T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
9ead93684e1539a1d2bac0a8edc07c3e288360d1
wasmtime/fuzz
History
Alex Crichton 7474633cca Remove usage of CompilationStrategy from Config (#764) 
* Remove usage of `CompilationStrategy` from `Config`

This commit removes the public API usage of the internal
`CompilationStrategy` enumeration from the `Config` type in the
`wasmtime` crate. To do this the `enum` was copied locally into the
crate and renamed `Strategy`. The high-level description of this change
is:

* The `Config::strategy` method now takes a locally-defined `Strategy`
  enumeration instead of an internal type.

* The contents of `Strategy` are always the same, not relying on Cargo
  features to indicate which variants are present. This avoids
  unnecessary downstream `#[cfg]`.

* A `lightbeam` feature was added to the `wasmtime` crate itself to
  lightbeam compilation support.

* The `Config::strategy` method is now fallible. It returns a runtime
  error if support for the selected strategy wasn't compiled in.

* The `Strategy` enum is listed as `#[non_exhaustive]` so we can safely
  add variants over time to it.

This reduces the public crate dependencies of the `wasmtime` crate
itself, removing the need to reach into internal crates even more!

cc #708

* Fix fuzz targets

* Update nightly used to build releases

* Run rustfmt
2020-01-06 18:08:13 -06:00
..
fuzz_targets
Remove usage of CompilationStrategy from Config (#764)
2020-01-06 18:08:13 -06:00
.gitignore
fuzzing: remove the in-repo corpus
2019-11-26 15:49:07 -08:00
Cargo.toml
Remove usage of CompilationStrategy from Config (#764)
2020-01-06 18:08:13 -06:00
README.md
Add a README explaining our libFuzzer and cargo fuzz setup
2019-12-03 13:26:47 -08:00

README.md

cargo fuzz Targets for Wasmtime

This crate defines various libFuzzer fuzzing targets for Wasmtime, which can be run via cargo fuzz.

These fuzz targets just glue together pre-defined test case generators with oracles and pass libFuzzer-provided inputs to them. The test case generators and oracles themselves are independent from the fuzzing engine that is driving the fuzzing process and are defined in wasmtime/crates/fuzzing.

Example

To start fuzzing run the following command, where $MY_FUZZ_TARGET is one of the available fuzz targets:

cargo fuzz run $MY_FUZZ_TARGET

Available Fuzz Targets

At the time of writing, we have the following fuzz targets:

  • compile: Attempt to compile libFuzzer's raw input bytes with Wasmtime.
  • instantiate: Attempt to compile and instantiate libFuzzer's raw input bytes with Wasmtime.
  • instantiate_translated: Pass libFuzzer's input bytes to wasm-opt -ttf to generate a random, valid Wasm module, and then attempt to instantiate it.

The canonical list of fuzz targets is the .rs files in the fuzz_targets directory:

ls wasmtime/fuzz/fuzz_targets/

Corpora

While you can start from scratch, libFuzzer will work better if it is given a corpus of seed inputs to kick start the fuzzing process. We maintain a corpus for each of these fuzz targets in a dedicated repo on github.

You can use our corpora by cloning it and placing it at wasmtime/fuzz/corpus:

git clone \
    https://github.com/bytecodealliance/wasmtime-libfuzzer-corpus.git \
    wasmtime/fuzz/corpus