Deian Stefan (Jun 29 2020 at 20:44): Deian Stefan (Jun 29 2020 at 20:44):Hey y'all is anybody working on a Wasm fuzzer? We're using the c-smith approach now, but I think indirection via C is not actually exercising some bits of Lucet.
fitzgen (he/him) (Jun 29 2020 at 22:22):we use wasm-opt -ttf for fuzzing wasmtime:
$ wasm-opt --help
wasm-opt INFILE
Read, write, and optimize files
Options:
...
--translate-to-fuzz,-ttf Translate the input into a valid
wasm module *somehow*, useful
for fuzzing
...
(assuming you are asking specifically about a test case generator)
fitzgen (he/him) (Jun 29 2020 at 22:23):give wasm-opt -ttf more bytes, it generates a bigger "random" wasm file; give it the same byte sequence, it generates the same "random" wasm file
fitzgen (he/him) (Jun 29 2020 at 22:24):its essentially an "unparser" that uses the input byte sequence as a predetermined path through its "what should I generate next?" decision tree
fitzgen (he/him) (Jun 29 2020 at 22:25):(wasm-opt is part of binaryen: https://github.com/WebAssembly/binaryen)
fitzgen (he/him) (Jun 29 2020 at 22:25):@Deian Stefan ^
Evan Johnson (Jun 29 2020 at 22:41):cool, that looks like what we were looking for. I'll take a look at it, thanks
Last updated: Nov 22 2024 at 17:03 UTC