Stream: general

Topic: fuzzing


view this post on Zulip Deian Stefan (Jun 29 2020 at 20:44):

Hey y'all is anybody working on a Wasm fuzzer? We're using the c-smith approach now, but I think indirection via C is not actually exercising some bits of Lucet.

view this post on Zulip fitzgen (he/him) (Jun 29 2020 at 22:22):

we use wasm-opt -ttf for fuzzing wasmtime:

$ wasm-opt --help
wasm-opt INFILE

Read, write, and optimize files

Options:

...

  --translate-to-fuzz,-ttf                      Translate the input into a valid
                                                wasm module *somehow*, useful
                                                for fuzzing

...

view this post on Zulip fitzgen (he/him) (Jun 29 2020 at 22:22):

(assuming you are asking specifically about a test case generator)

view this post on Zulip fitzgen (he/him) (Jun 29 2020 at 22:23):

give wasm-opt -ttf more bytes, it generates a bigger "random" wasm file; give it the same byte sequence, it generates the same "random" wasm file

view this post on Zulip fitzgen (he/him) (Jun 29 2020 at 22:24):

its essentially an "unparser" that uses the input byte sequence as a predetermined path through its "what should I generate next?" decision tree

view this post on Zulip fitzgen (he/him) (Jun 29 2020 at 22:25):

(wasm-opt is part of binaryen: https://github.com/WebAssembly/binaryen)

Compiler infrastructure and toolchain library for WebAssembly - WebAssembly/binaryen

view this post on Zulip fitzgen (he/him) (Jun 29 2020 at 22:25):

@Deian Stefan ^

view this post on Zulip Evan Johnson (Jun 29 2020 at 22:41):

cool, that looks like what we were looking for. I'll take a look at it, thanks


Last updated: Dec 23 2024 at 12:05 UTC