[fuzz] Remove some differential fuzz targets (#4735)

* [fuzz] Remove some differential fuzz targets The changes in #4515 do everything the `differential_spec` and `differential_wasmi` fuzz target already do. These fuzz targets are now redundant and this PR removes them. It also updates the fuzz documentation slightly.
2022-08-19 09:50:35 -07:00
parent 80c77da334
commit 8b7fb19b1d
7 changed files with 40 additions and 338 deletions
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -66,20 +66,6 @@ path = "fuzz_targets/differential_meta.rs"
 test = false
 doc = false

-
-[[bin]]
-name = "differential_spec"
-path = "fuzz_targets/differential_spec.rs"
-test = false
-doc = false
-required-features = ['fuzz-spec-interpreter']
-
-[[bin]]
-name = "differential_wasmi"
-path = "fuzz_targets/differential_wasmi.rs"
-test = false
-doc = false
-
 [[bin]]
 name = "differential_v8"
 path = "fuzz_targets/differential_v8.rs"
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -36,13 +36,13 @@ At the time of writing, we have the following fuzz targets:
  from scratch.
 * `differential`: Generate a Wasm module and check that Wasmtime returns
  the same results when run with two different configurations.
-* `differential_spec`: Generate a Wasm module and check that Wasmtime returns
-  the same results as the Wasm spec interpreter (see the `wasm-spec-interpreter`
-  crate).
+* `differential_meta`: Generate a Wasm module, evaluate each exported function
+  with random inputs, and check that Wasmtime returns the same results as a
+  choice of another engine: the Wasm spec interpreter (see the
+  `wasm-spec-interpreter` crate), the `wasmi` interpreter, or Wasmtime itself
+  run with a different configuration.
 * `differential_v8`: Generate a Wasm module and check that Wasmtime returns
  the same results as V8.
-* `differential_wasmi`: Generate a Wasm module and check that Wasmtime returns
-  the same results as the `wasmi` interpreter.
 * `instantiate`: Generate a Wasm module and Wasmtime configuration and attempt
  to compile and instantiate with them.
 * `instantiate-many`: Generate many Wasm modules and attempt to compile and
--- a/fuzz/fuzz_targets/differential_spec.rs
+++ b/fuzz/fuzz_targets/differential_spec.rs
@@ -1,47 +0,0 @@
-#![no_main]
-
-use libfuzzer_sys::arbitrary::{Result, Unstructured};
-use libfuzzer_sys::fuzz_target;
-use std::sync::atomic::{AtomicUsize, Ordering::SeqCst};
-use wasmtime_fuzzing::{generators, oracles};
-
-// Keep track of how many WebAssembly modules we actually executed (i.e. ran to
-// completion) versus how many were tried.
-static TRIED: AtomicUsize = AtomicUsize::new(0);
-static EXECUTED: AtomicUsize = AtomicUsize::new(0);
-
-fuzz_target!(|data: &[u8]| {
-    // errors in `run` have to do with not enough input in `data`, which we
-    // ignore here since it doesn't affect how we'd like to fuzz.
-    drop(run(data));
-});
-
-fn run(data: &[u8]) -> Result<()> {
-    let mut u = Unstructured::new(data);
-    let mut config: generators::Config = u.arbitrary()?;
-    config.set_differential_config();
-
-    // Enable features that the spec interpreter has implemented
-    config.module_config.config.simd_enabled = true;
-
-    // TODO: this is a best-effort attempt to avoid errors caused by the
-    //       generated module exporting no functions.
-    config.module_config.config.min_exports = 5;
-    config.module_config.config.max_exports = 5;
-
-    let module = config.generate(&mut u, Some(1000))?;
-    let tried = TRIED.fetch_add(1, SeqCst);
-    let executed = match oracles::differential_spec_execution(&module.to_bytes(), &config) {
-        Some(_) => EXECUTED.fetch_add(1, SeqCst),
-        None => EXECUTED.load(SeqCst),
-    };
-    if tried > 0 && tried % 1000 == 0 {
-        println!(
-            "=== Execution rate ({} executed modules / {} tried modules): {}% ===",
-            executed,
-            tried,
-            executed as f64 / tried as f64 * 100f64
-        )
-    }
-    Ok(())
-}
--- a/fuzz/fuzz_targets/differential_wasmi.rs
+++ b/fuzz/fuzz_targets/differential_wasmi.rs
@@ -1,20 +0,0 @@
-#![no_main]
-
-use libfuzzer_sys::arbitrary::{Result, Unstructured};
-use libfuzzer_sys::fuzz_target;
-use wasmtime_fuzzing::{generators, oracles};
-
-fuzz_target!(|data: &[u8]| {
-    // errors in `run` have to do with not enough input in `data`, which we
-    // ignore here since it doesn't affect how we'd like to fuzz.
-    drop(run(data));
-});
-
-fn run(data: &[u8]) -> Result<()> {
-    let mut u = Unstructured::new(data);
-    let mut config: generators::Config = u.arbitrary()?;
-    config.set_differential_config();
-    let module = config.generate(&mut u, Some(1000))?;
-    oracles::differential_wasmi_execution(&module.to_bytes(), &config);
-    Ok(())
-}