bbdea06e2d
This PR adds a new fuzz target, `differential_wasmi`, that runs a Cranelift-based Wasm backend alongside a simple third-party Wasm interpeter crate (`wasmi`). The fuzzing runs the first function in a given module to completion on each side, and then diffs the return value and linear memory contents. This strategy should provide end-to-end coverage including both the Wasm translation to CLIF (which has seen some subtle and scary bugs at times), the lowering from CLIF to VCode, the register allocation, and the final code emission. This PR also adds a feature `experimental_x64` to the fuzzing crate (and the chain of dependencies down to `cranelift-codegen`) so that we can fuzz the new x86-64 backend as well as the current one.
119 lines
2.3 KiB
TOML
119 lines
2.3 KiB
TOML
[package]
|
|
name = "wasmtime-fuzz"
|
|
version = "0.0.0"
|
|
authors = ["The Wasmtime Project Developers"]
|
|
edition = "2018"
|
|
publish = false
|
|
|
|
[package.metadata]
|
|
cargo-fuzz = true
|
|
|
|
[dependencies]
|
|
cranelift-codegen = { path = "../cranelift/codegen" }
|
|
cranelift-reader = { path = "../cranelift/reader" }
|
|
cranelift-wasm = { path = "../cranelift/wasm" }
|
|
libfuzzer-sys = "0.3.3"
|
|
target-lexicon = "0.11"
|
|
peepmatic-fuzzing = { path = "../cranelift/peepmatic/crates/fuzzing", optional = true }
|
|
wasmtime = { path = "../crates/wasmtime" }
|
|
wasmtime-fuzzing = { path = "../crates/fuzzing" }
|
|
wasm-smith = "0.1.12"
|
|
|
|
[features]
|
|
experimental_x64 = ["wasmtime-fuzzing/experimental_x64"]
|
|
|
|
[[bin]]
|
|
name = "compile"
|
|
path = "fuzz_targets/compile.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "instantiate"
|
|
path = "fuzz_targets/instantiate.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "api_calls"
|
|
path = "fuzz_targets/api_calls.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "differential"
|
|
path = "fuzz_targets/differential.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "differential_wasmi"
|
|
path = "fuzz_targets/differential_wasmi.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "spectests"
|
|
path = "fuzz_targets/spectests.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "table_ops"
|
|
path = "fuzz_targets/table_ops.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "peepmatic_simple_automata"
|
|
path = "fuzz_targets/peepmatic_simple_automata.rs"
|
|
test = false
|
|
doc = false
|
|
required-features = ["peepmatic-fuzzing"]
|
|
|
|
[[bin]]
|
|
name = "peepmatic_fst_differential"
|
|
path = "fuzz_targets/peepmatic_fst_differential.rs"
|
|
test = false
|
|
doc = false
|
|
required-features = ["peepmatic-fuzzing"]
|
|
|
|
[[bin]]
|
|
name = "peepmatic_parser"
|
|
path = "fuzz_targets/peepmatic_parser.rs"
|
|
test = false
|
|
doc = false
|
|
required-features = ["peepmatic-fuzzing"]
|
|
|
|
[[bin]]
|
|
name = "peepmatic_compile"
|
|
path = "fuzz_targets/peepmatic_compile.rs"
|
|
test = false
|
|
doc = false
|
|
required-features = ["peepmatic-fuzzing"]
|
|
|
|
[[bin]]
|
|
name = "peepmatic_interp"
|
|
path = "fuzz_targets/peepmatic_interp.rs"
|
|
test = false
|
|
doc = false
|
|
required-features = ["peepmatic-fuzzing"]
|
|
|
|
[[bin]]
|
|
name = "instantiate-wasm-smith"
|
|
path = "fuzz_targets/instantiate-wasm-smith.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "instantiate-swarm"
|
|
path = "fuzz_targets/instantiate-swarm.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "instantiate-maybe-invalid"
|
|
path = "fuzz_targets/instantiate-maybe-invalid.rs"
|
|
test = false
|
|
doc = false
|