corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d18a9f5c743af7d7c8fed2b941dd6e66a3669b2f
tubestation/third_party/rust/wasm-smith
History
Ben Visness 9756124bfc Bug 1926357: Update wasm spec tests to wasm-3.0. r=rhunt,supply-chain-reviewers 
Many proposals have been merged into the wasm-3.0 branch of the
WebAssembly spec repo. It currently represents the state of the art of
wasm, which we keep up with - proposals that are officially standardized
but not yet super widely implemented.

Basing our spec tests on this reduces duplication across proposal repos
and should help us catch spec problems earlier.

This patch reworks the spec test generator slightly to handle some new
module definition syntax, and removes proposals which have already been
merged into wasm-3.0.

Differential Revision: https://phabricator.services.mozilla.com/D227573
2024-11-11 15:38:43 +00:00
..
benches
src
tests
.cargo-checksum.json
Cargo.toml
README.md

README.md

wasm-smith

A WebAssembly test case generator.

Features

  • Always valid: All generated Wasm modules pass validation. wasm-smith gets past your wasm parser and validator, exercising the guts of your Wasm compiler, runtime, or tool.

  • Supports the full WebAssembly language: Doesn't have blind spots or unimplemented instructions.

  • Implements the Arbitrary trait: Easy to use with cargo fuzz and libfuzzer-sys!

  • Deterministic: Given the same input seed, always generates the same output Wasm module, so you can always reproduce test failures.

  • Plays nice with mutation-based fuzzers: Small changes to the input tend to produce small changes to the output Wasm module. Larger inputs tend to generate larger Wasm modules.

Usage

With cargo fuzz and libfuzzer-sys

First, use cargo fuzz to define a new fuzz target:

$ cargo fuzz add my_wasm_smith_fuzz_target

Next, add wasm-smith to your dependencies:

$ cargo add wasm-smith

Then, define your fuzz target so that it takes arbitrary wasm_smith::Modules as an argument, convert the module into serialized Wasm bytes via the to_bytes method, and then feed it into your system:

// fuzz/fuzz_targets/my_wasm_smith_fuzz_target.rs

#![no_main]

use libfuzzer_sys::fuzz_target;
use wasm_smith::Module;

fuzz_target!(|module: Module| {
    let wasm_bytes = module.to_bytes();

    // Your code here...
});

Finally, start fuzzing:

$ cargo fuzz run my_wasm_smith_fuzz_target

Note: Also check out the validate fuzz target defined in this repository. Using the wasmparser crate, it checks that every module generated by wasm-smith validates successfully.

As a Command Line Tool

Install the CLI tool via cargo:

$ cargo install wasm-tools

Convert some arbitrary input into a valid Wasm module:

$ head -c 100 /dev/urandom | wasm-tools smith -o test.wasm

Finally, run your tool on the generated Wasm module:

$ my-wasm-tool test.wasm