T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fuzz: Allow incompatible import types in instantiation (#2778)

Browse Source 
Yesterday fuzzing was switched to using a `Linker` to improve coverage
when using module linking since we can fake instance imports with
definitions of each individual item. Using a `Linker`, however, means
that we can't necessarily instantiate all modules, such as

    (module
      (import "" "" (memory (;0;) 0 1))
      (import "" "" (memory (;1;) 2)))

As a result this just allows these sorts of "incompatible import type"
errors when fuzzing to not trigger crashes.
This commit is contained in:
Alex Crichton
2021-03-26 14:38:34 -05:00
committed by GitHub
parent 31d3db1ec2
commit 550c774c1d
1 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
crates/fuzzing/src/oracles.rs
View File

@@ -126,15 +126,27 @@ pub fn instantiate_with_config(
match linker.instantiate(&module) { match linker.instantiate(&module) {
Ok(_) => {} Ok(_) => {}
// Allow traps which can happen normally with `unreachable` or a timeout Err(e) => {
Err(e) if e.downcast_ref::<Trap>().is_some() => {} let string = e.to_string();
// Allow resource exhaustion since this is something that our wasm-smith // Allow traps which can happen normally with `unreachable` or a
// generator doesn't guarantee is forbidden. // timeout
Err(e) if e.to_string().contains("resource limit exceeded") => {} if e.downcast_ref::<Trap>().is_some()
// Also allow errors related to fuel consumption // Allow resource exhaustion since this is something that
Err(e) if e.to_string().contains("all fuel consumed") => {} // our wasm-smith generator doesn't guarantee is forbidden.
// Everything else should be a bug in the fuzzer || string.contains("resource limit exceeded")
Err(e) => panic!("failed to instantiate {}", e), // Also allow errors related to fuel consumption
|| string.contains("all fuel consumed")
// Currently we instantiate with a `Linker` which can't instantiate
// every single module under the sun due to using name-based resolution
// rather than positional-based resolution
|| string.contains("incompatible import type")
{
return;
}
// Everything else should be a bug in the fuzzer
panic!("failed to instantiate {:?}", e);
}
} }
} }