T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
331bc281a1c31877921ba781a8cabb92962f0e61
wasmtime/fuzz/fuzz_targets/instantiate-many.rs
Alex Crichton b14551d7ca Refactor configuration for the pooling allocator (#5205) 
This commit changes the APIs in the `wasmtime` crate for configuring the
pooling allocator. I plan on adding a few more configuration options in
the near future and the current structure was feeling unwieldy for
adding these new abstractions.

The previous `struct`-based API has been replaced with a builder-style
API in a similar shape as to `Config`. This is done to help make it
easier to add more configuration options in the future through adding
more methods as opposed to adding more field which could break prior
initializations.
2022-11-04 20:06:45 +00:00

63 lines
2.5 KiB
Rust
Raw Blame History

//! This fuzz target is used to test multiple concurrent instantiations from
//! multiple modules.
#![no_main]
use libfuzzer_sys::arbitrary::{Result, Unstructured};
use libfuzzer_sys::fuzz_target;
use wasmtime_fuzzing::{generators, oracles};
const MAX_MODULES: usize = 5;
fuzz_target!(|data: &[u8]| {
// errors in `run` have to do with not enough input in `data`, which we
// ignore here since it doesn't affect how we'd like to fuzz.
drop(execute_one(data));
});
fn execute_one(data: &[u8]) -> Result<()> {
let mut u = Unstructured::new(data);
let mut config: generators::Config = u.arbitrary()?;
// Don't generate start functions
// No wasm code execution is necessary for this fuzz target and thus we don't
// use timeouts or ensure that the generated wasm code will terminate.
config.module_config.config.allow_start_export = false;
// Wasm linear memories take roughly ~8gb of virtual address space. Down
// below we could instantiate up to 300 modules. Conservatively estimating
// that we have 46 bits of address space to work with (technically 48 on
// x86_64, but take some out for kernel stuff and some for asan stuff) that
// gives us a budget of ~27 memories per instance. Reduce that a bit further
// and make sure that no instance has more than 10 linear memories to ensure
// that even if the maximum were created it should still fit in the linear
// address space.
config.module_config.config.max_memories = config.module_config.config.max_memories.min(10);
// Create the modules to instantiate
let modules = (0..u.int_in_range(1..=MAX_MODULES)?)
.map(|_| Ok(config.generate(&mut u, None)?.to_bytes()))
.collect::<Result<Vec<_>>>()?;
let max_instances = match &config.wasmtime.strategy {
generators::InstanceAllocationStrategy::OnDemand => u.int_in_range(1..=100)?,
generators::InstanceAllocationStrategy::Pooling(config) => config.instance_count,
};
// Front-load with instantiation commands
let mut commands: Vec<oracles::Command> = (0..u.int_in_range(1..=max_instances)?)
.map(|_| Ok(oracles::Command::Instantiate(u.arbitrary()?)))
.collect::<Result<_>>()?;
// Then add some more arbitrary commands
commands.extend(
(0..u.int_in_range(0..=2 * max_instances)?)
.map(|_| u.arbitrary())
.collect::<Result<Vec<_>>>()?,
);
oracles::instantiate_many(&modules, true, &config, &commands);
Ok(())
}
Reference in New Issue View Git Blame Copy Permalink