T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e8b8947956a7fff6ce1475fafe6a13f15073570c
wasmtime/fuzz
History
Chris Fallin cb48ea406e Switch default to new x86_64 backend. 
This PR switches the default backend on x86, for both the
`cranelift-codegen` crate and for Wasmtime, to the new
(`MachInst`-style, `VCode`-based) backend that has been under
development and testing for some time now.

The old backend is still available by default in builds with the
`old-x86-backend` feature, or by requesting `BackendVariant::Legacy`
from the appropriate APIs.

As part of that switch, it adds some more runtime-configurable plumbing
to the testing infrastructure so that tests can be run using the
appropriate backend. `clif-util test` is now capable of parsing a
backend selector option from filetests and instantiating the correct
backend.

CI has been updated so that the old x86 backend continues to run its
tests, just as we used to run the new x64 backend separately.

At some point, we will remove the old x86 backend entirely, once we are
satisfied that the new backend has not caused any unforeseen issues and
we do not need to revert.
2021-04-02 11:35:53 -07:00
..
fuzz_targets
fuzz: Remove peepmatic fuzz targets
2021-03-01 10:05:05 -08:00
.gitignore
fuzzing: remove the in-repo corpus
2019-11-26 15:49:07 -08:00
Cargo.toml
Switch default to new x86_64 backend.
2021-04-02 11:35:53 -07:00
README.md
Add a README explaining our libFuzzer and cargo fuzz setup
2019-12-03 13:26:47 -08:00

README.md

cargo fuzz Targets for Wasmtime

This crate defines various libFuzzer fuzzing targets for Wasmtime, which can be run via cargo fuzz.

These fuzz targets just glue together pre-defined test case generators with oracles and pass libFuzzer-provided inputs to them. The test case generators and oracles themselves are independent from the fuzzing engine that is driving the fuzzing process and are defined in wasmtime/crates/fuzzing.

Example

To start fuzzing run the following command, where $MY_FUZZ_TARGET is one of the available fuzz targets:

cargo fuzz run $MY_FUZZ_TARGET

Available Fuzz Targets

At the time of writing, we have the following fuzz targets:

  • compile: Attempt to compile libFuzzer's raw input bytes with Wasmtime.
  • instantiate: Attempt to compile and instantiate libFuzzer's raw input bytes with Wasmtime.
  • instantiate_translated: Pass libFuzzer's input bytes to wasm-opt -ttf to generate a random, valid Wasm module, and then attempt to instantiate it.

The canonical list of fuzz targets is the .rs files in the fuzz_targets directory:

ls wasmtime/fuzz/fuzz_targets/

Corpora

While you can start from scratch, libFuzzer will work better if it is given a corpus of seed inputs to kick start the fuzzing process. We maintain a corpus for each of these fuzz targets in a dedicated repo on github.

You can use our corpora by cloning it and placing it at wasmtime/fuzz/corpus:

git clone \
    https://github.com/bytecodealliance/wasmtime-libfuzzer-corpus.git \
    wasmtime/fuzz/corpus