7fELF ELF executable
>4 byte 1 32-bit
>4 byte 2 64-bit
"#;
let rules = parse_text_magic_file(magic_content)?;

// Read target file
let buffer = std::fs::read("sample.bin")?;

// Evaluate with default config
let matches = evaluate_rules(&rules, &buffer)?;

for m in matches {
    println!("Match at offset {}: {}", m.offset, m.message);
}
}

Implementation Status

• Basic evaluation engine structure
• Offset resolution (absolute, relative, from-end)
• Type reading with endianness support (Byte, Short, Long, String)
• Operator application (Equal, NotEqual, BitwiseAnd)
• Hierarchical rule processing with child evaluation
• Error handling with graceful degradation
• Timeout protection
• Recursion depth limiting
• Comprehensive test coverage (100+ tests)
• Indirect offset support (pointer dereferencing)
• Regex type support
• Performance optimizations (rule ordering, caching)

Performance Considerations

Lazy Evaluation

• Parent-first: Only evaluate children if parent matches
• Early termination: Stop on first match when configured
• Skip on error: Continue evaluation after non-fatal errors

Memory Efficiency

• Memory mapping: Files accessed via mmap, not loaded entirely
• Zero-copy reads: Slice references where possible
• Bounded strings: String reads limited to prevent memory exhaustion

Output Formatters

Note

Output formatters are currently in development. This documentation describes the planned implementation.

The output module handles formatting evaluation results into different output formats for various use cases.

Supported Formats

Text Output

Human-readable format compatible with GNU file:

example.bin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV)

JSON Output

Structured format for programmatic use:

{
  "filename": "example.bin",
  "description": "ELF 64-bit LSB executable, x86-64, version 1 (SYSV)",
  "mime_type": "application/x-executable",
  "confidence": 0.95
}

Implementation Status

• Text formatter (output/text.rs)
• JSON formatter (output/json.rs)
• Format selection logic
• MIME type mapping

Planned API

#![allow(unused)]
fn main() {
pub fn format_text(results: &[Match]) -> String;
pub fn format_json(results: &[Match]) -> Result<String>;
}

I/O and Performance

The I/O module provides efficient file access through memory-mapped I/O with comprehensive safety guarantees and performance optimizations.

Memory-Mapped I/O Architecture

libmagic-rs uses memory-mapped I/O through the memmap2 crate to provide efficient file access without loading entire files into memory. This approach offers several advantages:

• Zero-copy access: File data is accessed directly from the OS page cache
• Lazy loading: Only accessed portions of files are loaded into memory
• Efficient for large files: No memory overhead for file size
• OS-optimized: Leverages operating system virtual memory management

FileBuffer Implementation

The FileBuffer struct provides the core abstraction for memory-mapped file access:

#![allow(unused)]
fn main() {
pub struct FileBuffer {
    mmap: Mmap,
    path: PathBuf,
}

impl FileBuffer {
    pub fn new(path: &Path) -> Result<Self, IoError>
    pub fn as_slice(&self) -> &[u8]
    pub fn len(&self) -> usize
    pub fn path(&self) -> &Path
    pub fn is_empty(&self) -> bool
}
}

File Validation and Safety

Before creating a memory mapping, FileBuffer::new() performs comprehensive validation:

1. File existence: Verifies the file can be opened for reading
2. Empty file detection: Rejects empty files that cannot be meaningfully processed
3. Size limits: Enforces maximum file size (1GB) to prevent resource exhaustion
4. Metadata validation: Ensures file metadata is accessible

#![allow(unused)]
fn main() {
// Example validation flow
let file = File::open(path)?;
let metadata = file.metadata()?;

if metadata.len() == 0 {
    return Err(IoError::EmptyFile { path });
}

if metadata.len() > MAX_FILE_SIZE {
    return Err(IoError::FileTooLarge { size, max_size });
}
}

Safe Buffer Access

All buffer operations use bounds-checked access patterns to prevent buffer overruns and memory safety violations.

Core Safety Functions

safe_read_bytes()

Provides safe access to byte ranges with comprehensive validation:

#![allow(unused)]
fn main() {
pub fn safe_read_bytes(
    buffer: &[u8],
    offset: usize,
    length: usize
) -> Result<&[u8], IoError>
}

Safety Guarantees:

• Validates offset is within buffer bounds
• Checks for integer overflow in offset + length calculation
• Ensures requested range doesn’t exceed buffer size
• Rejects zero-length reads as invalid

safe_read_byte()

Convenience function for single-byte access:

#![allow(unused)]
fn main() {
pub fn safe_read_byte(buffer: &[u8], offset: usize) -> Result<u8, IoError>
}

validate_buffer_access()

Pre-validates access parameters without performing reads:

#![allow(unused)]
fn main() {
pub fn validate_buffer_access(
    buffer_size: usize,
    offset: usize,
    length: usize
) -> Result<(), IoError>
}

Error Handling

The I/O module defines comprehensive error types for all failure scenarios:

#![allow(unused)]
fn main() {
#[derive(Debug, Error)]
pub enum IoError {
    #[error("Failed to open file '{path}': {source}")]
    FileOpenError {
        path: PathBuf,
        source: std::io::Error,
    },

    #[error("Failed to memory-map file '{path}': {source}")]
    MmapError {
        path: PathBuf,
        source: std::io::Error,
    },

    #[error("File '{path}' is empty")]
    EmptyFile { path: PathBuf },

    #[error("File '{path}' is too large ({size} bytes, maximum {max_size} bytes)")]
    FileTooLarge {
        path: PathBuf,
        size: u64,
        max_size: u64,
    },

    #[error(
        "Buffer access out of bounds: offset {offset} + length {length} > buffer size {buffer_size}"
    )]
    BufferOverrun {
        offset: usize,
        length: usize,
        buffer_size: usize,
    },

    #[error("Invalid buffer access parameters: offset {offset}, length {length}")]
    InvalidAccess { offset: usize, length: usize },
}
}

Performance Characteristics

Memory Usage

• Constant memory overhead: FileBuffer uses minimal heap memory regardless of file size
• OS page cache utilization: Leverages system-wide file caching
• No data copying: Direct access to mapped memory regions
• Automatic cleanup: RAII patterns ensure proper resource deallocation

Access Patterns

The memory-mapped approach is optimized for typical magic rule evaluation patterns:

• Sequential access: Reading file headers and structured data
• Random access: Jumping to specific offsets based on rule specifications
• Small reads: Most magic rules read small amounts of data (1-64 bytes)
• Repeated access: Same file regions may be accessed by multiple rules

Performance Benchmarks

Current performance characteristics (measured on typical hardware):

• File opening: ~10-50μs for files up to 1GB
• Buffer creation: ~1-5μs overhead per FileBuffer
• Byte access: ~10-50ns per safe_read_byte() call
• Range access: ~50-200ns per safe_read_bytes() call

Optimization Strategies

Memory Mapping Benefits

1. Large file handling: No memory pressure from file size
2. Shared mappings: Multiple processes can share the same file mapping
3. OS optimization: Kernel handles prefetching and caching
4. Lazy loading: Only accessed pages are loaded into physical memory

Bounds Checking Optimization

The safety functions are designed for minimal overhead:

• Single validation: Bounds checking performed once per access
• Overflow protection: Uses checked_add() to prevent integer overflow
• Early returns: Fast path for common valid access patterns
• Zero-cost abstractions: Compiler optimizations eliminate overhead in release builds

Resource Management

RAII Patterns

FileBuffer uses Rust’s RAII (Resource Acquisition Is Initialization) patterns:

#![allow(unused)]
fn main() {
impl Drop for FileBuffer {
    fn drop(&mut self) {
        // Mmap handles cleanup automatically through its Drop implementation
        // Memory mapping is safely unmapped and file handles are closed
    }
}
}

File Handle Management

• Automatic cleanup: File handles closed when FileBuffer is dropped
• Exception safety: Cleanup occurs even if operations panic
• No resource leaks: Guaranteed cleanup through Rust’s ownership system

Memory Mapping Lifecycle

1. Creation: File opened and validated, memory mapping established
2. Usage: Safe access through bounds-checked functions
3. Cleanup: Automatic unmapping and file handle closure on drop

Implementation Status

• Memory-mapped file buffers (io/mod.rs) - Complete with FileBuffer
• Safe buffer access utilities - safe_read_bytes, safe_read_byte, validate_buffer_access
• Error handling for I/O operations - Comprehensive IoError types with context
• Resource management - RAII patterns with automatic cleanup
• File validation - Size limits, empty file detection, metadata validation
• Comprehensive testing - Unit tests covering all functionality and error cases
• Performance benchmarks - Planned for future releases

Integration with Evaluation Engine

The I/O layer is designed to integrate seamlessly with the rule evaluation engine:

Offset Resolution

#![allow(unused)]
fn main() {
// Example integration pattern
let buffer = FileBuffer::new(file_path)?;
let data = buffer.as_slice();

// Safe offset-based access for rule evaluation
let bytes = safe_read_bytes(data, rule.offset, rule.type_size)?;
let value = interpret_bytes(bytes, rule.type_kind)?;
}

Error Propagation

I/O errors are properly propagated through the evaluation chain:

#![allow(unused)]
fn main() {
pub type Result<T> = std::result::Result<T, LibmagicError>;

impl From<IoError> for LibmagicError {
    fn from(err: IoError) -> Self {
        LibmagicError::IoError(err)
    }
}
}

This architecture ensures that file I/O operations are both safe and performant, providing a solid foundation for the magic rule evaluation engine.

Magic File Format

Magic files define rules for identifying file types through byte-level patterns. This chapter documents the magic file format supported by libmagic-rs.

Basic Syntax

Magic files consist of rules with the following format:

offset  type  operator  value  message

Example Rules

# ELF files
0       string    \x7fELF         ELF
>4      byte      1               32-bit
>4      byte      2               64-bit

# ZIP archives
0       string    PK\003\004     ZIP archive

# JPEG images
0       string    \xff\xd8\xff   JPEG image

Offset Specifications

Absolute Offsets

0       # Start of file
16      # Byte 16
0x10    # Hexadecimal offset

Relative Offsets (Hierarchical)

0       string    \x7fELF    ELF
>4      byte      1          32-bit    # 4 bytes after ELF magic
>5      byte      1          LSB       # 5 bytes after ELF magic

Indirect Offsets

(0x20.l)     # Read 32-bit value at 0x20, use as offset
(0x20.l+4)   # Same, but add 4 to the result

Data Types

Numeric Types

• byte - 8-bit value
• short - 16-bit value
• long - 32-bit value
• leshort - Little-endian 16-bit
• beshort - Big-endian 16-bit
• lelong - Little-endian 32-bit
• belong - Big-endian 32-bit

String Types

• string - Null-terminated string
• pstring - Pascal string (length-prefixed)

Operators

• = or no operator - Equality (default)
• != - Inequality
• & - Bitwise AND
• > - Greater than
• < - Less than

Value Formats

Numeric Values

42          # Decimal
0x2a        # Hexadecimal
0377        # Octal

String Values

hello                    # Plain string
"hello world"           # Quoted string
\x7fELF                 # Escape sequences
PK\003\004              # Mixed format

Byte Sequences

\x7f\x45\x4c\x46       # Hex bytes
\177ELF                 # Mixed octal/ASCII

Comments and Organization

# This is a comment
# Comments can appear anywhere

# Group related rules
# ELF files
0    string    \x7fELF    ELF
>4   byte      1          32-bit

# ZIP files
0    string    PK         ZIP-based format

Advanced Features (Planned)

Regular Expressions

0    regex    ^#!/bin/.*sh    Shell script

Conditional Logic

0    string    \x7fELF         ELF
>4   byte      1               32-bit
>>16 leshort   >0              executable

MIME Type Mapping

0    string    \x7fELF    ELF    application/x-executable

This format provides a flexible, human-readable way to define file type detection rules while maintaining compatibility with existing magic file databases.

Testing and Quality Assurance

The libmagic-rs project maintains high quality standards through comprehensive testing, strict linting, and continuous integration. This chapter covers the testing strategy, current test coverage, and quality assurance practices.

Testing Philosophy

Comprehensive Coverage

The project aims for comprehensive test coverage across all components:

• Unit Tests: Test individual functions and methods in isolation
• Integration Tests: Test component interactions and workflows
• Property Tests: Use property-based testing for edge cases
• Compatibility Tests: Validate against GNU file command results
• Performance Tests: Benchmark critical path performance

Quality Gates

All code must pass these quality gates:

1. Zero Warnings: cargo clippy -- -D warnings must pass
2. All Tests Pass: Complete test suite must pass
3. Code Coverage: Target >85% coverage for new code
4. Documentation: All public APIs must be documented
5. Memory Safety: No unsafe code except in vetted dependencies

Current Test Coverage

Test Statistics

Total Tests: 98 passing unit tests

$ cargo test
running 98 tests
test result: ok. 98 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out

Test Distribution

AST Structure Tests (29 tests)

OffsetSpec Tests:

• test_offset_spec_absolute - Basic absolute offset creation
• test_offset_spec_indirect - Complex indirect offset structures
• test_offset_spec_relative - Relative offset handling
• test_offset_spec_from_end - End-relative offset calculations
• test_offset_spec_serialization - JSON serialization round-trips
• test_all_offset_spec_variants - Comprehensive variant testing
• test_endianness_variants - Endianness handling in all contexts

Value Tests:

• test_value_uint - Unsigned integer values including extremes
• test_value_int - Signed integer values including boundaries
• test_value_bytes - Byte sequence handling and comparison
• test_value_string - String values including Unicode
• test_value_comparison - Cross-type comparison behavior
• test_value_serialization - Complete serialization testing
• test_value_serialization_edge_cases - Boundary and extreme values

TypeKind Tests:

• test_type_kind_byte - Single byte type handling
• test_type_kind_short - 16-bit integer types with endianness
• test_type_kind_long - 32-bit integer types with endianness
• test_type_kind_string - String types with length limits
• test_type_kind_serialization - All type serialization

Operator Tests:

• test_operator_variants - All operator types
• test_operator_serialization - Operator serialization

MagicRule Tests:

• test_magic_rule_creation - Basic rule construction
• test_magic_rule_with_children - Hierarchical rule structures
• test_magic_rule_serialization - Complete rule serialization

Parser Component Tests (50 tests)

Number Parsing Tests:

• test_parse_decimal_number - Basic decimal parsing
• test_parse_hex_number - Hexadecimal parsing with 0x prefix
• test_parse_number_positive - Positive number handling
• test_parse_number_negative - Negative number handling
• test_parse_number_edge_cases - Boundary values and error conditions
• test_parse_number_with_remaining_input - Partial parsing behavior

Offset Parsing Tests:

• test_parse_offset_absolute_positive - Positive absolute offsets
• test_parse_offset_absolute_negative - Negative absolute offsets
• test_parse_offset_with_whitespace - Whitespace tolerance
• test_parse_offset_with_remaining_input - Partial parsing
• test_parse_offset_edge_cases - Error conditions and boundaries
• test_parse_offset_common_magic_file_values - Real-world patterns
• test_parse_offset_boundary_values - Extreme values

Operator Parsing Tests:

• test_parse_operator_equality - Equality operators (= and ==)
• test_parse_operator_inequality - Inequality operators (!= and <>)
• test_parse_operator_bitwise_and - Bitwise AND operator (&)
• test_parse_operator_with_remaining_input - Partial parsing
• test_parse_operator_precedence - Operator precedence handling
• test_parse_operator_invalid_input - Error condition handling
• test_parse_operator_edge_cases - Boundary conditions
• test_parse_operator_common_magic_file_patterns - Real patterns

Value Parsing Tests:

• test_parse_quoted_string_simple - Basic string parsing
• test_parse_quoted_string_with_escapes - Escape sequence handling
• test_parse_quoted_string_with_whitespace - Whitespace handling
• test_parse_quoted_string_invalid - Error conditions
• test_parse_hex_bytes_with_backslash_x - \x prefix hex bytes
• test_parse_hex_bytes_without_prefix - Raw hex byte sequences
• test_parse_hex_bytes_mixed_case - Case insensitive hex
• test_parse_numeric_value_positive - Positive numeric values
• test_parse_numeric_value_negative - Negative numeric values
• test_parse_value_string_literals - String literal parsing
• test_parse_value_numeric_literals - Numeric literal parsing
• test_parse_value_hex_byte_sequences - Hex byte parsing
• test_parse_value_type_precedence - Type detection precedence
• test_parse_value_edge_cases - Boundary conditions
• test_parse_value_invalid_input - Error handling

Test Categories

Unit Tests

Located alongside source code using #[cfg(test)]:

#![allow(unused)]
fn main() {
#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_basic_functionality() {
        let result = parse_number("123");
        assert_eq!(result, Ok(("", 123)));
    }

    #[test]
    fn test_error_conditions() {
        let result = parse_number("invalid");
        assert!(result.is_err());
    }

    #[test]
    fn test_edge_cases() {
        // Test boundary values
        assert_eq!(parse_number("0"), Ok(("", 0)));
        assert_eq!(parse_number("-0"), Ok(("", 0)));

        // Test extreme values
        let max_val = i64::MAX.to_string();
        assert_eq!(parse_number(&max_val), Ok(("", i64::MAX)));
    }
}
}

Integration Tests (Planned)

Will be located in tests/ directory:

#![allow(unused)]
fn main() {
// tests/parser_integration.rs
use libmagic_rs::parser::*;

#[test]
fn test_complete_rule_parsing() {
    let magic_line = "0 string \\x7fELF ELF executable";
    let rule = parse_magic_rule(magic_line).unwrap();

    assert_eq!(rule.offset, OffsetSpec::Absolute(0));
    assert_eq!(rule.message, "ELF executable");
}

#[test]
fn test_hierarchical_rules() {
    let magic_content = r#"
0 string \x7fELF ELF
>4 byte 1 32-bit
>4 byte 2 64-bit
"#;
    let rules = parse_magic_file_content(magic_content).unwrap();
    assert_eq!(rules.len(), 1);
    assert_eq!(rules[0].children.len(), 2);
}
}

Property Tests (Planned)

Using proptest for fuzz-like testing:

#![allow(unused)]
fn main() {
use proptest::prelude::*;

proptest! {
    #[test]
    fn test_number_parsing_roundtrip(n in any::<i64>()) {
        let s = n.to_string();
        let (remaining, parsed) = parse_number(&s).unwrap();
        assert_eq!(remaining, "");
        assert_eq!(parsed, n);
    }

    #[test]
    fn test_offset_parsing_never_panics(s in ".*") {
        // Should never panic, even on invalid input
        let _ = parse_offset(&s);
    }
}
}

Compatibility Tests (Planned)

Validate against GNU file command:

#![allow(unused)]
fn main() {
#[test]
fn test_elf_detection_compatibility() {
    let gnu_result = run_gnu_file("third_party/tests/elf64.testfile");
    let our_result = evaluate_file("third_party/tests/elf64.testfile");

    assert_eq!(extract_file_type(&gnu_result), our_result.description);
}
}

Test Utilities and Helpers

Common Test Patterns

Whitespace Testing Helper:

#![allow(unused)]
fn main() {
fn test_with_whitespace_variants<T, F>(input: &str, expected: &T, parser: F)
where
    T: Clone + PartialEq + std::fmt::Debug,
    F: Fn(&str) -> IResult<&str, T>,
{
    let variants = vec![
        format!(" {}", input),  // Leading space
        format!("  {}", input), // Leading spaces
        format!("\t{}", input), // Leading tab
        format!("{} ", input),  // Trailing space
        format!("{}  ", input), // Trailing spaces
        format!("{}\t", input), // Trailing tab
        format!(" {} ", input), // Both sides
    ];

    for variant in variants {
        assert_eq!(
            parser(&variant),
            Ok(("", expected.clone())),
            "Failed with whitespace: '{}'",
            variant
        );
    }
}
}

Error Testing Patterns:

#![allow(unused)]
fn main() {
#[test]
fn test_parser_error_conditions() {
    let error_cases = vec![
        ("", "empty input"),
        ("abc", "invalid characters"),
        ("0xGG", "invalid hex digits"),
        ("--123", "double negative"),
    ];

    for (input, description) in error_cases {
        assert!(
            parse_number(input).is_err(),
            "Should fail on {}: '{}'",
            description,
            input
        );
    }
}
}

Test Data Management

Test Fixtures:

#![allow(unused)]
fn main() {
// Common test data
const ELF_MAGIC: &[u8] = &[0x7f, 0x45, 0x4c, 0x46];
const ZIP_MAGIC: &[u8] = &[0x50, 0x4b, 0x03, 0x04];
const PDF_MAGIC: &str = "%PDF-";

fn create_test_rule() -> MagicRule {
    MagicRule {
        offset: OffsetSpec::Absolute(0),
        typ: TypeKind::Byte,
        op: Operator::Equal,
        value: Value::Uint(0x7f),
        message: "Test rule".to_string(),
        children: vec![],
        level: 0,
    }
}
}

Running Tests

Basic Test Execution

# Run all tests
cargo test

# Run specific test module
cargo test parser::grammar::tests

# Run specific test
cargo test test_parse_number_positive

# Run tests with output
cargo test -- --nocapture

# Run ignored tests (if any)
cargo test -- --ignored

Enhanced Test Running

# Use nextest for faster execution
cargo nextest run

# Run tests with coverage
cargo llvm-cov --html

# Run tests in release mode
cargo test --release

# Test documentation examples
cargo test --doc

Continuous Testing

# Auto-run tests on file changes
cargo watch -x test

# Auto-run specific tests
cargo watch -x "test parser"

# Run checks and tests together
cargo watch -x check -x test

Code Coverage

Coverage Tools

# Install coverage tool
cargo install cargo-llvm-cov

# Generate HTML coverage report
cargo llvm-cov --html

# Generate lcov format for CI
cargo llvm-cov --lcov --output-path coverage.lcov

# Show coverage summary
cargo llvm-cov --summary-only

Coverage Targets

• Overall Coverage: Target >85% for the project
• New Code: Require >90% coverage for new features
• Critical Paths: Require 100% coverage for parser and evaluator
• Public APIs: Require 100% coverage for all public functions

Coverage Exclusions

Some code is excluded from coverage requirements:

#![allow(unused)]
fn main() {
// Debug/development code
#[cfg(debug_assertions)]
fn debug_helper() { /* ... */
}

// Error handling that's hard to trigger
#[cfg_attr(coverage, coverage(off))]
fn handle_system_error() { /* ... */
}
}

Quality Assurance

Automated Checks

All code must pass these automated checks:

# Formatting check
cargo fmt -- --check

# Linting with strict rules
cargo clippy -- -D warnings

# Documentation generation
cargo doc --document-private-items

# Security audit
cargo audit

# Dependency check
cargo tree --duplicates

Manual Review Checklist

For code reviews:

• Functionality: Does the code work as intended?
• Tests: Are there comprehensive tests covering the changes?
• Documentation: Are public APIs documented with examples?
• Error Handling: Are errors handled gracefully?
• Performance: Are there any performance implications?
• Memory Safety: Is all buffer access bounds-checked?
• Compatibility: Does this maintain API compatibility?

Performance Testing

# Run benchmarks
cargo bench

# Profile with flamegraph
cargo install flamegraph
cargo flamegraph --bench parser_bench

# Memory usage analysis
valgrind --tool=massif target/release/rmagic large_file.bin

CLI Testing and Cross-Platform Snapshots

CLI Integration Tests

CLI functionality is tested using integration tests with insta snapshots to ensure consistent output across different platforms.

Cross-Platform Normalization

Important: CLI insta snapshots must use the normalization helper to ensure consistent results between Windows and Unix systems:

#![allow(unused)]
fn main() {
mod common;

#[test]
fn test_cli_help_output() {
    let result = run_cli(&["--help"]);
    let stdout = String::from_utf8(result.stdout).unwrap();

    // REQUIRED: Use normalization for CLI snapshots
    let normalized_stdout = common::normalize_cli_output(&stdout);
    assert_snapshot!("help_output", normalized_stdout);
}
}

Normalization Features

The common::normalize_cli_output() function handles:

• Executable Names: Converts rmagic.exe → rmagic for Windows compatibility
• Path Prefixes: Removes Windows \\?\\ path prefixes
• Error Messages: Filters out cargo-specific error output

Running CLI Tests

# Run all CLI integration tests
cargo test --test cli_integration_tests

# Run CLI normalization tests
cargo test --test cli_normalization

# Review snapshot changes
cargo insta review

# Accept all snapshot changes (use with caution)
cargo insta accept

Snapshot Best Practices

1. Always Normalize: Use normalize_cli_output() for CLI snapshots
2. Review Changes: Always review snapshot diffs with cargo insta review
3. Test Cross-Platform: Verify tests pass on both Windows and Unix
4. Keep Snapshots Small: Use focused tests for specific CLI features

Future Testing Plans

Integration Testing

• Complete Workflow Tests: End-to-end magic file parsing and evaluation
• File Format Tests: Comprehensive testing against known file formats
• Error Recovery Tests: Graceful handling of malformed inputs

Compatibility Testing

• GNU file Compatibility: Validate results against original implementation
• Magic File Compatibility: Test with real-world magic databases
• Performance Parity: Ensure comparable performance to libmagic

Fuzzing Integration

• Parser Fuzzing: Use cargo-fuzz for parser robustness
• Evaluator Fuzzing: Test evaluation engine with malformed files
• Continuous Fuzzing: Integrate with OSS-Fuzz for ongoing testing

The comprehensive testing strategy ensures libmagic-rs maintains high quality, reliability, and compatibility while enabling confident refactoring and feature development.

Performance Optimization

Note

Performance optimizations are planned for future releases. This documentation describes the optimization strategies and targets.

libmagic-rs is designed for high performance while maintaining safety and correctness.

Performance Targets

• Speed: Within 10% of C libmagic performance
• Memory: Comparable memory usage to C implementation
• Startup: Faster initialization with rule caching
• Scalability: Efficient handling of large files and rule sets

Optimization Strategies

Memory-Mapped I/O

• Avoid loading entire files into memory
• Leverage OS page cache for frequently accessed files
• Zero-copy buffer operations where possible

Rule Evaluation

• Lazy evaluation: only process rules when necessary
• Early termination on definitive matches
• Optimized rule ordering based on match probability

String Matching

• Aho-Corasick algorithm for multi-pattern searches
• Boyer-Moore for single pattern searches
• Binary-safe string operations

Caching

• Compiled rule caching to avoid re-parsing
• Result caching for frequently analyzed files
• Intelligent cache invalidation

Benchmarking

Performance benchmarks will be available using the criterion crate:

cargo bench

Profiling

Tools for performance analysis:

• cargo flamegraph for CPU profiling
• valgrind for memory analysis
• perf for detailed system-level profiling

Implementation Status

• Basic performance benchmarks
• Memory-mapped I/O optimization
• Rule evaluation optimization
• String matching optimization
• Caching implementation
• Performance regression testing

Error Handling

libmagic-rs uses Rust’s Result type system for comprehensive, type-safe error handling.

Error Types

LibmagicError

The main error enum covers all library operations:

#![allow(unused)]
fn main() {
use thiserror::Error;

#[derive(Debug, Error)]
pub enum LibmagicError {
    #[error("Parse error at line {line}: {message}")]
    ParseError { line: usize, message: String },

    #[error("Evaluation error: {0}")]
    EvaluationError(String),

    #[error("IO error: {0}")]
    IoError(#[from] std::io::Error),

    #[error("Invalid magic file format: {0}")]
    InvalidFormat(String),
}
}

Result Type Alias

For convenience, the library provides a type alias:

#![allow(unused)]
fn main() {
pub type Result<T> = std::result::Result<T, LibmagicError>;
}

Error Handling Patterns

Basic Error Handling

#![allow(unused)]
fn main() {
use libmagic_rs::{MagicDatabase, LibmagicError};

match MagicDatabase::load_from_file("magic.db") {
    Ok(db) => {
        // Use the database
        println!("Loaded magic database successfully");
    }
    Err(e) => {
        eprintln!("Failed to load magic database: {}", e);
        return;
    }
}
}

Using the ? Operator

#![allow(unused)]
fn main() {
fn analyze_file(path: &str) -> Result<String> {
    let db = MagicDatabase::load_from_file("magic.db")?;
    let result = db.evaluate_file(path)?;
    Ok(result.description)
}
}

Matching Specific Errors

#![allow(unused)]
fn main() {
use libmagic_rs::LibmagicError;

match db.evaluate_file("example.bin") {
    Ok(result) => println!("File type: {}", result.description),
    Err(LibmagicError::IoError(e)) => {
        eprintln!("File access error: {}", e);
    }
    Err(LibmagicError::EvaluationError(msg)) => {
        eprintln!("Evaluation failed: {}", msg);
    }
    Err(e) => {
        eprintln!("Other error: {}", e);
    }
}
}

Error Context

Adding Context with map_err

#![allow(unused)]
fn main() {
use libmagic_rs::LibmagicError;

fn load_custom_magic(path: &str) -> Result<MagicDatabase> {
    MagicDatabase::load_from_file(path).map_err(|e| {
        LibmagicError::InvalidFormat(format!(
            "Failed to load custom magic file '{}': {}",
            path, e
        ))
    })
}
}

Using anyhow for Application Errors

use anyhow::{Context, Result};
use libmagic_rs::MagicDatabase;

fn main() -> Result<()> {
    let db = MagicDatabase::load_from_file("magic.db").context("Failed to load magic database")?;

    let result = db
        .evaluate_file("example.bin")
        .context("Failed to analyze file")?;

    println!("File type: {}", result.description);
    Ok(())
}

Error Recovery

Graceful Degradation

#![allow(unused)]
fn main() {
fn analyze_with_fallback(path: &str) -> String {
    match MagicDatabase::load_from_file("magic.db") {
        Ok(db) => match db.evaluate_file(path) {
            Ok(result) => result.description,
            Err(_) => "unknown file type".to_string(),
        },
        Err(_) => "magic database unavailable".to_string(),
    }
}
}

Retry Logic

#![allow(unused)]
fn main() {
use std::thread;
use std::time::Duration;

fn load_with_retry(path: &str, max_attempts: u32) -> Result<MagicDatabase> {
    let mut attempts = 0;

    loop {
        match MagicDatabase::load_from_file(path) {
            Ok(db) => return Ok(db),
            Err(e) if attempts < max_attempts => {
                attempts += 1;
                eprintln!("Attempt {} failed: {}", attempts, e);
                thread::sleep(Duration::from_millis(100));
            }
            Err(e) => return Err(e),
        }
    }
}
}

Best Practices

1. Use Specific Error Types

#![allow(unused)]
fn main() {
// Good: Specific error information
Err(LibmagicError::ParseError {
    line: 42,
    message: "Invalid offset specification".to_string()
})

// Avoid: Generic error messages
Err(LibmagicError::EvaluationError("something went wrong".to_string()))
}

2. Provide Context

#![allow(unused)]
fn main() {
// Good: Contextual error information
fn parse_magic_file(path: &Path) -> Result<Vec<MagicRule>> {
    std::fs::read_to_string(path)
        .map_err(|e| LibmagicError::IoError(e))
        .and_then(|content| parse_magic_string(&content))
}

// Better: Even more context
fn parse_magic_file(path: &Path) -> Result<Vec<MagicRule>> {
    let content = std::fs::read_to_string(path).map_err(|e| {
        LibmagicError::InvalidFormat(format!(
            "Cannot read magic file '{}': {}",
            path.display(),
            e
        ))
    })?;

    parse_magic_string(&content).map_err(|e| {
        LibmagicError::InvalidFormat(format!("Invalid magic file '{}': {}", path.display(), e))
    })
}
}

3. Handle Errors at the Right Level

// Library level: Return detailed errors
pub fn evaluate_file<P: AsRef<Path>>(&self, path: P) -> Result<EvaluationResult> {
    // Detailed error handling
}

// Application level: Handle user-facing concerns
fn main() {
    match analyze_file("example.bin") {
        Ok(description) => println!("{}", description),
        Err(e) => {
            eprintln!("Error: {}", e);
            std::process::exit(1);
        }
    }
}

4. Document Error Conditions

#![allow(unused)]
fn main() {
/// Evaluate magic rules against a file
///
/// # Errors
///
/// This function will return an error if:
/// - The file cannot be read (`IoError`)
/// - The file is too large for processing (`EvaluationError`)
/// - Rule evaluation encounters invalid data (`EvaluationError`)
///
/// # Examples
///
/// ```rust,no_run
/// use libmagic_rs::MagicDatabase;
///
/// let db = MagicDatabase::load_from_file("magic.db")?;
/// match db.evaluate_file("example.bin") {
///     Ok(result) => println!("Type: {}", result.description),
///     Err(e) => eprintln!("Error: {}", e),
/// }
/// # Ok::<(), Box<dyn std::error::Error>>(())
/// ```
pub fn evaluate_file<P: AsRef<Path>>(&self, path: P) -> Result<EvaluationResult> {
    // Implementation
}
}

Testing Error Conditions

#![allow(unused)]
fn main() {
#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_missing_file_error() {
        let result = MagicDatabase::load_from_file("nonexistent.magic");
        assert!(result.is_err());

        match result {
            Err(LibmagicError::IoError(_)) => (), // Expected
            _ => panic!("Expected IoError for missing file"),
        }
    }

    #[test]
    fn test_invalid_magic_file() {
        let result = parse_magic_string("invalid syntax here");
        assert!(result.is_err());

        if let Err(LibmagicError::ParseError { line, message }) = result {
            assert_eq!(line, 1);
            assert!(message.contains("syntax"));
        } else {
            panic!("Expected ParseError for invalid syntax");
        }
    }
}
}

This comprehensive error handling approach ensures libmagic-rs provides clear, actionable error information while maintaining type safety and enabling robust error recovery strategies.

Migration from libmagic

This guide helps you migrate from the C-based libmagic library to libmagic-rs, covering API differences, compatibility considerations, and best practices.

API Comparison

C libmagic API

#include <magic.h>

magic_t magic = magic_open(MAGIC_MIME_TYPE);
magic_load(magic, NULL);
const char* result = magic_file(magic, "example.bin");
printf("MIME type: %s\n", result);
magic_close(magic);

libmagic-rs API

#![allow(unused)]
fn main() {
use libmagic_rs::MagicDatabase;

let db = MagicDatabase::load_from_file("magic.db")?;
let result = db.evaluate_file("example.bin")?;
println!("File type: {}", result.description);
}

Key Differences

Memory Safety

• C libmagic: Manual memory management, potential for leaks/corruption
• libmagic-rs: Automatic memory management, compile-time safety guarantees

Error Handling

• C libmagic: Error codes and global error state
• libmagic-rs: Result types with detailed error information

Thread Safety

• C libmagic: Requires careful synchronization
• libmagic-rs: Thread-safe by design (when complete)

Migration Strategies

Direct Replacement

For simple use cases, libmagic-rs can be a drop-in replacement:

#![allow(unused)]
fn main() {
// Before (C)
// const char* type = magic_file(magic, path);

// After (Rust)
let result = db.evaluate_file(path)?;
let type_str = &result.description;
}

Gradual Migration

For complex applications:

1. Start with new code: Use libmagic-rs for new features
2. Wrap existing code: Create Rust wrappers around C libmagic calls
3. Replace incrementally: Migrate modules one at a time
4. Remove C dependency: Complete the migration

Compatibility Notes

Magic File Format

• Supported: Standard magic file syntax
• Extensions: Additional features planned (regex, etc.)
• Compatibility: Existing magic files should work

Output Format

• Text mode: Compatible with GNU file command
• JSON mode: New structured format for modern applications
• MIME types: Similar to file --mime-type

Performance

• Memory usage: Comparable to C libmagic
• Speed: Target within 10% of C performance
• Startup: Faster with compiled rule caching

Common Migration Issues

Error Handling Patterns

C libmagic:

if (magic_load(magic, NULL) != 0) {
    fprintf(stderr, "Error: %s\n", magic_error(magic));
    return -1;
}

libmagic-rs:

#![allow(unused)]
fn main() {
let db = match MagicDatabase::load_from_file("magic.db") {
    Ok(db) => db,
    Err(e) => {
        eprintln!("Error: {}", e);
        return Err(e);
    }
};
}

Resource Management

C libmagic:

magic_t magic = magic_open(flags);
// ... use magic ...
magic_close(magic);  // Manual cleanup required

libmagic-rs:

#![allow(unused)]
fn main() {
{
    let db = MagicDatabase::load_from_file("magic.db")?;
    // ... use db ...
}  // Automatic cleanup when db goes out of scope
}

Best Practices

Error Handling

• Use ? operator for error propagation
• Match on specific error types when needed
• Provide context with error messages

Performance

• Reuse MagicDatabase instances when possible
• Consider caching for frequently accessed files
• Use appropriate configuration for your use case

Testing

• Test with your existing magic files
• Verify output compatibility with your applications
• Benchmark performance for your workload

Future Compatibility

libmagic-rs aims to maintain compatibility with:

• Standard magic file format: Core syntax will remain supported
• GNU file output: Text output format compatibility
• Common use cases: Drop-in replacement for most applications

Getting Help

If you encounter migration issues:

• Check the troubleshooting guide
• Search existing issues
• Ask questions in discussions
• Report bugs with minimal reproduction cases

Troubleshooting

Common issues and solutions when using libmagic-rs.

Installation Issues

Rust Version Compatibility

Problem: Build fails with older Rust versions

error: package `libmagic-rs v0.1.0` cannot be built because it requires rustc 1.85 or newer

Solution: Update Rust to version 1.85 or newer

rustup update stable
rustc --version  # Should show 1.85+

Dependency Conflicts

Problem: Cargo fails to resolve dependencies

error: failed to select a version for the requirement `serde = "^1.0"`

Solution: Clean and rebuild

cargo clean
rm Cargo.lock
cargo build

Runtime Issues

Magic File Loading Errors

Problem: Cannot load magic file

Error: Parse error at line 42: Invalid offset specification

Solutions:

1. Check file path: Ensure the magic file exists and is readable
2. Validate syntax: Check the magic file format at the specified line
3. Use absolute paths: Relative paths may not resolve correctly

#![allow(unused)]
fn main() {
// Use absolute path
let db = MagicDatabase::load_from_file("/usr/share/misc/magic")?;

// Or check if file exists first
use std::path::Path;
let magic_path = "magic.db";
if !Path::new(magic_path).exists() {
    eprintln!("Magic file not found: {}", magic_path);
    return;
}
}

File Evaluation Errors

Problem: File analysis fails

Error: IO error: Permission denied (os error 13)

Solutions:

1. Check permissions: Ensure the file is readable
2. Handle missing files: Check if file exists before analysis
3. Use proper error handling: Match specific error types

#![allow(unused)]
fn main() {
use libmagic_rs::LibmagicError;

match db.evaluate_file("example.bin") {
    Ok(result) => println!("Type: {}", result.description),
    Err(LibmagicError::IoError(e)) => {
        eprintln!("Cannot access file: {}", e);
    }
    Err(e) => eprintln!("Analysis failed: {}", e),
}
}

Performance Issues

Slow File Analysis

Problem: File analysis takes too long

Solutions:

1. Optimize configuration: Reduce recursion depth and string length limits
2. Use early termination: Stop at first match for faster results
3. Check file size: Large files may need special handling

#![allow(unused)]
fn main() {
let fast_config = EvaluationConfig {
    max_recursion_depth: 5,
    max_string_length: 512,
    stop_at_first_match: true,
};

let result = db.evaluate_file_with_config("large_file.bin", &fast_config)?;
}

Memory Usage Issues

Problem: High memory consumption

Solutions:

1. Use memory mapping: Avoid loading entire files into memory
2. Limit string lengths: Reduce max_string_length in configuration
3. Process files individually: Don’t keep multiple databases in memory

#![allow(unused)]
fn main() {
// Process files one at a time
for file_path in file_list {
    let result = db.evaluate_file(&file_path)?;
    println!("{}: {}", file_path, result.description);
    // Result is dropped here, freeing memory
}
}

Development Issues

Compilation Errors

Problem: Clippy warnings treated as errors

error: this expression creates a reference which is immediately dereferenced

Solution: Fix clippy warnings or temporarily allow them for development

#![allow(unused)]
fn main() {
#[allow(clippy::needless_borrow)]
fn development_function() {
    // Temporary code
}
}

Better solution: Fix the underlying issue

#![allow(unused)]
fn main() {
// Instead of
let result = function(&value);

// Use
let result = function(value);
}

Test Failures

Problem: Tests fail on different platforms

Solutions:

1. Check file paths: Use platform-independent path handling
2. Handle endianness: Test both little and big-endian scenarios
3. Use conditional compilation: Platform-specific test cases

#![allow(unused)]
fn main() {
#[cfg(target_endian = "little")]
#[test]
fn test_little_endian_parsing() {
    // Little-endian specific test
}

#[cfg(target_endian = "big")]
#[test]
fn test_big_endian_parsing() {
    // Big-endian specific test
}
}

Magic File Issues

Syntax Errors

Problem: Magic file parsing fails

Parse error at line 15: Expected operator, found 'invalid'

Solutions:

1. Check syntax: Verify magic file format
2. Use comments: Add comments to document complex rules
3. Test incrementally: Add rules one at a time

# Good magic file syntax
0    string    \x7fELF    ELF executable
>4   byte      1          32-bit
>4   byte      2          64-bit

# Bad syntax (missing operator)
0    string    \x7fELF    # Missing value

Encoding Issues

Problem: String matching fails with non-ASCII content

Solutions:

1. Use byte sequences: For binary data, use hex escapes
2. Specify encoding: Use appropriate string types
3. Test with sample files: Verify rules work with real data

# Use hex escapes for binary data
0    string    \x7f\x45\x4c\x46    ELF

# Use quotes for text with spaces
0    string    "#!/bin/bash"        Bash script

Debugging Tips

Enable Logging

# Set log level for debugging
RUST_LOG=debug cargo run -- example.bin
RUST_LOG=libmagic_rs=trace cargo test

Use Debug Output

#![allow(unused)]
fn main() {
// Print debug information
println!("Evaluating rule: {:?}", rule);
println!("Buffer slice: {:?}", &buffer[offset..offset + length]);
}

Minimal Reproduction

When reporting issues:

1. Create minimal example: Simplest code that reproduces the problem
2. Include sample files: Provide test files that trigger the issue
3. Specify environment: OS, Rust version, dependency versions

// Minimal reproduction example
use libmagic_rs::MagicDatabase;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let db = MagicDatabase::load_from_file("simple.magic")?;
    let result = db.evaluate_file("test.bin")?;
    println!("Result: {}", result.description);
    Ok(())
}

Getting Help

Check Documentation

• API Reference
• Architecture Overview
• Development Guide

Search Existing Issues

• GitHub Issues
• GitHub Discussions

Report New Issues

When creating an issue, include:

• Rust version: rustc --version
• Library version: From Cargo.toml
• Operating system: OS and version
• Minimal reproduction: Smallest example that shows the problem
• Expected behavior: What should happen
• Actual behavior: What actually happens
• Error messages: Complete error output

Community Support

• Discussions: Ask questions and share ideas
• Discord/IRC: Real-time community chat (if available)
• Stack Overflow: Tag questions with libmagic-rs

This troubleshooting guide covers the most common issues. For specific problems not covered here, please check the existing issues or create a new one with detailed information.

Development Setup

This guide covers setting up a development environment for contributing to libmagic-rs, including tools, workflows, and best practices.

Current Implementation Status

Project Phase: Active Development with Solid Foundation

Completed Components ✅

• Core AST Structures: Complete with 29 comprehensive unit tests
• Parser Components: Numbers, offsets, operators, values (50 unit tests)
• CLI Framework: Basic command-line interface with clap
• Code Quality: Zero-warnings policy with comprehensive linting
• Serialization: Full serde support for all data structures
• Memory Safety: Zero unsafe code with bounds checking

In Progress 🔄

• Complete Magic File Parser: Integration of parsing components
• Rule Evaluation Engine: Offset resolution and type interpretation
• Memory-Mapped I/O: Efficient file access with memmap2
• Output Formatters: Text and JSON result formatting

Test Coverage

Current test suite includes 79 passing unit tests:

# Run current test suite
cargo test
# Output: running 79 tests ... test result: ok. 79 passed; 0 failed

Test Categories:

• AST structure tests (29 tests)
• Parser component tests (50 tests)
• Serialization round-trip tests
• Edge case and boundary value tests
• Error condition handling tests

Prerequisites

Required Tools

• Rust 1.85+ with the 2021 edition
• Git for version control
• Cargo (included with Rust)

Recommended Tools

# Enhanced test runner
cargo install cargo-nextest

# Auto-rebuild on file changes
cargo install cargo-watch

# Code coverage
cargo install cargo-llvm-cov

# Security auditing
cargo install cargo-audit

# Dependency analysis
cargo install cargo-tree

# Documentation tools
cargo install mdbook  # For this documentation

Environment Setup

1. Clone the Repository

git clone https://github.com/EvilBit-Labs/libmagic-rs.git
cd libmagic-rs

2. Verify Setup

# Check Rust version
rustc --version  # Should be 1.85+

# Verify project builds
cargo check

# Run tests
cargo test

# Check linting passes
cargo clippy -- -D warnings

3. IDE Configuration

VS Code

Recommended extensions:

• rust-analyzer: Rust language server
• CodeLLDB: Debugging support
• Better TOML: TOML syntax highlighting
• Error Lens: Inline error display

Settings (.vscode/settings.json):

{
  "rust-analyzer.check.command": "clippy",
  "rust-analyzer.check.extraArgs": [
    "--",
    "-D",
    "warnings"
  ],
  "rust-analyzer.cargo.features": "all"
}

Other IDEs

• IntelliJ IDEA: Use the Rust plugin
• Vim/Neovim: Configure with rust-analyzer LSP
• Emacs: Use rustic-mode with lsp-mode

Development Workflow

Daily Development

# Start development session
cargo watch -x check -x test

# In another terminal, make changes and see results automatically

Code Quality Checks

# Format code (required before commits)
cargo fmt

# Check for issues (must pass)
cargo clippy -- -D warnings

# Run all tests
cargo nextest run  # or cargo test

# Check documentation
cargo doc --document-private-items

Testing Strategy

# Run specific test modules
cargo test ast_structures
cargo test parser
cargo test evaluator

# Run tests with output
cargo test -- --nocapture

# Run ignored tests (if any)
cargo test -- --ignored

# Test documentation examples
cargo test --doc

Project Standards

Code Style

The project enforces strict code quality standards:

Linting Configuration

See Cargo.toml for the complete linting setup. Key rules:

• No unsafe code: unsafe_code = "forbid"
• Zero warnings: warnings = "deny"
• Comprehensive clippy: Pedantic, nursery, and security lints enabled
• No unwrap/panic: unwrap_used = "deny", panic = "deny"

Formatting

# Format all code (required)
cargo fmt

# Check formatting without changing files
cargo fmt -- --check

Documentation Standards

Code Documentation

All public APIs must have rustdoc comments:

#![allow(unused)]
fn main() {
/// Parses a magic file into an AST
///
/// This function reads a magic file from the given path and parses it into
/// a vector of `MagicRule` structures that can be used for file type detection.
///
/// # Arguments
///
/// * `path` - Path to the magic file to parse
///
/// # Returns
///
/// Returns `Ok(Vec<MagicRule>)` on success, or `Err(LibmagicError)` if parsing fails.
///
/// # Errors
///
/// This function will return an error if:
/// - The file cannot be read
/// - The magic file syntax is invalid
/// - Memory allocation fails
///
/// # Examples
///
/// ```rust,no_run
/// use libmagic_rs::parser::parse_magic_file;
///
/// let rules = parse_magic_file("magic.db")?;
/// println!("Loaded {} rules", rules.len());
/// # Ok::<(), Box<dyn std::error::Error>>(())
/// ```
pub fn parse_magic_file<P: AsRef<Path>>(path: P) -> Result<Vec<MagicRule>> {
    // Implementation
}
}

Module Documentation

Each module should have comprehensive documentation:

#![allow(unused)]
fn main() {
//! Magic file parser module
//!
//! This module handles parsing of magic files into an Abstract Syntax Tree (AST)
//! that can be evaluated against file buffers for type identification.
//!
//! # Magic File Format
//!
//! Magic files use a simple DSL to describe file type detection rules:
//!
//! ```text
//! # ELF files
//! 0    string    \x7fELF    ELF
//! >4   byte      1          32-bit
//! >4   byte      2          64-bit
//! ```
//!
//! # Examples
//!
//! ```rust,no_run
//! use libmagic_rs::parser::parse_magic_file;
//!
//! let rules = parse_magic_file("magic.db")?;
//! # Ok::<(), Box<dyn std::error::Error>>(())
//! ```
}

Testing Standards

Unit Tests

Every module should have comprehensive unit tests:

#![allow(unused)]
fn main() {
#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_basic_functionality() {
        // Test basic case
        let result = function_under_test();
        assert_eq!(result, expected_value);
    }

    #[test]
    fn test_error_conditions() {
        // Test error handling
        let result = function_that_should_fail();
        assert!(result.is_err());
    }

    #[test]
    fn test_edge_cases() {
        // Test boundary conditions
        // Empty inputs, maximum values, etc.
    }
}
}

Integration Tests

Place integration tests in the tests/ directory:

#![allow(unused)]
fn main() {
// tests/integration_test.rs
use libmagic_rs::*;

#[test]
fn test_end_to_end_workflow() {
    // Test complete workflows
    let db = MagicDatabase::load_from_file("third_party/magic.mgc").unwrap();
    let result = db
        .evaluate_file("third_party/tests/elf64.testfile")
        .unwrap();
    assert_eq!(result.description, "ELF 64-bit LSB executable");
}
}

Error Handling

Use the project’s error types consistently:

#![allow(unused)]
fn main() {
use thiserror::Error;

#[derive(Debug, Error)]
pub enum ModuleError {
    #[error("Invalid input: {0}")]
    InvalidInput(String),

    #[error("Processing failed: {reason}")]
    ProcessingFailed { reason: String },

    #[error("IO error: {0}")]
    IoError(#[from] std::io::Error),
}

pub type Result<T> = std::result::Result<T, ModuleError>;
}

Contribution Workflow

1. Issue Creation

Before starting work:

• Check existing issues and discussions
• Create an issue describing the problem or feature
• Wait for maintainer feedback on approach

2. Branch Creation

# Create feature branch
git checkout -b feature/descriptive-name

# Or for bug fixes
git checkout -b fix/issue-description

3. Development Process

# Make changes following the standards above
# Run checks frequently
cargo watch -x check -x test

# Before committing
cargo fmt
cargo clippy -- -D warnings
cargo test

4. Commit Guidelines

Use conventional commit format:

# Feature commits
git commit -m "feat(parser): add support for indirect offsets"

# Bug fixes
git commit -m "fix(evaluator): handle buffer overflow in string reading"

# Documentation
git commit -m "docs(api): add examples for MagicRule creation"

# Tests
git commit -m "test(ast): add comprehensive serialization tests"

5. Pull Request Process

1. Push branch: git push origin feature/descriptive-name
2. Create PR with:
   • Clear description of changes
   • Reference to related issues
   • Test coverage information
   • Breaking change notes (if any)
3. Address feedback from code review
4. Ensure CI passes all checks

Debugging

Logging

Use the log crate for debugging:

#![allow(unused)]
fn main() {
use log::{debug, error, info, warn};

pub fn parse_rule(input: &str) -> Result<MagicRule> {
    debug!("Parsing rule: {}", input);

    let result = do_parsing(input)?;

    info!("Successfully parsed rule: {}", result.message);
    Ok(result)
}
}

Run with logging:

RUST_LOG=debug cargo test
RUST_LOG=libmagic_rs=trace cargo run

Debugging Tests

# Run single test with output
cargo test test_name -- --nocapture

# Debug with lldb/gdb
cargo test --no-run
lldb target/debug/deps/libmagic_rs-<hash>

Performance Profiling

# Install profiling tools
cargo install cargo-flamegraph

# Profile specific benchmarks
cargo flamegraph --bench evaluation_bench

# Memory profiling with valgrind
cargo build
valgrind --tool=massif target/debug/rmagic large_file.bin

Continuous Integration

The project uses GitHub Actions for CI. Local checks should match CI:

# Run the same checks as CI
cargo fmt -- --check
cargo clippy -- -D warnings
cargo test
cargo doc --document-private-items

Release Process

For maintainers:

Version Bumping

# Update version in Cargo.toml
# Update CHANGELOG.md
# Commit changes
git commit -m "chore: bump version to 0.2.0"
git tag v0.2.0
git push origin main --tags

Documentation Updates

# Update documentation
mdbook build docs/
# Deploy to GitHub Pages (automated)

This development setup ensures high code quality, comprehensive testing, and smooth collaboration across the project.

Code Style

libmagic-rs follows strict code style guidelines to ensure consistency, readability, and maintainability across the codebase.

Formatting

Rustfmt Configuration

The project uses rustfmt with default settings. All code must be formatted before committing:

# Format all code
cargo fmt

# Check formatting without changing files
cargo fmt -- --check

Key Formatting Rules

• Line length: 100 characters (rustfmt default)
• Indentation: 4 spaces (no tabs)
• Trailing commas: Required in multi-line constructs
• Import organization: Automatic grouping and sorting

#![allow(unused)]
fn main() {
// Good: Proper formatting
use std::collections::HashMap;
use std::path::Path;

use serde::{Deserialize, Serialize};
use thiserror::Error;

use crate::parser::ast::MagicRule;

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct EvaluationResult {
    pub description: String,
    pub mime_type: Option<String>,
    pub confidence: f64,
}
}

Naming Conventions

Types and Structs

Use PascalCase for types, structs, enums, and traits:

#![allow(unused)]
fn main() {
// Good
pub struct MagicDatabase {}
pub enum OffsetSpec {}
pub trait BinaryRegex {}

// Bad
pub struct magic_database {}
pub enum offset_spec {}
}

Functions and Variables

Use snake_case for functions, methods, and variables:

#![allow(unused)]
fn main() {
// Good
pub fn parse_magic_file(path: &Path) -> Result<Vec<MagicRule>> { }
let magic_rules = vec![];
let file_buffer = FileBuffer::new(path)?;

// Bad
pub fn ParseMagicFile(path: &Path) -> Result<Vec<MagicRule>> { }
let magicRules = vec![];
}

Constants

Use SCREAMING_SNAKE_CASE for constants:

#![allow(unused)]
fn main() {
// Good
const DEFAULT_BUFFER_SIZE: usize = 8192;
const MAX_RECURSION_DEPTH: u32 = 50;

// Bad
const default_buffer_size: usize = 8192;
const maxRecursionDepth: u32 = 50;
}

Modules

Use snake_case for module names:

#![allow(unused)]
fn main() {
// Good
mod file_evaluator;
mod magic_parser;
mod output_formatter;

// Bad
mod MagicParser;
mod fileEvaluator;
}

Documentation Standards

Public API Documentation

All public items must have rustdoc comments with examples:

#![allow(unused)]
fn main() {
/// Parses a magic file into a vector of magic rules
///
/// This function reads a magic file from the specified path and parses it into
/// a collection of `MagicRule` structures that can be used for file type detection.
///
/// # Arguments
///
/// * `path` - Path to the magic file to parse
///
/// # Returns
///
/// Returns `Ok(Vec<MagicRule>)` on success, or `Err(LibmagicError)` if parsing fails.
///
/// # Errors
///
/// This function will return an error if:
/// - The file cannot be read due to permissions or missing file
/// - The magic file contains invalid syntax
/// - Memory allocation fails during parsing
///
/// # Examples
///
/// ```rust,no_run
/// use libmagic_rs::parser::parse_magic_file;
///
/// let rules = parse_magic_file("magic.db")?;
/// println!("Loaded {} magic rules", rules.len());
/// # Ok::<(), Box<dyn std::error::Error>>(())
/// ```
pub fn parse_magic_file<P: AsRef<Path>>(path: P) -> Result<Vec<MagicRule>> {
    // Implementation
}
}

Module Documentation

Each module should have comprehensive documentation:

#![allow(unused)]
fn main() {
//! Magic file parser module
//!
//! This module handles parsing of magic files into an Abstract Syntax Tree (AST)
//! that can be evaluated against file buffers for type identification.
//!
//! The parser uses nom combinators for robust, efficient parsing with good
//! error reporting. It supports the standard magic file format with extensions
//! for modern file types.
//!
//! # Examples
//!
//! ```rust,no_run
//! use libmagic_rs::parser::parse_magic_file;
//!
//! let rules = parse_magic_file("magic.db")?;
//! for rule in &rules {
//!     println!("Rule: {}", rule.message);
//! }
//! # Ok::<(), Box<dyn std::error::Error>>(())
//! ```
}

Inline Comments

Use inline comments sparingly, focusing on why rather than what:

#![allow(unused)]
fn main() {
// Good: Explains reasoning
// Use indirect offset to handle relocatable executables
let actual_offset = resolve_indirect_offset(base_offset, buffer)?;

// Bad: States the obvious
// Set the offset to the resolved value
let actual_offset = resolved_offset;
}

Error Handling Style

Use Result Types

Always use Result for fallible operations:

#![allow(unused)]
fn main() {
// Good
pub fn parse_offset(input: &str) -> Result<OffsetSpec> {
    // Implementation that can fail
}

// Bad: Using Option for errors
pub fn parse_offset(input: &str) -> Option<OffsetSpec> {
    // Loses error information
}

// Bad: Using panics
pub fn parse_offset(input: &str) -> OffsetSpec {
    // Implementation that panics on error
    input.parse().unwrap()
}
}

Descriptive Error Messages

Provide context in error messages:

#![allow(unused)]
fn main() {
// Good: Specific, actionable error
return Err(LibmagicError::ParseError {
    line: line_number,
    message: format!("Invalid offset '{}': expected number or hex value", input),
});

// Bad: Generic error
return Err(LibmagicError::ParseError {
    line: line_number,
    message: "parse error".to_string(),
});
}

Error Propagation

Use the ? operator for error propagation:

#![allow(unused)]
fn main() {
// Good
pub fn load_and_parse(path: &Path) -> Result<Vec<MagicRule>> {
    let content = std::fs::read_to_string(path)?;
    let rules = parse_magic_string(&content)?;
    Ok(rules)
}

// Avoid: Manual error handling when ? works
pub fn load_and_parse(path: &Path) -> Result<Vec<MagicRule>> {
    let content = match std::fs::read_to_string(path) {
        Ok(content) => content,
        Err(e) => return Err(LibmagicError::IoError(e)),
    };
    // ...
}
}

Code Organization

Import Organization

Group imports in this order:

1. Standard library
2. External crates
3. Internal crates/modules

#![allow(unused)]
fn main() {
// Standard library
use std::collections::HashMap;
use std::path::Path;

// External crates
use nom::{IResult, bytes::complete::tag};
use serde::{Deserialize, Serialize};
use thiserror::Error;

// Internal modules
use crate::evaluator::EvaluationContext;
use crate::parser::ast::{MagicRule, OffsetSpec};
}

Function Organization

Organize functions logically within modules:

#![allow(unused)]
fn main() {
impl MagicRule {
    // Constructors first
    pub fn new(/* ... */) -> Self {}

    // Public methods
    pub fn evaluate(&self, buffer: &[u8]) -> Result<bool> {}
    pub fn message(&self) -> &str {}

    // Private helpers last
    fn validate_offset(&self) -> bool {}
}
}

File Organization

Keep files focused and reasonably sized (< 500-600 lines):

#![allow(unused)]
fn main() {
// Good: Focused module
// src/parser/offset.rs - Only offset parsing logic

// Bad: Everything in one file
// src/parser/mod.rs - All parsing logic (thousands of lines)
}

Testing Style

Test Organization

#![allow(unused)]
fn main() {
#[cfg(test)]
mod tests {
    use super::*;

    // Group related tests
    mod offset_parsing {
        use super::*;

        #[test]
        fn test_absolute_offset() {
            // Test implementation
        }

        #[test]
        fn test_indirect_offset() {
            // Test implementation
        }
    }

    mod error_handling {
        use super::*;

        #[test]
        fn test_invalid_syntax_error() {
            // Test implementation
        }
    }
}
}

Test Naming

Use descriptive test names that explain the scenario:

#![allow(unused)]
fn main() {
// Good: Descriptive names
#[test]
fn test_parse_absolute_offset_with_hex_value() {}

#[test]
fn test_parse_offset_returns_error_for_invalid_syntax() {}

// Bad: Generic names
#[test]
fn test_parse_offset() {}

#[test]
fn test_error() {}
}

Assertion Style

Use specific assertions with helpful messages:

#![allow(unused)]
fn main() {
// Good: Specific assertion with context
assert_eq!(
    result.unwrap().message,
    "ELF executable",
    "Magic rule should identify ELF files correctly"
);

// Good: Pattern matching for complex types
match result {
    Ok(OffsetSpec::Absolute(offset)) => assert_eq!(offset, 42),
    _ => panic!("Expected absolute offset with value 42"),
}

// Avoid: Generic assertions
assert!(result.is_ok());
}

Performance Considerations

Prefer Borrowing

Use references instead of owned values when possible:

#![allow(unused)]
fn main() {
// Good: Borrowing
pub fn evaluate_rule(rule: &MagicRule, buffer: &[u8]) -> Result<bool> {}

// Avoid: Unnecessary ownership
pub fn evaluate_rule(rule: MagicRule, buffer: Vec<u8>) -> Result<bool> {}
}

Avoid Unnecessary Allocations

#![allow(unused)]
fn main() {
// Good: String slice
pub fn parse_message(input: &str) -> &str {
    input.trim()
}

// Avoid: Unnecessary allocation
pub fn parse_message(input: &str) -> String {
    input.trim().to_string()
}
}

Use Appropriate Data Structures

#![allow(unused)]
fn main() {
// Good: Vec for ordered data
let rules: Vec<MagicRule> = parse_rules(input)?;

// Good: HashMap for key-value lookups
let mime_types: HashMap<String, String> = load_mime_mappings()?;

// Consider: BTreeMap for sorted keys
let sorted_rules: BTreeMap<u32, MagicRule> = rules_by_priority();
}

This style guide ensures consistent, readable, and maintainable code across the libmagic-rs project. All contributors should follow these guidelines, and automated tools enforce many of these rules during CI.

Testing Guidelines

Comprehensive testing guidelines for libmagic-rs to ensure code quality, reliability, and maintainability.

Testing Philosophy

libmagic-rs follows a comprehensive testing strategy:

• Unit tests: Test individual functions and methods in isolation
• Integration tests: Test complete workflows and component interactions
• Property tests: Use fuzzing to discover edge cases and ensure robustness
• Compatibility tests: Verify compatibility with existing magic files and GNU file output
• Performance tests: Ensure performance requirements are met

Test Organization

Directory Structure

libmagic-rs/
├── src/
│   ├── lib.rs              # Unit tests in #[cfg(test)] modules
│   ├── parser/
│   │   ├── mod.rs          # Parser unit tests
│   │   └── ast.rs          # AST unit tests
│   └── evaluator/
│       └── mod.rs          # Evaluator unit tests
├── tests/
│   ├── integration/        # Integration tests
│   ├── compatibility/      # GNU file compatibility tests
│   └── fixtures/           # Test data and expected outputs
│       ├── magic/          # Sample magic files
│       ├── samples/        # Test binary files
│       └── expected/       # Expected output files
└── benches/                # Performance benchmarks

Test Categories

Unit Tests

Located in #[cfg(test)] modules within source files:

#![allow(unused)]
fn main() {
#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_basic_functionality() {
        // Arrange
        let input = create_test_input();

        // Act
        let result = function_under_test(input);

        // Assert
        assert_eq!(result, expected_output);
    }
}
}

Integration Tests

Located in tests/ directory:

#![allow(unused)]
fn main() {
// tests/integration/basic_workflow.rs
use libmagic_rs::{EvaluationConfig, MagicDatabase};

#[test]
fn test_complete_file_analysis_workflow() {
    let db = MagicDatabase::load_from_file("tests/fixtures/magic/basic.magic")
        .expect("Failed to load magic database");

    let result = db
        .evaluate_file("tests/fixtures/samples/elf64")
        .expect("Failed to evaluate file");

    assert_eq!(result.description, "ELF 64-bit LSB executable");
}
}

Writing Effective Tests

Test Naming

Use descriptive names that explain the scenario being tested:

#![allow(unused)]
fn main() {
// Good: Descriptive test names
#[test]
fn test_parse_absolute_offset_with_positive_decimal_value() {}

#[test]
fn test_parse_absolute_offset_with_hexadecimal_value() {}

#[test]
fn test_parse_offset_returns_error_for_invalid_syntax() {}

// Bad: Generic test names
#[test]
fn test_parse_offset() {}

#[test]
fn test_error_case() {}
}

Test Structure

Follow the Arrange-Act-Assert pattern:

#![allow(unused)]
fn main() {
#[test]
fn test_magic_rule_evaluation_with_matching_bytes() {
    // Arrange
    let rule = MagicRule {
        offset: OffsetSpec::Absolute(0),
        typ: TypeKind::Byte,
        op: Operator::Equal,
        value: Value::Uint(0x7f),
        message: "ELF magic".to_string(),
        children: vec![],
        level: 0,
    };
    let buffer = vec![0x7f, 0x45, 0x4c, 0x46]; // ELF magic

    // Act
    let result = evaluate_rule(&rule, &buffer);

    // Assert
    assert!(result.is_ok());
    assert!(result.unwrap());
}
}

Assertion Best Practices

Use specific assertions with helpful error messages:

#![allow(unused)]
fn main() {
// Good: Specific assertions
assert_eq!(result.description, "ELF executable");
assert!(result.confidence > 0.8);

// Good: Custom error messages
assert_eq!(
    parsed_offset,
    OffsetSpec::Absolute(42),
    "Parser should correctly handle decimal offset values"
);

// Good: Pattern matching for complex types
match result {
    Ok(OffsetSpec::Indirect { base_offset, adjustment, .. }) => {
        assert_eq!(base_offset, 0x20);
        assert_eq!(adjustment, 4);
    }
    _ => panic!("Expected indirect offset specification"),
}

// Avoid: Generic assertions
assert!(result.is_ok());
assert_ne!(value, 0);
}

Error Testing

Test error conditions thoroughly:

#![allow(unused)]
fn main() {
#[test]
fn test_parse_magic_file_with_invalid_syntax() {
    let invalid_magic = "0 invalid_type value message";

    let result = parse_magic_string(invalid_magic);

    assert!(result.is_err());
    match result {
        Err(LibmagicError::ParseError { line, message }) => {
            assert_eq!(line, 1);
            assert!(message.contains("invalid_type"));
        }
        _ => panic!("Expected ParseError for invalid syntax"),
    }
}

#[test]
fn test_file_evaluation_with_missing_file() {
    let db = MagicDatabase::load_from_file("tests/fixtures/magic/basic.magic").unwrap();

    let result = db.evaluate_file("nonexistent_file.bin");

    assert!(result.is_err());
    match result {
        Err(LibmagicError::IoError(_)) => (), // Expected
        _ => panic!("Expected IoError for missing file"),
    }
}
}

Edge Case Testing

Test boundary conditions and edge cases:

#![allow(unused)]
fn main() {
#[test]
fn test_offset_parsing_edge_cases() {
    // Test zero offset
    let result = parse_offset("0");
    assert_eq!(result.unwrap(), OffsetSpec::Absolute(0));

    // Test maximum positive offset
    let result = parse_offset(&i64::MAX.to_string());
    assert_eq!(result.unwrap(), OffsetSpec::Absolute(i64::MAX));

    // Test negative offset
    let result = parse_offset("-1");
    assert_eq!(result.unwrap(), OffsetSpec::Absolute(-1));

    // Test empty input
    let result = parse_offset("");
    assert!(result.is_err());
}
}

Property-Based Testing

Use proptest for fuzzing and property-based testing:

#![allow(unused)]
fn main() {
use proptest::prelude::*;

proptest! {
    #[test]
    fn test_magic_rule_serialization_roundtrip(rule in any::<MagicRule>()) {
        // Property: serialization should be reversible
        let json = serde_json::to_string(&rule)?;
        let deserialized: MagicRule = serde_json::from_str(&json)?;
        prop_assert_eq!(rule, deserialized);
    }

    #[test]
    fn test_offset_resolution_never_panics(
        offset in any::<OffsetSpec>(),
        buffer in prop::collection::vec(any::<u8>(), 0..1024)
    ) {
        // Property: offset resolution should never panic
        let _ = resolve_offset(&offset, &buffer, 0);
        // If we reach here without panicking, the test passes
    }
}
}

Test Data Management

Fixture Organization

Organize test data systematically:

tests/fixtures/
├── magic/
│   ├── basic.magic         # Simple rules for testing
│   ├── complex.magic       # Complex hierarchical rules
│   └── invalid.magic       # Invalid syntax for error testing
├── samples/
│   ├── elf32               # 32-bit ELF executable
│   ├── elf64               # 64-bit ELF executable
│   ├── zip_archive.zip     # ZIP file
│   └── text_file.txt       # Plain text file
└── expected/
    ├── elf32.txt           # Expected output for elf32
    ├── elf64.json          # Expected JSON output for elf64
    └── compatibility.txt   # GNU file compatibility results

Creating Test Fixtures

#![allow(unused)]
fn main() {
// Helper function for creating test data
fn create_elf_magic_rule() -> MagicRule {
    MagicRule {
        offset: OffsetSpec::Absolute(0),
        typ: TypeKind::Long {
            endian: Endianness::Little,
            signed: false,
        },
        op: Operator::Equal,
        value: Value::Bytes(vec![0x7f, 0x45, 0x4c, 0x46]),
        message: "ELF executable".to_string(),
        children: vec![],
        level: 0,
    }
}

// Helper for creating test buffers
fn create_elf_buffer() -> Vec<u8> {
    let mut buffer = vec![0x7f, 0x45, 0x4c, 0x46]; // ELF magic
    buffer.extend_from_slice(&[0x02, 0x01, 0x01, 0x00]); // 64-bit, little-endian
    buffer.resize(64, 0); // Pad to minimum ELF header size
    buffer
}
}

Compatibility Testing

GNU File Comparison

Test compatibility with GNU file command:

#![allow(unused)]
fn main() {
#[test]
fn test_gnu_file_compatibility() {
    use std::process::Command;

    let sample_file = "tests/fixtures/samples/elf64";

    // Get GNU file output
    let gnu_output = Command::new("file")
        .arg("--brief")
        .arg(sample_file)
        .output()
        .expect("Failed to run GNU file command");

    let gnu_result = String::from_utf8(gnu_output.stdout)
        .expect("Invalid UTF-8 from GNU file")
        .trim();

    // Get libmagic-rs output
    let db = MagicDatabase::load_from_file("tests/fixtures/magic/standard.magic").unwrap();
    let result = db.evaluate_file(sample_file).unwrap();

    // Compare results (allowing for minor differences)
    assert!(
        results_are_compatible(&result.description, gnu_result),
        "libmagic-rs output '{}' not compatible with GNU file output '{}'",
        result.description,
        gnu_result
    );
}

fn results_are_compatible(rust_output: &str, gnu_output: &str) -> bool {
    // Implement compatibility checking logic
    // Allow for minor differences in formatting, version numbers, etc.
    rust_output.contains("ELF") && gnu_output.contains("ELF")
}
}

Performance Testing

Benchmark Tests

Use criterion for performance benchmarks:

#![allow(unused)]
fn main() {
// benches/evaluation_bench.rs
use criterion::{Criterion, black_box, criterion_group, criterion_main};
use libmagic_rs::{EvaluationConfig, MagicDatabase};

fn bench_file_evaluation(c: &mut Criterion) {
    let db = MagicDatabase::load_from_file("tests/fixtures/magic/standard.magic")
        .expect("Failed to load magic database");

    c.bench_function("evaluate_elf_file", |b| {
        b.iter(|| {
            db.evaluate_file(black_box("tests/fixtures/samples/elf64"))
                .expect("Evaluation failed")
        })
    });
}

criterion_group!(benches, bench_file_evaluation);
criterion_main!(benches);
}

Performance Regression Testing

#![allow(unused)]
fn main() {
#[test]
fn test_evaluation_performance() {
    use std::time::Instant;

    let db = MagicDatabase::load_from_file("tests/fixtures/magic/standard.magic").unwrap();

    let start = Instant::now();
    let _result = db
        .evaluate_file("tests/fixtures/samples/large_file.bin")
        .unwrap();
    let duration = start.elapsed();

    // Ensure evaluation completes within reasonable time
    assert!(
        duration.as_millis() < 100,
        "File evaluation took too long: {}ms",
        duration.as_millis()
    );
}
}

Test Execution

Running Tests

# Run all tests
cargo test

# Run with nextest (faster, better output)
cargo nextest run

# Run specific test modules
cargo test ast_structures
cargo test integration

# Run tests with output
cargo test -- --nocapture

# Run ignored tests
cargo test -- --ignored

# Run property tests with more cases
PROPTEST_CASES=10000 cargo test proptest

Coverage Analysis

# Install coverage tools
cargo install cargo-llvm-cov

# Generate coverage report
cargo llvm-cov --html --open

# Coverage for specific tests
cargo llvm-cov --html --tests integration

Continuous Integration

Ensure tests run in CI with multiple configurations:

# .github/workflows/test.yml
strategy:
  matrix:
    os: [ubuntu-latest, macos-latest, windows-latest]
    rust: [stable, beta]

steps:
  - name: Run tests
    run: cargo nextest run --all-features

  - name: Run property tests
    run: cargo test proptest
    env:
      PROPTEST_CASES: 1000

  - name: Check compatibility
    run: cargo test compatibility
    if: matrix.os == 'ubuntu-latest'

Test Maintenance

Keeping Tests Updated

• Update fixtures: When adding new file format support
• Maintain compatibility: Update compatibility tests when GNU file changes
• Performance baselines: Update performance expectations as optimizations are added
• Documentation: Keep test documentation current with implementation

Test Debugging

#![allow(unused)]
fn main() {
// Use debug output for failing tests
#[test]
fn debug_failing_test() {
    let result = function_under_test();
    println!("Debug output: {:?}", result);
    assert_eq!(result, expected_value);
}

// Use conditional compilation for debug tests
#[cfg(test)]
#[cfg(feature = "debug-tests")]
mod debug_tests {
    #[test]
    fn verbose_test() {
        // Detailed debugging test
    }
}
}

This comprehensive testing approach ensures libmagic-rs maintains high quality, reliability, and compatibility throughout its development lifecycle.

Release Process

This document outlines the release process for libmagic-rs, including version management, testing procedures, and deployment steps.

Release Types

Semantic Versioning

libmagic-rs follows Semantic Versioning (SemVer):

• Major version (X.0.0): Breaking API changes
• Minor version (0.X.0): New features, backward compatible
• Patch version (0.0.X): Bug fixes, backward compatible

Pre-release Versions

• Alpha (0.1.0-alpha.1): Early development, unstable API
• Beta (0.1.0-beta.1): Feature complete, API stabilizing
• Release Candidate (0.1.0-rc.1): Final testing before release

Release Checklist

Pre-Release Preparation

1. Code Quality Verification

# Ensure all tests pass
cargo test --all-features

# Check code formatting
cargo fmt -- --check

# Run comprehensive linting
cargo clippy -- -D warnings

# Verify documentation builds
cargo doc --document-private-items

# Run security audit
cargo audit

# Check for outdated dependencies
cargo outdated

2. Performance Validation

# Run benchmarks and compare with baseline
cargo bench

# Profile memory usage
cargo build --release
valgrind --tool=massif target/release/rmagic large_file.bin

# Test with large files and magic databases
./performance_test.sh

3. Compatibility Testing

# Test against GNU file compatibility suite
cargo test compatibility

# Test with various magic file formats
./test_magic_compatibility.sh

# Cross-platform testing
cargo test --target x86_64-pc-windows-gnu
cargo test --target aarch64-apple-darwin

4. Documentation Updates

• Update README.md with new features and changes
• Update CHANGELOG.md with release notes
• Review and update API documentation
• Update migration guide if needed
• Verify all examples work with new version

Version Bumping

1. Update Version Numbers

# Cargo.toml
[package]
name = "libmagic-rs"
version = "0.2.0"    # Update version

2. Update Documentation

#![allow(unused)]
fn main() {
// src/lib.rs - Update version in documentation
//! # libmagic-rs v0.2.0
//!
//! A pure-Rust implementation of libmagic...
}

3. Update Changelog

# Changelog

## [0.2.0] - 2024-03-15

### Added
- Magic file parser implementation
- Basic rule evaluation engine
- Memory-mapped file I/O support

### Changed
- Improved AST structure for better performance
- Enhanced error messages with more context

### Fixed
- Buffer overflow protection in string reading
- Proper handling of indirect offsets

### Breaking Changes
- `EvaluationConfig` structure modified
- `MagicRule::new()` signature changed

Release Creation

1. Create Release Branch

# Create release branch
git checkout -b release/v0.2.0

# Commit version updates
git add Cargo.toml CHANGELOG.md README.md
git commit -m "chore: bump version to 0.2.0"

# Push release branch
git push origin release/v0.2.0

2. Final Testing

# Clean build and test
cargo clean
cargo build --release
cargo test --release

# Integration testing
./integration_test.sh

# Performance regression testing
./performance_regression_test.sh

3. Create Pull Request

• Create PR from release branch to main
• Ensure all CI checks pass
• Get approval from maintainers
• Merge to main branch

4. Tag Release

# Switch to main branch
git checkout main
git pull origin main

# Create and push tag
git tag -a v0.2.0 -m "Release version 0.2.0"
git push origin v0.2.0

GitHub Release

1. Create GitHub Release

• Go to GitHub repository releases page
• Click “Create a new release”
• Select the version tag (v0.2.0)
• Use version number as release title
• Copy changelog content as release description

2. Release Assets

Include relevant assets:

• Source code (automatically included)
• Pre-compiled binaries (if applicable)
• Documentation archive
• Checksums file

Post-Release Tasks

1. Update Development Branch

# Create new development branch
git checkout -b develop
git push origin develop

# Update version to next development version
# Cargo.toml: version = "0.3.0-dev"
git add Cargo.toml
git commit -m "chore: bump version to 0.3.0-dev"
git push origin develop

2. Documentation Deployment

# Deploy documentation to GitHub Pages
mdbook build docs/
# Automated deployment via GitHub Actions

3. Announcement

• Update project README with latest version
• Post announcement in GitHub Discussions
• Update any external documentation or websites
• Notify users through appropriate channels

Hotfix Process

Critical Bug Fixes

For critical bugs that need immediate release:

1. Create Hotfix Branch

# Branch from latest release tag
git checkout v0.2.0
git checkout -b hotfix/v0.2.1

# Make minimal fix
# ... fix the critical bug ...

# Commit fix
git add .
git commit -m "fix: critical security vulnerability in offset parsing"

2. Test Hotfix

# Run focused tests
cargo test security
cargo test offset_parsing

# Run security audit
cargo audit

# Minimal integration testing
./critical_path_test.sh

3. Release Hotfix

# Update version to patch release
# Cargo.toml: version = "0.2.1"

# Update changelog
# Add entry for hotfix

# Commit and tag
git add Cargo.toml CHANGELOG.md
git commit -m "chore: bump version to 0.2.1"
git tag -a v0.2.1 -m "Hotfix release 0.2.1"

# Push hotfix
git push origin hotfix/v0.2.1
git push origin v0.2.1

4. Merge Back

# Merge hotfix to main
git checkout main
git merge hotfix/v0.2.1

# Merge hotfix to develop
git checkout develop
git merge hotfix/v0.2.1

# Clean up hotfix branch
git branch -d hotfix/v0.2.1
git push origin --delete hotfix/v0.2.1

Release Automation

GitHub Actions Workflow

# .github/workflows/release.yml
name: Release

on:
  push:
    tags:
      - v*

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Setup Rust
        uses: actions-rs/toolchain@v1
        with:
          toolchain: stable

      - name: Run tests
        run: cargo test --all-features

      - name: Build release
        run: cargo build --release

      - name: Create release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ github.ref }}
          draft: false
          prerelease: false

Automated Checks

#!/bin/bash
# scripts/pre_release_check.sh

set -e

echo "Running pre-release checks..."

# Code quality
cargo fmt -- --check
cargo clippy -- -D warnings

# Tests
cargo test --all-features
cargo test --doc

# Security
cargo audit

# Performance
cargo bench --bench evaluation_bench

# Documentation
cargo doc --document-private-items

echo "All pre-release checks passed!"

Release Schedule

Regular Releases

• Minor releases: Every 6-8 weeks
• Patch releases: As needed for bug fixes
• Major releases: When breaking changes accumulate

Release Windows

• Feature freeze: 1 week before release
• Code freeze: 3 days before release
• Release day: Tuesday (for maximum testing time)

Communication

• Release planning: Discussed in GitHub Issues/Discussions
• Release announcements: GitHub Releases, project README
• Breaking changes: Documented in migration guide

This release process ensures high-quality, reliable releases while maintaining clear communication with users and contributors.

API Reference

Note

This API reference describes the planned interface. The current implementation has placeholder functionality.

Complete API documentation for libmagic-rs library components.

Core Types

MagicDatabase

Main interface for loading and using magic rules.

#![allow(unused)]
fn main() {
pub struct MagicDatabase {/* ... */}

impl MagicDatabase {
    /// Load magic rules from a file
    pub fn load_from_file<P: AsRef<Path>>(path: P) -> Result<Self>;

    /// Evaluate magic rules against a file
    pub fn evaluate_file<P: AsRef<Path>>(&self, path: P) -> Result<EvaluationResult>;

    /// Evaluate magic rules against a buffer
    pub fn evaluate_buffer(&self, buffer: &[u8]) -> Result<EvaluationResult>;
}
}

EvaluationResult

Contains the results of file type identification.

#![allow(unused)]
fn main() {
pub struct EvaluationResult {
    /// Human-readable file type description
    pub description: String,

    /// Optional MIME type
    pub mime_type: Option<String>,

    /// Confidence score (0.0 to 1.0)
    pub confidence: f64,
}
}

EvaluationConfig

Configuration options for rule evaluation.

#![allow(unused)]
fn main() {
pub struct EvaluationConfig {
    /// Maximum recursion depth for nested rules
    pub max_recursion_depth: u32,

    /// Maximum string length to read
    pub max_string_length: usize,

    /// Stop at first match or continue for all matches
    pub stop_at_first_match: bool,
}

impl Default for EvaluationConfig {
    /* ... */
}
}

AST Types

MagicRule

Represents a complete magic rule.

#![allow(unused)]
fn main() {
pub struct MagicRule {
    pub offset: OffsetSpec,
    pub typ: TypeKind,
    pub op: Operator,
    pub value: Value,
    pub message: String,
    pub children: Vec<MagicRule>,
    pub level: u32,
}
}

OffsetSpec

Specifies where to read data in files.

#![allow(unused)]
fn main() {
pub enum OffsetSpec {
    Absolute(i64),
    Indirect {
        base_offset: i64,
        pointer_type: TypeKind,
        adjustment: i64,
        endian: Endianness,
    },
    Relative(i64),
    FromEnd(i64),
}
}

TypeKind

Defines how to interpret bytes.

#![allow(unused)]
fn main() {
pub enum TypeKind {
    Byte,
    Short { endian: Endianness, signed: bool },
    Long { endian: Endianness, signed: bool },
    String { max_length: Option<usize> },
}
}

Operator

Comparison and bitwise operators.

#![allow(unused)]
fn main() {
pub enum Operator {
    Equal,
    NotEqual,
    BitwiseAnd,
}
}

Value

Expected values for matching.

#![allow(unused)]
fn main() {
pub enum Value {
    Uint(u64),
    Int(i64),
    Bytes(Vec<u8>),
    String(String),
}
}

Endianness

Byte order specifications.

#![allow(unused)]
fn main() {
pub enum Endianness {
    Little,
    Big,
    Native,
}
}

Error Types

LibmagicError

Main error type for the library.

#![allow(unused)]
fn main() {
pub enum LibmagicError {
    ParseError { line: usize, message: String },
    EvaluationError(String),
    IoError(std::io::Error),
    InvalidFormat(String),
}
}

Result Type

Convenience type alias.

#![allow(unused)]
fn main() {
pub type Result<T> = std::result::Result<T, LibmagicError>;
}

Parser Module (Planned)

Functions

#![allow(unused)]
fn main() {
/// Parse magic file into AST
pub fn parse_magic_file<P: AsRef<Path>>(path: P) -> Result<Vec<MagicRule>>;

/// Parse magic rules from string
pub fn parse_magic_string(input: &str) -> Result<Vec<MagicRule>>;
}

Evaluator Module (Planned)

Functions

#![allow(unused)]
fn main() {
/// Evaluate rules against buffer
pub fn evaluate_rules(
    rules: &[MagicRule],
    buffer: &[u8],
    config: &EvaluationConfig,
) -> Result<Vec<Match>>;

/// Evaluate rules against file
pub fn evaluate_file<P: AsRef<Path>>(
    rules: &[MagicRule],
    path: P,
    config: &EvaluationConfig,
) -> Result<Vec<Match>>;
}

Output Module (Planned)

Functions

#![allow(unused)]
fn main() {
/// Format results as text
pub fn format_text(results: &[Match]) -> String;

/// Format results as JSON
pub fn format_json(results: &[Match]) -> Result<String>;
}

I/O Module (Planned)

FileBuffer

Memory-mapped file buffer.

#![allow(unused)]
fn main() {
pub struct FileBuffer {/* ... */}

impl FileBuffer {
    pub fn new<P: AsRef<Path>>(path: P) -> Result<Self>;
    pub fn as_slice(&self) -> &[u8];
    pub fn len(&self) -> usize;
    pub fn is_empty(&self) -> bool;
}
}

For complete API documentation with examples, run:

cargo doc --open

Appendix B: Command Reference

This appendix provides a comprehensive reference for all command-line options and usage patterns of the rmagic tool.

Command Syntax

rmagic [OPTIONS] <FILE>...

Options

Basic Options

<FILE>

• Type: Positional argument (required)

• Description: Path to the file(s) to analyze

• Multiple: Yes, can specify multiple files

• Examples:

  rmagic file.bin
  rmagic file1.exe file2.pdf file3.zip
  rmagic /path/to/directory/*
  

--help, -h

• Description: Display help information and exit

• Example:

  rmagic --help
  

--version, -V

• Description: Display version information and exit

• Example:

  rmagic --version
  

Output Format Options

--json

• Description: Output results in JSON format instead of text

• Default: Text format

• Example:

  rmagic --json file.bin
  

• Output Example:

  {
    "filename": "file.bin",
    "description": "ELF 64-bit LSB executable",
    "mime_type": "application/x-executable",
    "confidence": 1.0
  }
  

--text

• Description: Output results in text format (default behavior)

• Default: Enabled

• Example:

  rmagic --text file.bin
  # Output: file.bin: ELF 64-bit LSB executable
  

Magic Database Options

--magic-file <FILE>

• Description: Use a custom magic file instead of the default

• Type: Path to magic file

• Default: Built-in magic database

• Example:

  rmagic --magic-file custom.magic file.bin
  rmagic --magic-file /usr/share/misc/magic file.bin
  

Advanced Options (Planned)

--mime-type, -i

• Description: Output MIME type instead of description

• Status: 📋 Planned

• Example:

  rmagic --mime-type file.bin
  # Output: application/x-executable
  

--mime-encoding, -e

• Description: Output MIME encoding

• Status: 📋 Planned

• Example:

  rmagic --mime-encoding text.txt
  # Output: us-ascii
  

--brief, -b

• Description: Brief output (no filename prefix)

• Status: 📋 Planned

• Example:

  rmagic --brief file.bin
  # Output: ELF 64-bit LSB executable
  

--raw, -r

• Description: Raw output (no pretty formatting)
• Status: 📋 Planned

--follow-symlinks, -L

• Description: Follow symbolic links
• Status: 📋 Planned

--no-follow-symlinks, -h

• Description: Don’t follow symbolic links (default)
• Status: 📋 Planned

--compress, -z

• Description: Try to look inside compressed files
• Status: 📋 Planned

--uncompress, -Z

• Description: Try to look inside compressed files (same as -z)
• Status: 📋 Planned

--exclude <PATTERN>

• Description: Exclude files matching pattern
• Status: 📋 Planned

--include <PATTERN>

• Description: Only include files matching pattern
• Status: 📋 Planned

Usage Examples

Basic File Identification

# Single file
rmagic document.pdf
# Output: document.pdf: PDF document, version 1.4

# Multiple files
rmagic *.bin
# Output:
# file1.bin: ELF 64-bit LSB executable
# file2.bin: data
# file3.bin: PNG image data, 1920 x 1080, 8-bit/color RGBA

JSON Output

# Single file JSON output
rmagic --json executable.elf

{
  "filename": "executable.elf",
  "description": "ELF 64-bit LSB executable, x86-64, version 1 (SYSV)",
  "mime_type": "application/x-executable",
  "confidence": 1.0,
  "matches": [
    {
      "offset": 0,
      "rule": "ELF magic",
      "value": "7f454c46",
      "message": "ELF"
    },
    {
      "offset": 4,
      "rule": "ELF class",
      "value": "02",
      "message": "64-bit"
    }
  ]
}

Custom Magic Files

# Use custom magic database
rmagic --magic-file /path/to/custom.magic file.bin

# Use multiple magic files (planned)
rmagic --magic-file magic1.db --magic-file magic2.db file.bin

Batch Processing

# Process all files in directory
rmagic /path/to/files/*

# Process with JSON output for scripting
rmagic --json /path/to/files/* > results.json

# Process recursively (planned)
rmagic --recursive /path/to/directory/

Exit Codes

Environment Variables

MAGIC

• Description: Default magic file path

• Default: Built-in magic database

• Example:

  export MAGIC=/usr/local/share/magic
  rmagic file.bin  # Uses /usr/local/share/magic
  

RMAGIC_DEBUG

• Description: Enable debug output

• Values: 0 (off), 1 (basic), 2 (verbose)

• Example:

  RMAGIC_DEBUG=1 rmagic file.bin
  

Configuration Files (Planned)

Global Configuration

• Path: /etc/rmagic.conf
• Format: TOML
• Purpose: System-wide defaults

User Configuration

• Path: ~/.config/rmagic/config.toml
• Format: TOML
• Purpose: User-specific settings

Example Configuration

[output]
format = "json"
brief = false

[magic]
default_file = "/usr/local/share/magic"
search_paths = [
  "/usr/share/misc/magic",
  "/usr/local/share/magic",
  "~/.local/share/magic",
]

[performance]
max_file_size = "100MB"
timeout = "30s"

Compatibility with GNU file

The rmagic command aims for compatibility with GNU file command:

Compatible Options

• Basic file analysis
• JSON output format
• Custom magic file specification
• Multiple file processing

Differences

• JSON output format may differ in structure
• Some advanced GNU file options not yet implemented
• Performance characteristics may vary
• Error messages may differ

Migration Guide

# GNU file command
file -i document.pdf
file --mime-type document.pdf

# rmagic equivalent (planned)
rmagic --mime-type document.pdf
rmagic -i document.pdf

Performance Considerations

Large Files

• Files are memory-mapped for efficiency
• Only necessary portions are read
• Configurable size limits prevent excessive memory usage

Batch Processing

• Multiple files processed efficiently
• Parallel processing planned for future versions
• Progress reporting for large batches

Memory Usage

• Constant memory usage regardless of file size
• Magic database cached in memory
• Minimal allocations during evaluation

Troubleshooting

Common Issues

“File not found”

rmagic nonexistent.file
# Error: File not found: nonexistent.file

Solution: Check file path and permissions

“Permission denied”

rmagic /root/private.file
# Error: Permission denied: /root/private.file

Solution: Check file permissions or run with appropriate privileges

“Invalid magic file”

rmagic --magic-file broken.magic file.bin
# Error: Parse error in magic file at line 42: Invalid offset specification

Solution: Validate magic file syntax

Debug Mode

# Enable debug output
RMAGIC_DEBUG=1 rmagic file.bin

# Verbose debug output
RMAGIC_DEBUG=2 rmagic file.bin

This command reference provides comprehensive documentation for all current and planned features of the rmagic command-line tool.

Appendix C: Magic File Examples

This appendix provides comprehensive examples of magic file syntax and patterns, demonstrating how to create effective file type detection rules.

Basic Magic File Syntax

Simple Pattern Matching

# ELF executable files
0    string    \x7fELF    ELF

# PDF documents
0    string    %PDF-      PDF document

# PNG images
0    string    \x89PNG    PNG image data

# ZIP archives
0    string    PK\x03\x04    ZIP archive data

Numeric Value Matching

# JPEG images (using hex values)
0    beshort    0xffd8    JPEG image data

# Windows PE executables
0    string    MZ        MS-DOS executable
>60  lelong    >0
>>60 string    PE\0\0    PE32 executable

# ELF with specific architecture
0    string    \x7fELF    ELF
>16  leshort   2         executable
>18  leshort   62        x86-64

Hierarchical Rules

Parent-Child Relationships

# ELF files with detailed classification
0    string    \x7fELF    ELF
>4   byte      1         32-bit
>>16 leshort   2         executable
>>16 leshort   3         shared object
>>16 leshort   1         relocatable
>4   byte      2         64-bit
>>16 leshort   2         executable
>>16 leshort   3         shared object
>>16 leshort   1         relocatable

Multiple Levels of Nesting

# Detailed PE analysis
0    string    MZ        MS-DOS executable
>60  lelong    >0
>>60 string    PE\0\0    PE32
>>>88 leshort  0x010b    PE32 executable
>>>>92 leshort 1         (native)
>>>>92 leshort 2         (GUI)
>>>>92 leshort 3         (console)
>>>88 leshort  0x020b    PE32+ executable
>>>>92 leshort 1         (native)
>>>>92 leshort 2         (GUI)
>>>>92 leshort 3         (console)

Data Types and Endianness

Integer Types

# Little-endian integers
0    leshort   0x5a4d    MS-DOS executable (little-endian short)
0    lelong    0x464c457f    ELF (little-endian long)

# Big-endian integers
0    beshort   0x4d5a    MS-DOS executable (big-endian short)
0    belong    0x7f454c46    ELF (big-endian long)

# Native endian (system default)
0    short     0x5a4d    MS-DOS executable (native endian)
0    long      0x464c457f    ELF (native endian)

String Matching

# Fixed-length strings
0    string    #!/bin/sh    shell script
0    string    #!/usr/bin/python    Python script

# Variable-length strings with limits
0    string/32    #!/    script text executable
16   string/256   This program    self-describing executable

# Case-insensitive matching (planned)
0    istring   html    HTML document
0    istring   <html   HTML document

Advanced Offset Specifications

Indirect Offsets

# PE section table access
0    string    MZ        MS-DOS executable
>60  lelong    >0
>>60 string    PE\0\0    PE32
>>>(60.l+24)  leshort   >0    sections
>>>>(60.l+24) leshort   x     \b, %d sections

Relative Offsets

# ZIP file entries
0    string    PK\x03\x04    ZIP archive data
>26  leshort   x         \b, compressed size %d
>28  leshort   x         \b, uncompressed size %d
>30  leshort   >0
>>(30.s+46)   string    x    \b, first entry: "%.64s"

Search Patterns

# Search for patterns within a range
0      string    \x7fELF    ELF
>0     search/1024    .note.gnu.build-id    \b, with build-id
>0     search/1024    .debug_info    \b, with debug info

Bitwise Operations

Flag Testing

# ELF program header flags
0    string    \x7fELF    ELF
>16  leshort   2         executable
>36  lelong    &0x1      \b, executable
>36  lelong    &0x2      \b, writable
>36  lelong    &0x4      \b, readable

Mask Operations

# File permissions in Unix archives
0    string    070707    cpio archive
>6   long      &0170000
>>6  long      0100000   \b, regular file
>>6  long      0040000   \b, directory
>>6  long      0120000   \b, symbolic link
>>6  long      0060000   \b, block device
>>6  long      0020000   \b, character device

Complex File Format Examples

JPEG Image Analysis

# JPEG with EXIF data
0    beshort   0xffd8    JPEG image data
>2   beshort   0xffe1    \b, EXIF standard
>>10 string    Exif\0\0
>>>14 beshort  0x4d4d    \b, big-endian
>>>14 beshort  0x4949    \b, little-endian
>2   beshort   0xffe0    \b, JFIF standard
>>10 string    JFIF
>>>14 byte     x         \b, version %d
>>>15 byte     x         \b.%d

Archive Format Detection

# TAR archives
257  string    ustar\0   POSIX tar archive
257  string    ustar\040\040\0    GNU tar archive

# RAR archives
0    string    Rar!      RAR archive data
>4   byte      0x1a      \b, version 1.x
>4   byte      0x07      \b, version 5.x

# 7-Zip archives
0    string    7z\xbc\xaf\x27\x1c    7-zip archive data
>6   byte      x         \b, version %d
>7   byte      x         \b.%d

Executable Format Analysis

# Mach-O executables (macOS)
0    belong    0xfeedface    Mach-O executable (32-bit)
>4   belong    7            i386
>4   belong    18           x86_64
>12  belong    2            executable
>12  belong    6            shared library
>12  belong    8            bundle

0    belong    0xfeedfacf    Mach-O executable (64-bit)
>4   belong    0x01000007   x86_64
>4   belong    0x0100000c   arm64
>12  belong    2            executable
>12  belong    6            shared library

Script and Text File Detection

Shebang Detection

# Shell scripts
0    string    #!/bin/sh         POSIX shell script
0    string    #!/bin/bash       Bash shell script
0    string    #!/bin/csh        C shell script
0    string    #!/bin/tcsh       TC shell script
0    string    #!/bin/zsh        Z shell script

# Interpreted languages
0    string    #!/usr/bin/python    Python script
0    string    #!/usr/bin/perl      Perl script
0    string    #!/usr/bin/ruby      Ruby script
0    string    #!/usr/bin/node      Node.js script
0    string    #!/usr/bin/php       PHP script

Text Format Detection

# Configuration files
0    string    [Desktop\ Entry]    Desktop configuration
0    string    # Configuration      configuration text
0    regex     ^[a-zA-Z_][a-zA-Z0-9_]*\s*=    configuration text

# Source code detection
0    regex     ^#include\s*<       C source code
0    regex     ^package\s+         Java source code
0    regex     ^class\s+\w+:       Python source code
0    regex     ^function\s+        JavaScript source code

Database and Structured Data

Database Files

# SQLite databases
0    string    SQLite\ format\ 3    SQLite 3.x database
>13  byte      x                   \b, version %d

# MySQL databases
0    string    \xfe\x01\x00\x00    MySQL table data
0    string    \x00\x00\x00\x00    MySQL ISAM compressed data

# PostgreSQL
0    belong    0x00061561          PostgreSQL custom database dump
>4   belong    x                   \b, version %d

Structured Text Formats

# JSON files
0    regex     ^\s*[\{\[]          JSON data
>0   search/64 "version"          \b, with version info
>0   search/64 "name"             \b, with name field

# XML files
0    string    <?xml               XML document
>5   search/256 version
>>5  regex     version="([^"]*)"   \b, version \1
>5   search/256 encoding
>>5  regex     encoding="([^"]*)"  \b, encoding \1

# YAML files
0    regex     ^---\s*$            YAML document
0    regex     ^[a-zA-Z_][^:]*:    YAML configuration

Multimedia File Examples

Audio Formats

# MP3 files
0    string    ID3                 MP3 audio file with ID3
>3   byte      <0xff               version 2
>>3  byte      x                   \b.%d
0    beshort   0xfffb              MP3 audio file
0    beshort   0xfff3              MP3 audio file
0    beshort   0xffe3              MP3 audio file

# WAV files
0    string    RIFF                Microsoft RIFF
>8   string    WAVE                \b, WAVE audio
>>20 leshort   1                   \b, PCM
>>20 leshort   85                  \b, MPEG Layer 3
>>22 leshort   1                   \b, mono
>>22 leshort   2                   \b, stereo

Video Formats

# AVI files
0    string    RIFF                Microsoft RIFF
>8   string    AVI\040             \b, AVI video
>>12 string    LIST
>>>20 string   hdrlavih

# MP4/QuickTime
4    string    ftyp                ISO Media
>8   string    isom                \b, MP4 Base Media v1
>8   string    mp41                \b, MP4 v1
>8   string    mp42                \b, MP4 v2
>8   string    qt                  \b, QuickTime movie

Best Practices Examples

Efficient Rule Ordering

# Order by probability - most common formats first
0    string    \x7fELF             ELF
0    string    MZ                  MS-DOS executable
0    string    \x89PNG             PNG image data
0    string    \xff\xd8\xff        JPEG image data
0    string    PK\x03\x04          ZIP archive data
0    string    %PDF-               PDF document

# Less common formats later
0    string    \x00\x00\x01\x00    Windows icon
0    string    \x00\x00\x02\x00    Windows cursor

Error-Resistant Patterns

# Validate magic numbers with additional checks
0    string    \x7fELF             ELF
>4   byte      1                   32-bit
>4   byte      2                   64-bit
>4   byte      >2                  invalid class
>5   byte      1                   little-endian
>5   byte      2                   big-endian
>5   byte      >2                  invalid encoding

Performance Optimizations

# Use specific offsets instead of searches when possible
0    string    \x7fELF             ELF
>16  leshort   2                   executable
>18  leshort   62                  x86-64

# Prefer shorter patterns for initial matching
0    beshort   0xffd8              JPEG image data
>2   beshort   0xffe0              \b, JFIF standard
>2   beshort   0xffe1              \b, EXIF standard

Testing and Validation

Test File Creation

# Create test files for magic rules
echo -e '\x7fELF\x02\x01\x01\x00' > test_elf64.bin
echo -e 'PK\x03\x04\x14\x00' > test_zip.bin
echo '%PDF-1.4' > test_pdf.txt

Rule Validation

# Include validation comments
# Test: echo -e '\x7fELF\x02\x01\x01\x00' | rmagic -
# Expected: ELF 64-bit LSB executable
0    string    \x7fELF             ELF
>4   byte      2                   64-bit
>5   byte      1                   LSB
>6   byte      1                   current version

This comprehensive collection of magic file examples demonstrates the flexibility and power of the magic file format for accurate file type detection.

Appendix D: Compatibility Matrix

This appendix provides detailed compatibility information between libmagic-rs and other file identification tools, magic file formats, and system environments.

GNU file Compatibility

Command-Line Interface

Output Format Compatibility

Text Output

# GNU file
$ file example.elf
example.elf: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked

# rmagic (current)
$ rmagic example.elf
example.elf: ELF 64-bit LSB executable

# rmagic (planned)
$ rmagic example.elf
example.elf: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked

MIME Type Output

# GNU file
$ file -i example.pdf
example.pdf: application/pdf; charset=binary

# rmagic (planned)
$ rmagic --mime-type example.pdf
example.pdf: application/pdf; charset=binary

JSON Output

# GNU file (recent versions)
$ file --json example.elf
[{"filename":"example.elf","mime-type":"application/x-pie-executable","mime-encoding":"binary","description":"ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked"}]

# rmagic (current)
$ rmagic --json example.elf
{
  "filename": "example.elf",
  "description": "ELF 64-bit LSB executable",
  "mime_type": "application/x-executable",
  "confidence": 1.0
}

Magic File Format Compatibility

libmagic C Library Compatibility

API Compatibility

Flag Compatibility

Platform Compatibility

Operating Systems

Architectures

Rust Version Compatibility

File Format Support

Executable Formats

Archive Formats

Image Formats

Document Formats

Performance Comparison

Benchmark Results (Preliminary)

Note: Benchmarks are preliminary and may vary by system and file types.

Memory Usage

Migration Guide

From GNU file

Command Line Migration

# Old GNU file commands
file document.pdf
file -i document.pdf
file -b document.pdf
file -m custom.magic document.pdf

# New rmagic commands
rmagic document.pdf
rmagic --mime-type document.pdf     # Planned
rmagic --brief document.pdf         # Planned
rmagic --magic-file custom.magic document.pdf

Script Migration

#!/bin/bash
# Old script using GNU file
for f in *.bin; do
    type=$(file -b "$f")
    echo "File $f is: $type"
done

# New script using rmagic
for f in *.bin; do
    type=$(rmagic --brief "$f")  # Planned
    echo "File $f is: $type"
done

From libmagic C Library

C Code Migration

// Old libmagic C code
#include <magic.h>

magic_t magic = magic_open(MAGIC_MIME_TYPE);
magic_load(magic, NULL);
const char* result = magic_file(magic, "file.bin");
printf("MIME type: %s\n", result);
magic_close(magic);

#![allow(unused)]
fn main() {
// New Rust code
use libmagic_rs::{MagicDatabase, EvaluationConfig};

let mut config = EvaluationConfig::default();
config.output_format = OutputFormat::MimeType;  // Planned

let db = MagicDatabase::load_default()?;
let result = db.evaluate_file("file.bin")?;
println!("MIME type: {}", result.mime_type.unwrap_or_default());
}

Known Limitations

Current Limitations

1. Incomplete Magic File Support: Not all GNU file magic syntax is implemented
2. Limited File Format Coverage: Focus on common formats initially
3. No Compression Support: Cannot look inside compressed files yet
4. Basic MIME Type Support: Limited MIME type database
5. No Plugin System: Cannot extend with custom detectors

Planned Improvements

1. Complete Magic File Compatibility: Full GNU file magic syntax support
2. Comprehensive Format Support: Support for all major file formats
3. Advanced Features: Compression, encryption detection
4. Performance Optimization: Parallel processing, caching
5. Extended APIs: More flexible configuration options

Testing Compatibility

Test Suite Coverage

Compatibility Test Plan

1. Format Detection Tests: Validate against GNU file results
2. Magic File Tests: Test with real-world magic databases
3. Performance Tests: Compare speed and memory usage
4. API Tests: Validate library interface compatibility
5. Cross-platform Tests: Ensure consistent behavior across platforms

This compatibility matrix will be updated as development progresses and more features are implemented.