T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fuzzing: Limit the total number of API calls generated (#1265)

Browse Source 
To avoid libfuzzer timeouts, limit the total number of API calls we generate in
the `api_calls` fuzz target. We were already limiting the number of exported
function calls we made, and this extends the limit to all API calls.
This commit is contained in:
Nick Fitzgerald
2020-03-10 09:28:00 -07:00
committed by GitHub
parent ac0ee271b1
commit 67bfeea16f
1 changed files with 8 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/fuzzing/src/generators/api.rs
View File

@@ -59,9 +59,6 @@ struct Scope {
/// The rough predicted maximum RSS of executing all of our generated API /// The rough predicted maximum RSS of executing all of our generated API
/// calls thus far. /// calls thus far.
predicted_rss: usize, predicted_rss: usize,
/// The number of calls of an exported function from an instance.
num_export_calls: usize,
} }
impl Scope { impl Scope {
@@ -93,12 +90,15 @@ impl Arbitrary for ApiCalls {
let mut scope = Scope::default(); let mut scope = Scope::default();
let max_rss = 1 << 30; // 1GB let max_rss = 1 << 30; // 1GB
// Calling an exported function of a `wasm-opt -ttf` module tends to // Total limit on number of API calls we'll generate. This exists to
// take about 20ms. Limit their number to 100, or ~2s, so that we don't // avoid libFuzzer timeouts.
// get too close to our 3s timeout. let max_calls = 100;
let max_export_calls = 100;
for _ in 0..input.arbitrary_len::<ApiCall>()? { for _ in 0..input.arbitrary_len::<ApiCall>()? {
if calls.len() > max_calls {
break;
}
let mut choices: Vec<fn(_, &mut Scope) -> arbitrary::Result<ApiCall>> = vec![]; let mut choices: Vec<fn(_, &mut Scope) -> arbitrary::Result<ApiCall>> = vec![];
if swarm.module_new { if swarm.module_new {
@@ -137,12 +137,8 @@ impl Arbitrary for ApiCalls {
Ok(InstanceDrop { id }) Ok(InstanceDrop { id })
}); });
} }
if swarm.call_exported_func if swarm.call_exported_func && !scope.instances.is_empty() {
&& scope.num_export_calls < max_export_calls
&& !scope.instances.is_empty()
{
choices.push(|input, scope| { choices.push(|input, scope| {
scope.num_export_calls += 1;
let instances: Vec<_> = scope.instances.keys().collect(); let instances: Vec<_> = scope.instances.keys().collect();
let instance = **input.choose(&instances)?; let instance = **input.choose(&instances)?;
let nth = usize::arbitrary(input)?; let nth = usize::arbitrary(input)?;