fuzzing: Provide dummy imports for instantion oracle

crates/fuzzing/Cargo.toml

@@ -18,6 +18,7 @@ env_logger = { version = "0.7.1", optional = true }
 log = "0.4.8"
 wasmparser = "0.42.1"
 wasmprinter = "0.2.0"
+wasmtime = { path = "../api" }
 wasmtime-jit = { path = "../jit" }
 
 [dev-dependencies]

crates/fuzzing/src/oracles.rs

@@ -10,10 +10,14 @@
 //! When an oracle finds a bug, it should report it to the fuzzing engine by
 //! panicking.
 
+pub mod dummy;
+
 use cranelift_codegen::settings;
+use dummy::dummy_imports;
 use std::cell::RefCell;
 use std::collections::HashMap;
 use std::rc::Rc;
+use wasmtime::{Config, Engine, HostRef, Instance, Module, Store};
 use wasmtime_jit::{CompilationStrategy, CompiledModule, Compiler, NullResolver};
 
 fn host_isa() -> Box<dyn cranelift_codegen::isa::TargetIsa> {
@@ -33,18 +37,33 @@ pub fn instantiate(wasm: &[u8], compilation_strategy: CompilationStrategy) {
         return;
     }
 
-    let isa = host_isa();
+    let mut config = Config::new();
-    let mut compiler = Compiler::new(isa, compilation_strategy);
+    config.strategy(compilation_strategy);
-    let mut imports_resolver = NullResolver {};
 
-    wasmtime_jit::instantiate(
+    let engine = HostRef::new(Engine::new(&config));
-        &mut compiler,
+    let store = HostRef::new(Store::new(&engine));
-        wasm,
+
-        &mut imports_resolver,
+    let module =
-        Default::default(),
+        HostRef::new(Module::new(&store, wasm).expect("Failed to compile a valid Wasm module!"));
-        true,
+
-    )
+    let imports = {
-    .expect("failed to instantiate valid Wasm!");
+        let module = module.borrow();
+        match dummy_imports(&store, module.imports()) {
+            Ok(imps) => imps,
+            Err(_) => {
+                // There are some value types that we can't synthesize a
+                // dummy value for (e.g. anyrefs) and for modules that
+                // import things of these types we skip instantiation.
+                return;
+            }
+        }
+    };
+
+    // Don't unwrap this: there can be instantiation-/link-time errors that
+    // aren't caught during validation or compilation. For example, an imported
+    // table might not have room for an element segment that we want to
+    // initialize into it.
+    let _result = Instance::new(&store, &module, &imports);
 }
 
 /// Compile the Wasm buffer, and implicitly fail if we have an unexpected

crates/fuzzing/src/oracles/dummy.rs

@@ -0,0 +1,97 @@
+//! Dummy implementations of things that a Wasm module can import.
+
+use std::rc::Rc;
+use wasmtime::{
+    Callable, Extern, ExternType, Func, FuncType, Global, GlobalType, HostRef, ImportType, Memory,
+    MemoryType, Store, Table, TableType, Trap, Val, ValType,
+};
+
+/// Create a set of dummy functions/globals/etc for the given imports.
+pub fn dummy_imports(
+    store: &HostRef<Store>,
+    import_tys: &[ImportType],
+) -> Result<Vec<Extern>, HostRef<Trap>> {
+    let mut imports = Vec::with_capacity(import_tys.len());
+    for imp in import_tys {
+        imports.push(match imp.r#type() {
+            ExternType::ExternFunc(func_ty) => {
+                Extern::Func(HostRef::new(DummyFunc::new(&store, func_ty.clone())))
+            }
+            ExternType::ExternGlobal(global_ty) => {
+                Extern::Global(HostRef::new(dummy_global(&store, global_ty.clone())?))
+            }
+            ExternType::ExternTable(table_ty) => {
+                Extern::Table(HostRef::new(dummy_table(&store, table_ty.clone())?))
+            }
+            ExternType::ExternMemory(mem_ty) => {
+                Extern::Memory(HostRef::new(dummy_memory(&store, mem_ty.clone())))
+            }
+        });
+    }
+    Ok(imports)
+}
+
+/// A function that doesn't do anything but return the default (zero) value for
+/// the function's type.
+#[derive(Debug)]
+pub struct DummyFunc(FuncType);
+
+impl DummyFunc {
+    /// Construct a new dummy `Func`.
+    pub fn new(store: &HostRef<Store>, ty: FuncType) -> Func {
+        let callable = DummyFunc(ty.clone());
+        Func::new(store, ty, Rc::new(callable) as _)
+    }
+}
+
+impl Callable for DummyFunc {
+    fn call(&self, _params: &[Val], results: &mut [Val]) -> Result<(), HostRef<Trap>> {
+        for (ret_ty, result) in self.0.results().iter().zip(results) {
+            *result = dummy_value(ret_ty)?;
+        }
+
+        Ok(())
+    }
+}
+
+/// Construct a dummy value for the given value type.
+pub fn dummy_value(val_ty: &ValType) -> Result<Val, HostRef<Trap>> {
+    Ok(match val_ty {
+        ValType::I32 => Val::I32(0),
+        ValType::I64 => Val::I64(0),
+        ValType::F32 => Val::F32(0),
+        ValType::F64 => Val::F64(0),
+        ValType::V128 => {
+            return Err(HostRef::new(Trap::new(
+                "dummy_value: unsupported function return type: v128".to_string(),
+            )))
+        }
+        ValType::AnyRef => {
+            return Err(HostRef::new(Trap::new(
+                "dummy_value: unsupported function return type: anyref".to_string(),
+            )))
+        }
+        ValType::FuncRef => {
+            return Err(HostRef::new(Trap::new(
+                "dummy_value: unsupported function return type: funcref".to_string(),
+            )))
+        }
+    })
+}
+
+/// Construct a dummy global for the given global type.
+pub fn dummy_global(store: &HostRef<Store>, ty: GlobalType) -> Result<Global, HostRef<Trap>> {
+    let val = dummy_value(ty.content())?;
+    Ok(Global::new(store, ty, val))
+}
+
+/// Construct a dummy table for the given table type.
+pub fn dummy_table(store: &HostRef<Store>, ty: TableType) -> Result<Table, HostRef<Trap>> {
+    let init_val = dummy_value(&ty.element())?;
+    Ok(Table::new(store, ty, init_val))
+}
+
+/// Construct a dummy memory for the given memory type.
+pub fn dummy_memory(store: &HostRef<Store>, ty: MemoryType) -> Memory {
+    Memory::new(store, ty)
+}