T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use wasm-smith to canonicalize NaN in differential fuzzing (#3195)

Browse Source 
* Update wasm-smith to 0.7.0

* Canonicalize NaN with wasm-smith for differential fuzzing

This then also enables floating point executing in wasmi in addition to
the spec interpreter. With NaN canonicalization at the wasm level this
means that we should be producing deterministic results between Wasmtime
and these alternative implementations.
This commit is contained in:
Alex Crichton
2021-08-17 11:42:22 -05:00
committed by GitHub
parent c205719481
commit 0642e62f16
10 changed files with 63 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fuzz/fuzz_targets/differential.rs
View File

@@ -9,6 +9,6 @@ fuzz_target!(|data: (
generators::GeneratedModule,
)| {
let (lhs, rhs, mut wasm) = data;
wasm.ensure_termination(1000);
wasm.module.ensure_termination(1000);
oracles::differential_execution(&wasm, &[lhs, rhs]);
});

4
fuzz/fuzz_targets/differential_spec.rs
View File

@@ -14,9 +14,9 @@ fuzz_target!(|data: (
wasm_smith::ConfiguredModule<oracles::SingleFunctionModuleConfig>
)| {
let (config, mut wasm) = data;
wasm.ensure_termination(1000);
wasm.module.ensure_termination(1000);
let tried = TRIED.fetch_add(1, SeqCst);
let executed = match oracles::differential_spec_execution(&wasm.to_bytes(), &config) {
let executed = match oracles::differential_spec_execution(&wasm.module.to_bytes(), &config) {
Some(_) => EXECUTED.fetch_add(1, SeqCst),
None => EXECUTED.load(SeqCst),
};

4
fuzz/fuzz_targets/differential_wasmi.rs
View File

@@ -8,6 +8,6 @@ fuzz_target!(|data: (
wasm_smith::ConfiguredModule<oracles::SingleFunctionModuleConfig>
)| {
let (config, mut wasm) = data;
wasm.ensure_termination(1000);
oracles::differential_wasmi_execution(&wasm.to_bytes()[..], &config);
wasm.module.ensure_termination(1000);
oracles::differential_wasmi_execution(&wasm.module.to_bytes(), &config);
});

4
fuzz/fuzz_targets/instantiate-swarm.rs
View File

@@ -3,7 +3,7 @@
use libfuzzer_sys::arbitrary::{Result, Unstructured};
use libfuzzer_sys::fuzz_target;
use std::time::Duration;
use wasm_smith::{ConfiguredModule, SwarmConfig};
use wasm_smith::{Module, SwarmConfig};
use wasmtime::Strategy;
use wasmtime_fuzzing::oracles::{self, Timeout};
@@ -30,7 +30,7 @@ fn run(data: &[u8]) -> Result<()> {
config.memory64_enabled = u.arbitrary()?;
// Don't generate modules that allocate more than 6GB
config.max_memory_pages = 6 << 30;
let module = ConfiguredModule::new(config.clone(), &mut u)?;
let module = Module::new(config.clone(), &mut u)?;
let mut cfg = wasmtime_fuzzing::fuzz_default_config(Strategy::Auto).unwrap();
cfg.wasm_multi_memory(config.max_memories > 1);

4
fuzz/fuzz_targets/instantiate-wasm-smith.rs
View File

@@ -6,7 +6,7 @@ use wasmtime_fuzzing::{generators::GeneratedModule, oracles};
fuzz_target!(|module: GeneratedModule| {
let mut module = module;
module.ensure_termination(1000);
let wasm_bytes = module.to_bytes();
module.module.ensure_termination(1000);
let wasm_bytes = module.module.to_bytes();
oracles::instantiate(&wasm_bytes, true, Strategy::Auto);
});