T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add fuzz targets for module instantiation.

Browse Source
This commit is contained in:
Dan Gohman
2019-01-03 11:48:05 -08:00
parent df7724ce2b
commit 747dbb23e7
4 changed files with 63 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
fuzz/Cargo.toml
View File

@@ -14,7 +14,8 @@ cranelift-codegen = "0.26.0"
cranelift-wasm = "0.26.0" cranelift-wasm = "0.26.0"
cranelift-native = "0.26.0" cranelift-native = "0.26.0"
libfuzzer-sys = { git = "https://github.com/rust-fuzz/libfuzzer-sys.git" } libfuzzer-sys = { git = "https://github.com/rust-fuzz/libfuzzer-sys.git" }
wasmparser = { version = "0.22.0", default-features = false } wasmparser = { version = "0.23.0", default-features = false }
binaryen = "0.5.0"
[features] [features]
default = ["wasmparser/core"] default = ["wasmparser/core"]
@@ -26,3 +27,11 @@ members = ["."]
[[bin]] [[bin]]
name = "compile" name = "compile"
path = "fuzz_targets/compile.rs" path = "fuzz_targets/compile.rs"
[[bin]]
name = "instantiate"
path = "fuzz_targets/instantiate.rs"
[[bin]]
name = "instantiate_translated"
path = "fuzz_targets/instantiate_translated.rs"

2
fuzz/fuzz_targets/compile.rs
View File

@@ -23,7 +23,7 @@ fuzz_target!(|data: &[u8]| {
let isa = isa_builder.finish(settings::Flags::new(flag_builder)); let isa = isa_builder.finish(settings::Flags::new(flag_builder));
let mut module = Module::new(); let mut module = Module::new();
let environment = ModuleEnvironment::new(&*isa, &mut module); let environment = ModuleEnvironment::new(&*isa, &mut module);
let translation = match environment.translate(&data) { let translation = match environment.translate(data) {
Ok(translation) => translation, Ok(translation) => translation,
Err(_) => return, Err(_) => return,
}; };

27
fuzz/fuzz_targets/instantiate.rs Normal file
View File

@@ -0,0 +1,27 @@
#![no_main]
#[macro_use]
extern crate libfuzzer_sys;
extern crate cranelift_codegen;
extern crate cranelift_native;
extern crate wasmparser;
extern crate wasmtime_environ;
extern crate wasmtime_jit;
use cranelift_codegen::settings;
use wasmparser::validate;
use wasmtime_jit::{instantiate, Compiler, NullResolver};
fuzz_target!(|data: &[u8]| {
if !validate(data, None) {
return;
}
let flag_builder = settings::builder();
let isa_builder = cranelift_native::builder().unwrap_or_else(|_| {
panic!("host machine is not a supported target");
});
let isa = isa_builder.finish(settings::Flags::new(flag_builder));
let mut compiler = Compiler::new(isa);
let mut imports_resolver = NullResolver {};
let _instance = instantiate(&mut compiler, data, &mut imports_resolver).unwrap();
});

25
fuzz/fuzz_targets/instantiate_translated.rs Normal file
View File

@@ -0,0 +1,25 @@
#![no_main]
#[macro_use]
extern crate libfuzzer_sys;
extern crate cranelift_codegen;
extern crate cranelift_native;
extern crate wasmparser;
extern crate wasmtime_environ;
extern crate wasmtime_jit;
use cranelift_codegen::settings;
use wasmtime_jit::{instantiate, Compiler, NullResolver};
fuzz_target!(|data: &[u8]| {
let binaryen_module = binaryen::tools::translate_to_fuzz_mvp(data);
let wasm = binaryen_module.write();
let flag_builder = settings::builder();
let isa_builder = cranelift_native::builder().unwrap_or_else(|_| {
panic!("host machine is not a supported target");
});
let isa = isa_builder.finish(settings::Flags::new(flag_builder));
let mut compiler = Compiler::new(isa);
let mut imports_resolver = NullResolver {};
let _instance = instantiate(&mut compiler, &wasm, &mut imports_resolver).unwrap();
});