Improve stability for fuzz targets. (#3804)

This commit improves the stability of the fuzz targets by ensuring the generated configs and modules are congruent, especially when the pooling allocator is being used. For the `differential` target, this means both configurations must use the same allocation strategy for now as one side generates the module that might not be compatible with another arbitrary config now that we fuzz the pooling allocator. These changes also ensure that constraints put on the config are more consistently applied, especially when using a fuel-based timeout.
2022-02-15 12:59:04 -08:00
parent 0b4263333b
commit 6ffcd4ead9
9 changed files with 198 additions and 113 deletions
--- a/crates/fuzzing/src/generators/api.rs
+++ b/crates/fuzzing/src/generators/api.rs
@@ -14,7 +14,7 @@
 //!
 //! [swarm testing]: https://www.cs.utah.edu/~regehr/papers/swarm12.pdf

-use crate::generators::{Config, ModuleConfig};
+use crate::generators::Config;
 use arbitrary::{Arbitrary, Unstructured};
 use std::collections::BTreeSet;

@@ -44,7 +44,7 @@ struct Scope {
    id_counter: usize,
    modules: BTreeSet<usize>,
    instances: BTreeSet<usize>,
-    module_config: ModuleConfig,
+    config: Config,
 }

 impl Scope {
@@ -70,14 +70,13 @@ impl<'a> Arbitrary<'a> for ApiCalls {
        let mut calls = vec![];

        let config = Config::arbitrary(input)?;
-        let module_config = config.module_config.clone();
-        calls.push(StoreNew(config));
+        calls.push(StoreNew(config.clone()));

        let mut scope = Scope {
            id_counter: 0,
            modules: BTreeSet::default(),
            instances: BTreeSet::default(),
-            module_config,
+            config,
        };

        // Total limit on number of API calls we'll generate. This exists to
@@ -94,8 +93,7 @@ impl<'a> Arbitrary<'a> for ApiCalls {
            if swarm.module_new {
                choices.push(|input, scope| {
                    let id = scope.next_id();
-                    let mut wasm = scope.module_config.generate(input)?;
-                    wasm.ensure_termination(1000);
+                    let wasm = scope.config.generate(input, Some(1000))?;
                    scope.modules.insert(id);
                    Ok(ModuleNew {
                        id,