cranelift/fuzz/Cargo.toml

[package]
name = "wasmtime-fuzz"
version = "0.9.0"
authors = ["The Wasmtime Project Developers"]
edition = "2018"
publish = false

[package.metadata]
cargo-fuzz = true

[dependencies]
arbitrary = "0.2.0"
env_logger = "0.7.1"
log = "0.4.8"
wasmtime-fuzzing = { path = "../crates/fuzzing", features = ["env_logger"] }
wasmtime = { path = "../crates/api" }
libfuzzer-sys = "0.2.0"

[[bin]]
name = "compile"
path = "fuzz_targets/compile.rs"
test = false
doc = false

[[bin]]
name = "instantiate"
path = "fuzz_targets/instantiate.rs"
test = false
doc = false

[[bin]]
name = "instantiate_translated"
path = "fuzz_targets/instantiate_translated.rs"
test = false
doc = false

[[bin]]
name = "api_calls"
path = "fuzz_targets/api_calls.rs"
test = false
doc = false
Start experimenting with cargo fuzz. This isn't very usable yet. 7 years ago			`[package]`
Make package names consistent with cranelift's. 6 years ago			`name = "wasmtime-fuzz"`
Bump version to 0.9.0 (#790) 5 years ago			`version = "0.9.0"`
Update Cargo.toml authors fields. 6 years ago			`authors = ["The Wasmtime Project Developers"]`
Update to Rust 2018 Edition. 6 years ago			`edition = "2018"`
Start experimenting with cargo fuzz. This isn't very usable yet. 7 years ago			`publish = false`

			`[package.metadata]`
			`cargo-fuzz = true`

Make package names consistent with cranelift's. 6 years ago			`[dependencies]`
Split our existing fuzz targets into separate generators and oracles Part of #611 5 years ago			`arbitrary = "0.2.0"`
fuzzing: Add initial API call fuzzer We only generate valid sequences of API calls. To do this, we keep track of what objects we've already created in earlier API calls via the `Scope` struct. To generate even-more-pathological sequences of API calls, we use [swarm testing]: > In swarm testing, the usual practice of potentially including all features > in every test case is abandoned. Rather, a large “swarm” of randomly > generated configurations, each of which omits some features, is used, with > configurations receiving equal resources. [swarm testing]: https://www.cs.utah.edu/~regehr/papers/swarm12.pdf There are more public APIs and instance introspection APIs that we have than this fuzzer exercises right now. We will need a better generator of valid Wasm than `wasm-opt -ttf` to really get the most out of those currently-unexercised APIs, since the Wasm modules generated by `wasm-opt -ttf` don't import and export a huge variety of things. 5 years ago			`env_logger = "0.7.1"`
			`log = "0.4.8"`
Fuzzing: Add test case logging and regression test template When the test case that causes the failure can successfully be disassembled to WAT, we get logs like this: ``` [2019-11-26T18:48:46Z INFO wasmtime_fuzzing] Wrote WAT disassembly to: /home/fitzgen/wasmtime/crates/fuzzing/target/scratch/8437-0.wat [2019-11-26T18:48:46Z INFO wasmtime_fuzzing] If this fuzz test fails, copy `/home/fitzgen/wasmtime/crates/fuzzing/target/scratch/8437-0.wat` to `wasmtime/crates/fuzzing/tests/regressions/my-regression.wat` and add the following test to `wasmtime/crates/fuzzing/tests/regressions.rs`: ``` #[test] fn my_fuzzing_regression_test() { let data = wat::parse_str( include_str!("./regressions/my-regression.wat") ).unwrap(); oracles::instantiate(data, CompilationStrategy::Auto) } ``` ``` If the test case cannot be disassembled to WAT, then we get logs like this: ``` [2019-11-26T18:48:46Z INFO wasmtime_fuzzing] Wrote Wasm test case to: /home/fitzgen/wasmtime/crates/fuzzing/target/scratch/8437-0.wasm [2019-11-26T18:48:46Z INFO wasmtime_fuzzing] Failed to disassemble Wasm into WAT: Bad magic number (at offset 0) Stack backtrace: Run with RUST_LIB_BACKTRACE=1 env variable to display a backtrace [2019-11-26T18:48:46Z INFO wasmtime_fuzzing] If this fuzz test fails, copy `/home/fitzgen/wasmtime/crates/fuzzing/target/scratch/8437-0.wasm` to `wasmtime/crates/fuzzing/tests/regressions/my-regression.wasm` and add the following test to `wasmtime/crates/fuzzing/tests/regressions.rs`: ``` #[test] fn my_fuzzing_regression_test() { let data = include_bytes!("./regressions/my-regression.wasm"); oracles::instantiate(data, CompilationStrategy::Auto) } ``` ``` 5 years ago			`wasmtime-fuzzing = { path = "../crates/fuzzing", features = ["env_logger"] }`
Remove usage of `CompilationStrategy` from `Config` (#764) * Remove usage of `CompilationStrategy` from `Config` This commit removes the public API usage of the internal `CompilationStrategy` enumeration from the `Config` type in the `wasmtime` crate. To do this the `enum` was copied locally into the crate and renamed `Strategy`. The high-level description of this change is: * The `Config::strategy` method now takes a locally-defined `Strategy` enumeration instead of an internal type. * The contents of `Strategy` are always the same, not relying on Cargo features to indicate which variants are present. This avoids unnecessary downstream `#[cfg]`. * A `lightbeam` feature was added to the `wasmtime` crate itself to lightbeam compilation support. * The `Config::strategy` method is now fallible. It returns a runtime error if support for the selected strategy wasn't compiled in. * The `Strategy` enum is listed as `#[non_exhaustive]` so we can safely add variants over time to it. This reduces the public crate dependencies of the `wasmtime` crate itself, removing the need to reach into internal crates even more! cc #708 * Fix fuzz targets * Update nightly used to build releases * Run rustfmt 5 years ago			`wasmtime = { path = "../crates/api" }`
Update fuzz crates (#826) * deps: Update to arbitrary 0.3.x and libfuzzer-sys 0.2.0 * ci: Use cargo-fuzz 0.7.x in CI 5 years ago			`libfuzzer-sys = "0.2.0"`
Update to wasmparser 0.22. 6 years ago
Start experimenting with cargo fuzz. This isn't very usable yet. 7 years ago			`[[bin]]`
			`name = "compile"`
			`path = "fuzz_targets/compile.rs"`
Move the `fuzz` directory into main workspace This'll help us track dependencies and head off issues like #721 5 years ago			`test = false`
Tweak some API doc generation (#772) * Build docs with the nightly toolchain so [foo::bar] links work by default. This is a relatively new feature of rustdoc and I thought it was stabilized at this point but apparently it's not! * Tweak some API docs on `wasmtime::Strategy` * Use `--all` to build all local crate documentation instead of trying to list the number of local crates * Tweak some documentation configuration to avoid warnings generated by Cargo. 5 years ago			`doc = false`
Add fuzz targets for module instantiation. 6 years ago
			`[[bin]]`
			`name = "instantiate"`
			`path = "fuzz_targets/instantiate.rs"`
Move the `fuzz` directory into main workspace This'll help us track dependencies and head off issues like #721 5 years ago			`test = false`
Tweak some API doc generation (#772) * Build docs with the nightly toolchain so [foo::bar] links work by default. This is a relatively new feature of rustdoc and I thought it was stabilized at this point but apparently it's not! * Tweak some API docs on `wasmtime::Strategy` * Use `--all` to build all local crate documentation instead of trying to list the number of local crates * Tweak some documentation configuration to avoid warnings generated by Cargo. 5 years ago			`doc = false`
Add fuzz targets for module instantiation. 6 years ago
			`[[bin]]`
			`name = "instantiate_translated"`
			`path = "fuzz_targets/instantiate_translated.rs"`
Move the `fuzz` directory into main workspace This'll help us track dependencies and head off issues like #721 5 years ago			`test = false`
Tweak some API doc generation (#772) * Build docs with the nightly toolchain so [foo::bar] links work by default. This is a relatively new feature of rustdoc and I thought it was stabilized at this point but apparently it's not! * Tweak some API docs on `wasmtime::Strategy` * Use `--all` to build all local crate documentation instead of trying to list the number of local crates * Tweak some documentation configuration to avoid warnings generated by Cargo. 5 years ago			`doc = false`
fuzzing: Add initial API call fuzzer We only generate valid sequences of API calls. To do this, we keep track of what objects we've already created in earlier API calls via the `Scope` struct. To generate even-more-pathological sequences of API calls, we use [swarm testing]: > In swarm testing, the usual practice of potentially including all features > in every test case is abandoned. Rather, a large “swarm” of randomly > generated configurations, each of which omits some features, is used, with > configurations receiving equal resources. [swarm testing]: https://www.cs.utah.edu/~regehr/papers/swarm12.pdf There are more public APIs and instance introspection APIs that we have than this fuzzer exercises right now. We will need a better generator of valid Wasm than `wasm-opt -ttf` to really get the most out of those currently-unexercised APIs, since the Wasm modules generated by `wasm-opt -ttf` don't import and export a huge variety of things. 5 years ago
			`[[bin]]`
			`name = "api_calls"`
			`path = "fuzz_targets/api_calls.rs"`
Move the `fuzz` directory into main workspace This'll help us track dependencies and head off issues like #721 5 years ago			`test = false`
Tweak some API doc generation (#772) * Build docs with the nightly toolchain so [foo::bar] links work by default. This is a relatively new feature of rustdoc and I thought it was stabilized at this point but apparently it's not! * Tweak some API docs on `wasmtime::Strategy` * Use `--all` to build all local crate documentation instead of trying to list the number of local crates * Tweak some documentation configuration to avoid warnings generated by Cargo. 5 years ago			`doc = false`