wasmtime

Author SHA1 Message Date

Author	SHA1	Message	Date
Alex Crichton	bb85366a3b	Enable simd fuzzing on oss-fuzz (#3152 ) * Enable simd fuzzing on oss-fuzz This commit generally enables the simd feature while fuzzing, which should affect almost all fuzzers. For fuzzers that just throw random data at the wall and see what sticks, this means that they'll now be able to throw simd-shaped data at the wall and have it stick. For wasm-smith-based fuzzers this commit also updates wasm-smith to 0.6.0 which allows further configuring the `SwarmConfig` after generation, notably allowing `instantiate-swarm` to generate modules using simd using `wasm-smith`. This should much more reliably feed simd-related things into the fuzzers. Finally, this commit updates wasmtime to avoid usage of the general `wasm_smith::Module` generator to instead use a Wasmtime-specific custom default configuration which enables various features we have implemented. * Allow dummy table creation to fail Tables might creation for imports may exceed the memory limit on the store, which we'll want to gracefully recover from and not fail the fuzzers.	2021-08-05 16:24:42 -05:00
David Haynes	02260b7cd0	2499: First pass on TableOps fuzzer generator wasm_encoder migration (#2501 ) * 2499: First pass on TableOps fuzzer generator wasm_encoder migration - wasm binary generated via sections and smushed together into a module - test: compare generated wat against expected wat - note: doesn't work - Grouped instructions not implemented - Vec<u8> to wat String not implemented * 2499: Add typesection, abstract instruction puts, and update test - TableOp.insert now will interact with a function object directly - add types for generated function - expected test string now reflects expected generated code * 2499: Mark unused index as _i * 2499: Function insertion is in proper stack order, and fix off by 1 index - imported functions must be typed - instructions operate on a stack ie. define values as instructions before using * 2499: Apply suggestions from code review - typo fixing - oracle ingests binary bytes itself Co-authored-by: Nick Fitzgerald <fitzgen@gmail.com> * 2499: Code cleanup + renaming vars - busywork, nothing to see here Co-authored-by: Nick Fitzgerald <fitzgen@gmail.com>	2020-12-17 15:47:18 -06:00
Nick Fitzgerald	98e899f6b3	fuzz: Add a fuzz target for `table.{get,set}` operations This new fuzz target exercises sequences of `table.get`s, `table.set`s, and GCs. It already found a couple bugs: * Some leaks due to ref count cycles between stores and host-defined functions closing over those stores. * If there are no live references for a PC, Cranelift can avoid emiting an associated stack map. This was running afoul of a debug assertion.	2020-06-30 12:00:57 -07:00

Alex Crichton

bb85366a3b

Enable simd fuzzing on oss-fuzz (#3152 )

* Enable simd fuzzing on oss-fuzz

This commit generally enables the simd feature while fuzzing, which
should affect almost all fuzzers. For fuzzers that just throw random
data at the wall and see what sticks, this means that they'll now be
able to throw simd-shaped data at the wall and have it stick. For
wasm-smith-based fuzzers this commit also updates wasm-smith to 0.6.0
which allows further configuring the `SwarmConfig` after generation,
notably allowing `instantiate-swarm` to generate modules using simd
using `wasm-smith`. This should much more reliably feed simd-related
things into the fuzzers.

Finally, this commit updates wasmtime to avoid usage of the general
`wasm_smith::Module` generator to instead use a Wasmtime-specific custom
default configuration which enables various features we have
implemented.

* Allow dummy table creation to fail

Tables might creation for imports may exceed the memory limit on the
store, which we'll want to gracefully recover from and not fail the
fuzzers.

2021-08-05 16:24:42 -05:00

David Haynes

02260b7cd0

2499: First pass on TableOps fuzzer generator wasm_encoder migration (#2501 )

* 2499: First pass on TableOps fuzzer generator wasm_encoder migration

- wasm binary generated via sections and smushed together into a module
- test: compare generated wat against expected wat
- note: doesn't work
  - Grouped instructions not implemented
  - Vec<u8> to wat String not implemented

* 2499: Add typesection, abstract instruction puts, and update test

- TableOp.insert now will interact with a function object directly
- add types for generated function
- expected test string now reflects expected generated code

* 2499: Mark unused index as _i

* 2499: Function insertion is in proper stack order, and fix off by 1
      index

- imported functions must be typed
- instructions operate on a stack ie. define values as instructions
  before using

* 2499: Apply suggestions from code review

- typo fixing
- oracle ingests binary bytes itself

Co-authored-by: Nick Fitzgerald <fitzgen@gmail.com>

* 2499: Code cleanup + renaming vars

- busywork, nothing to see here

Co-authored-by: Nick Fitzgerald <fitzgen@gmail.com>

2020-12-17 15:47:18 -06:00

Nick Fitzgerald

98e899f6b3

fuzz: Add a fuzz target for table.{get,set} operations

This new fuzz target exercises sequences of `table.get`s, `table.set`s, and
GCs.

It already found a couple bugs:

* Some leaks due to ref count cycles between stores and host-defined functions
  closing over those stores.

* If there are no live references for a PC, Cranelift can avoid emiting an
  associated stack map. This was running afoul of a debug assertion.

2020-06-30 12:00:57 -07:00

3 Commits