0cde30197d
We only generate *valid* sequences of API calls. To do this, we keep track of what objects we've already created in earlier API calls via the `Scope` struct. To generate even-more-pathological sequences of API calls, we use [swarm testing]: > In swarm testing, the usual practice of potentially including all features > in every test case is abandoned. Rather, a large “swarm” of randomly > generated configurations, each of which omits some features, is used, with > configurations receiving equal resources. [swarm testing]: https://www.cs.utah.edu/~regehr/papers/swarm12.pdf There are more public APIs and instance introspection APIs that we have than this fuzzer exercises right now. We will need a better generator of valid Wasm than `wasm-opt -ttf` to really get the most out of those currently-unexercised APIs, since the Wasm modules generated by `wasm-opt -ttf` don't import and export a huge variety of things.
28 lines
602 B
Rust
Executable File
28 lines
602 B
Rust
Executable File
#![no_main]
|
|
|
|
use libfuzzer_sys::fuzz_target;
|
|
use std::sync::Once;
|
|
use wasmtime_fuzzing::{generators::api::ApiCalls, oracles};
|
|
|
|
fuzz_target!(|api: ApiCalls| {
|
|
static INIT_LOGGING: Once = Once::new();
|
|
INIT_LOGGING.call_once(|| env_logger::init());
|
|
|
|
log::debug!(
|
|
"If this fuzz test fails, here is a regression tests:
|
|
```
|
|
#[test]
|
|
fn my_regression_test() {{
|
|
use wasmtime_fuzzing::generators::{{
|
|
api::{{ApiCall::*, ApiCalls}},
|
|
WasmOptTtf,
|
|
}};
|
|
wasmtime_fuzzing::oracles::make_api_calls({:#?});
|
|
}}
|
|
```",
|
|
api
|
|
);
|
|
|
|
oracles::make_api_calls(api);
|
|
});
|