T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change spectest fuzzing to throw out some fuzz inputs (#5597)

Browse Source 
A fuzz bug came in last night from #5567 where spectest fuzzing will
first generate a config, possibly with SSE features for SIMD disabled,
only to have SIMD later enabled by `set_spectest_compliant`. This commit
fixes the issue by changing to `is_spectest_compliant` as a query and
throwing out the fuzz case if it isn't. This means that the spectest
fuzzer will throw out more inputs but means we can continue to generate
interesting configs and such for other inputs.
This commit is contained in:
Alex Crichton
2023-01-19 12:48:45 -06:00
committed by GitHub
parent a2e9a608c1
commit 1f534c5799
2 changed files with 41 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
crates/fuzzing/src/generators/config.rs
View File

@@ -97,31 +97,45 @@ impl Config {
self.module_config.generate(input, default_fuel)
}
/// Indicates that this configuration should be spec-test-compliant,
/// disabling various features the spec tests assert are disabled.
pub fn set_spectest_compliant(&mut self) {
let config = &mut self.module_config.config;
config.memory64_enabled = false;
config.bulk_memory_enabled = true;
config.reference_types_enabled = true;
config.multi_value_enabled = true;
config.simd_enabled = true;
config.threads_enabled = false;
config.max_memories = 1;
config.max_tables = 5;
/// Tests whether this configuration is capable of running all spec tests.
pub fn is_spectest_compliant(&self) -> bool {
let config = &self.module_config.config;
if let InstanceAllocationStrategy::Pooling(pooling) = &mut self.wasmtime.strategy {
// Configure the lower bound of a number of limits to what's
// required to actually run the spec tests. Fuzz-generated inputs
// may have limits less than these thresholds which would cause the
// spec tests to fail which isn't particularly interesting.
pooling.instance_memories = 1;
pooling.instance_tables = pooling.instance_tables.max(5);
pooling.instance_table_elements = pooling.instance_table_elements.max(1_000);
pooling.instance_memory_pages = pooling.instance_memory_pages.max(900);
pooling.instance_count = pooling.instance_count.max(500);
pooling.instance_size = pooling.instance_size.max(64 * 1024);
// Check for wasm features that must be disabled to run spec tests
if config.memory64_enabled || config.threads_enabled {
return false;
}
// Check for wasm features that must be enabled to run spec tests
if !config.bulk_memory_enabled
|| !config.reference_types_enabled
|| !config.multi_value_enabled
|| !config.simd_enabled
{
return false;
}
// Make sure the runtime limits allow for the instantiation of all spec
// tests.
if config.max_memories < 1 || config.max_tables < 5 {
return false;
}
if let InstanceAllocationStrategy::Pooling(pooling) = &self.wasmtime.strategy {
// Check to see if any item limit is less than the required
// threshold to execute the spec tests.
if pooling.instance_memories < 1
|| pooling.instance_tables < 5
|| pooling.instance_table_elements < 1_000
|| pooling.instance_memory_pages < 900
|| pooling.instance_count < 500
|| pooling.instance_size < 64 * 1024
{
return false;
}
}
true
}
/// Converts this to a `wasmtime::Config` object

6
crates/fuzzing/src/oracles.rs
View File

@@ -501,9 +501,11 @@ pub fn make_api_calls(api: generators::api::ApiCalls) {
/// Executes the wast `test` spectest with the `config` specified.
///
/// Ensures that spec tests pass regardless of the `Config`.
pub fn spectest(mut fuzz_config: generators::Config, test: generators::SpecTest) {
pub fn spectest(fuzz_config: generators::Config, test: generators::SpecTest) {
crate::init_fuzzing();
fuzz_config.set_spectest_compliant();
if !fuzz_config.is_spectest_compliant() {
return;
}
log::debug!("running {:?}", test.file);
let mut wast_context = WastContext::new(fuzz_config.to_store());
wast_context.register_spectest(false).unwrap();