T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Limit the size of functions in the stacks fuzzer (#4727)

Browse Source 
* Limit the size of functions in the `stacks` fuzzer

The fuzzers recently found a timeout in this fuzz test case related to
the compile time of the generated module. Inspecting the generated
module showed that it had 100k+ opcodes for one function, so this commit
updates the fuzzer to limit the number of operations per-function to a
smaller amount to avoid timeout limits.

* Use `arbitrary_len` for `ops` length

* Fix a max/min flip
This commit is contained in:
Alex Crichton
2022-08-17 10:56:27 -05:00
committed by GitHub
parent c569e7bea5
commit 2696462ccb
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/fuzzing/src/generators/stacks.rs
View File

@@ -11,6 +11,7 @@ use arbitrary::{Arbitrary, Result, Unstructured};
use wasm_encoder::Instruction; use wasm_encoder::Instruction;
const MAX_FUNCS: usize = 20; const MAX_FUNCS: usize = 20;
const MAX_OPS: usize = 1_000;
/// Generate a Wasm module that keeps track of its current call stack, to /// Generate a Wasm module that keeps track of its current call stack, to
/// compare to the host. /// compare to the host.
@@ -50,7 +51,10 @@ impl Stacks {
let mut work_list = vec![0]; let mut work_list = vec![0];
while let Some(f) = work_list.pop() { while let Some(f) = work_list.pop() {
let mut ops = u.arbitrary::<Vec<Op>>()?; let mut ops = Vec::with_capacity(u.arbitrary_len::<Op>()?.min(MAX_OPS));
for _ in 0..ops.capacity() {
ops.push(u.arbitrary()?);
}
for op in &mut ops { for op in &mut ops {
match op { match op {
Op::CallThroughHost(idx) | Op::Call(idx) => { Op::CallThroughHost(idx) | Op::Call(idx) => {