wasm-mutate fuzz targets (#3836)

* fuzzing: Add a custom mutator based on `wasm-mutate` * fuzz: Add a version of the `compile` fuzz target that uses `wasm-mutate` * Update `wasmparser` dependencies
2022-02-23 12:14:11 -08:00
parent 434e35c490
commit bad9a35418
14 changed files with 527 additions and 391 deletions
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -32,6 +32,12 @@ path = "fuzz_targets/compile.rs"
 test = false
 doc = false

+[[bin]]
+name = "compile-mutate"
+path = "fuzz_targets/compile-mutate.rs"
+test = false
+doc = false
+
 [[bin]]
 name = "instantiate"
 path = "fuzz_targets/instantiate.rs"
--- a/fuzz/fuzz_targets/compile-mutate.rs
+++ b/fuzz/fuzz_targets/compile-mutate.rs
@@ -0,0 +1,20 @@
+#![no_main]
+
+use libfuzzer_sys::{fuzz_mutator, fuzz_target};
+use wasmtime::{Engine, Module};
+
+fuzz_target!(|data: &[u8]| {
+    let engine = Engine::default();
+    wasmtime_fuzzing::oracles::log_wasm(data);
+    drop(Module::new(&engine, data));
+});
+
+fuzz_mutator!(|data: &mut [u8], size: usize, max_size: usize, seed: u32| {
+    wasmtime_fuzzing::mutators::wasm_mutate(
+        data,
+        size,
+        max_size,
+        seed,
+        libfuzzer_sys::fuzzer_mutate,
+    )
+});