0cde30197d
We only generate *valid* sequences of API calls. To do this, we keep track of what objects we've already created in earlier API calls via the `Scope` struct. To generate even-more-pathological sequences of API calls, we use [swarm testing]: > In swarm testing, the usual practice of potentially including all features > in every test case is abandoned. Rather, a large “swarm” of randomly > generated configurations, each of which omits some features, is used, with > configurations receiving equal resources. [swarm testing]: https://www.cs.utah.edu/~regehr/papers/swarm12.pdf There are more public APIs and instance introspection APIs that we have than this fuzzer exercises right now. We will need a better generator of valid Wasm than `wasm-opt -ttf` to really get the most out of those currently-unexercised APIs, since the Wasm modules generated by `wasm-opt -ttf` don't import and export a huge variety of things.
38 lines
788 B
TOML
38 lines
788 B
TOML
[package]
|
|
name = "wasmtime-fuzz"
|
|
version = "0.7.0"
|
|
authors = ["The Wasmtime Project Developers"]
|
|
edition = "2018"
|
|
publish = false
|
|
|
|
[package.metadata]
|
|
cargo-fuzz = true
|
|
|
|
[dependencies]
|
|
arbitrary = "0.2.0"
|
|
env_logger = "0.7.1"
|
|
log = "0.4.8"
|
|
wasmtime-fuzzing = { path = "../crates/fuzzing", features = ["env_logger"] }
|
|
wasmtime-jit = { path = "../crates/jit" }
|
|
libfuzzer-sys = { git = "https://github.com/rust-fuzz/libfuzzer-sys.git" }
|
|
|
|
# Prevent this from interfering with workspaces
|
|
[workspace]
|
|
members = ["."]
|
|
|
|
[[bin]]
|
|
name = "compile"
|
|
path = "fuzz_targets/compile.rs"
|
|
|
|
[[bin]]
|
|
name = "instantiate"
|
|
path = "fuzz_targets/instantiate.rs"
|
|
|
|
[[bin]]
|
|
name = "instantiate_translated"
|
|
path = "fuzz_targets/instantiate_translated.rs"
|
|
|
|
[[bin]]
|
|
name = "api_calls"
|
|
path = "fuzz_targets/api_calls.rs"
|