T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve the fmt output of the instantiate fuzz target (#4804)

Browse Source 
Add an Arbitrary instance for the input to the instantiate fuzz target, so that cargo fuzz fmt instantiate <file> produces more meaningful output.
This commit is contained in:
Trevor Elliott
2022-08-29 17:09:19 -07:00
committed by GitHub
parent 500a9f17be
commit 5d05d7676f
1 changed files with 43 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
fuzz/fuzz_targets/instantiate.rs
View File

@@ -1,31 +1,33 @@
#![no_main] #![no_main]
use libfuzzer_sys::arbitrary::{Result, Unstructured}; use libfuzzer_sys::arbitrary::{Arbitrary, Result, Unstructured};
use libfuzzer_sys::fuzz_target; use libfuzzer_sys::fuzz_target;
use wasmtime_fuzzing::oracles::Timeout; use wasmtime_fuzzing::generators::Config;
use wasmtime_fuzzing::{generators, oracles}; use wasmtime_fuzzing::oracles::{instantiate, Timeout};
use wasmtime_fuzzing::wasm_smith::Module;
fuzz_target!(|data: &[u8]| { #[derive(Debug)]
// errors in `run` have to do with not enough input in `data`, which we struct InstantiateInput {
// ignore here since it doesn't affect how we'd like to fuzz. config: Config,
drop(run(data)); timeout: Timeout,
}); module: Module,
}
fn run(data: &[u8]) -> Result<()> { impl<'a> Arbitrary<'a> for InstantiateInput {
let mut u = Unstructured::new(data); fn arbitrary(u: &mut Unstructured<'a>) -> Result<Self> {
let mut config: generators::Config = u.arbitrary()?; let mut config: Config = u.arbitrary()?;
// Pick either fuel, duration-based, or module-based timeout. Note that the // Pick either fuel, duration-based, or module-based timeout. Note that the
// module-based timeout is implemented with wasm-smith's // module-based timeout is implemented with wasm-smith's
// `ensure_termination` option. // `ensure_termination` option.
let timeout = if u.arbitrary()? { let timeout = if u.arbitrary()? {
config.generate_timeout(&mut u)? config.generate_timeout(u)?
} else { } else {
Timeout::None Timeout::None
}; };
let module = config.generate( let module = config.generate(
&mut u, u,
if let Timeout::None = timeout { if let Timeout::None = timeout {
Some(1000) Some(1000)
} else { } else {
@@ -33,6 +35,14 @@ fn run(data: &[u8]) -> Result<()> {
}, },
)?; )?;
oracles::instantiate(&module.to_bytes(), true, &config, timeout); Ok(InstantiateInput {
Ok(()) config,
timeout,
module,
})
}
} }
fuzz_target!(|data: InstantiateInput| {
instantiate(&data.module.to_bytes(), true, &data.config, data.timeout);
});