T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Limit the number of exported function calls we make in the API calls fuzzer

Browse Source 
This should fix some fuzzing timeouts like
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20847
This commit is contained in:
Nick Fitzgerald
2020-02-28 15:42:50 -08:00
parent f2fef600c6
commit 6e2bb9ebdd
1 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
crates/fuzzing/src/generators/api.rs
View File

@@ -48,12 +48,20 @@ use ApiCall::*;
#[derive(Default)]
struct Scope {
id_counter: usize,
predicted_rss: usize,
/// Map from a module id to the predicted amount of rss it will take to
/// instantiate.
modules: BTreeMap<usize, usize>,
/// Map from an instance id to the amount of rss it's expected to be using.
instances: BTreeMap<usize, usize>,
/// The rough predicted maximum RSS of executing all of our generated API
/// calls thus far.
predicted_rss: usize,
/// The number of calls of an exported function from an instance.
num_export_calls: usize,
}
impl Scope {
@@ -83,6 +91,11 @@ impl Arbitrary for ApiCalls {
let mut scope = Scope::default();
let max_rss = 1 << 30; // 1GB
// Calling an exported function of a `wasm-opt -ttf` module tends to
// take about 20ms. Limit their number to 100, or ~2s, so that we don't
// get too close to our 3s timeout.
let max_export_calls = 100;
for _ in 0..input.arbitrary_len::<ApiCall>()? {
let mut choices: Vec<fn(_, &mut Scope) -> arbitrary::Result<ApiCall>> = vec![];
@@ -122,8 +135,12 @@ impl Arbitrary for ApiCalls {
Ok(InstanceDrop { id })
});
}
if swarm.call_exported_func && !scope.instances.is_empty() {
if swarm.call_exported_func
&& scope.num_export_calls < max_export_calls
&& !scope.instances.is_empty()
{
choices.push(|input, scope| {
scope.num_export_calls += 1;
let instances: Vec<_> = scope.instances.keys().collect();
let instance = **input.choose(&instances)?;
let nth = usize::arbitrary(input)?;