Add fuzz targets for module instantiation.

2019-01-03 11:48:05 -08:00
parent df7724ce2b
commit 747dbb23e7
4 changed files with 63 additions and 2 deletions
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -14,7 +14,8 @@ cranelift-codegen = "0.26.0"
 cranelift-wasm = "0.26.0"
 cranelift-native = "0.26.0"
 libfuzzer-sys = { git = "https://github.com/rust-fuzz/libfuzzer-sys.git" }
-wasmparser = { version = "0.22.0", default-features = false }
+wasmparser = { version = "0.23.0", default-features = false }
+binaryen = "0.5.0"

 [features]
 default = ["wasmparser/core"]
@@ -26,3 +27,11 @@ members = ["."]
 [[bin]]
 name = "compile"
 path = "fuzz_targets/compile.rs"
+
+[[bin]]
+name = "instantiate"
+path = "fuzz_targets/instantiate.rs"
+
+[[bin]]
+name = "instantiate_translated"
+path = "fuzz_targets/instantiate_translated.rs"
--- a/fuzz/fuzz_targets/compile.rs
+++ b/fuzz/fuzz_targets/compile.rs
@@ -23,7 +23,7 @@ fuzz_target!(|data: &[u8]| {
    let isa = isa_builder.finish(settings::Flags::new(flag_builder));
    let mut module = Module::new();
    let environment = ModuleEnvironment::new(&*isa, &mut module);
-    let translation = match environment.translate(&data) {
+    let translation = match environment.translate(data) {
        Ok(translation) => translation,
        Err(_) => return,
    };
--- a/fuzz/fuzz_targets/instantiate.rs
+++ b/fuzz/fuzz_targets/instantiate.rs
@@ -0,0 +1,27 @@
+#![no_main]
+
+#[macro_use]
+extern crate libfuzzer_sys;
+extern crate cranelift_codegen;
+extern crate cranelift_native;
+extern crate wasmparser;
+extern crate wasmtime_environ;
+extern crate wasmtime_jit;
+
+use cranelift_codegen::settings;
+use wasmparser::validate;
+use wasmtime_jit::{instantiate, Compiler, NullResolver};
+
+fuzz_target!(|data: &[u8]| {
+    if !validate(data, None) {
+        return;
+    }
+    let flag_builder = settings::builder();
+    let isa_builder = cranelift_native::builder().unwrap_or_else(|_| {
+        panic!("host machine is not a supported target");
+    });
+    let isa = isa_builder.finish(settings::Flags::new(flag_builder));
+    let mut compiler = Compiler::new(isa);
+    let mut imports_resolver = NullResolver {};
+    let _instance = instantiate(&mut compiler, data, &mut imports_resolver).unwrap();
+});
--- a/fuzz/fuzz_targets/instantiate_translated.rs
+++ b/fuzz/fuzz_targets/instantiate_translated.rs
@@ -0,0 +1,25 @@
+#![no_main]
+
+#[macro_use]
+extern crate libfuzzer_sys;
+extern crate cranelift_codegen;
+extern crate cranelift_native;
+extern crate wasmparser;
+extern crate wasmtime_environ;
+extern crate wasmtime_jit;
+
+use cranelift_codegen::settings;
+use wasmtime_jit::{instantiate, Compiler, NullResolver};
+
+fuzz_target!(|data: &[u8]| {
+    let binaryen_module = binaryen::tools::translate_to_fuzz_mvp(data);
+    let wasm = binaryen_module.write();
+    let flag_builder = settings::builder();
+    let isa_builder = cranelift_native::builder().unwrap_or_else(|_| {
+        panic!("host machine is not a supported target");
+    });
+    let isa = isa_builder.finish(settings::Flags::new(flag_builder));
+    let mut compiler = Compiler::new(isa);
+    let mut imports_resolver = NullResolver {};
+    let _instance = instantiate(&mut compiler, &wasm, &mut imports_resolver).unwrap();
+});