implement fuzzing for component types (#4537)

This addresses #4307. For the static API we generate 100 arbitrary test cases at build time, each of which includes 0-5 parameter types, a result type, and a WAT fragment containing an imported function and an exported function. The exported function calls the imported function, which is implemented by the host. At runtime, the fuzz test selects a test case at random and feeds it zero or more sets of arbitrary parameters and results, checking that values which flow host-to-guest and guest-to-host make the transition unchanged. The fuzz test for the dynamic API follows a similar pattern, the only difference being that test cases are generated at runtime. Signed-off-by: Joel Dice <joel.dice@fermyon.com>
2022-08-04 11:02:55 -06:00
parent ad223c5234
commit ed8908efcf
29 changed files with 1963 additions and 266 deletions
--- a/fuzz/fuzz_targets/component_api.rs
+++ b/fuzz/fuzz_targets/component_api.rs
@@ -0,0 +1,22 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use wasmtime_fuzzing::oracles;
+
+include!(concat!(env!("OUT_DIR"), "/static_component_api.rs"));
+
+#[allow(unused_imports)]
+fn target(input: &mut arbitrary::Unstructured) -> arbitrary::Result<()> {
+    if input.arbitrary()? {
+        static_component_api_target(input)
+    } else {
+        oracles::dynamic_component_api_target(input)
+    }
+}
+
+fuzz_target!(|bytes: &[u8]| {
+    match target(&mut arbitrary::Unstructured::new(bytes)) {
+        Ok(()) | Err(arbitrary::Error::NotEnoughData) => (),
+        Err(error) => panic!("{}", error),
+    }
+});