fuzzing: Add initial API call fuzzer

We only generate *valid* sequences of API calls. To do this, we keep track of what objects we've already created in earlier API calls via the `Scope` struct. To generate even-more-pathological sequences of API calls, we use [swarm testing]: > In swarm testing, the usual practice of potentially including all features > in every test case is abandoned. Rather, a large “swarm” of randomly > generated configurations, each of which omits some features, is used, with > configurations receiving equal resources. [swarm testing]: https://www.cs.utah.edu/~regehr/papers/swarm12.pdf There are more public APIs and instance introspection APIs that we have than this fuzzer exercises right now. We will need a better generator of valid Wasm than `wasm-opt -ttf` to really get the most out of those currently-unexercised APIs, since the Wasm modules generated by `wasm-opt -ttf` don't import and export a huge variety of things.
2019-12-06 15:48:46 -08:00
parent 7d415df209
commit 0cde30197d
6 changed files with 360 additions and 4 deletions
--- a/crates/fuzzing/src/lib.rs
+++ b/crates/fuzzing/src/lib.rs
@@ -107,8 +107,12 @@ fn my_fuzzing_regression_test() {{
    }
 }

-fn scratch_dir() -> PathBuf {
+pub(crate) fn scratch_dir() -> PathBuf {
    let dir = Path::new(env!("CARGO_MANIFEST_DIR"))
+        // Pop "fuzzing".
+        .join("..")
+        // Pop "crates".
+        .join("..")
        .join("target")
        .join("scratch");