Hey y'all is anybody working on a Wasm fuzzer? We're using the c-smith approach now, but I think indirection via C is not actually exercising some bits of Lucet.
we use wasm-opt -ttf
for fuzzing wasmtime:
$ wasm-opt --help
wasm-opt INFILE
Read, write, and optimize files
Options:
...
--translate-to-fuzz,-ttf Translate the input into a valid
wasm module *somehow*, useful
for fuzzing
...
(assuming you are asking specifically about a test case generator)
give wasm-opt -ttf
more bytes, it generates a bigger "random" wasm file; give it the same byte sequence, it generates the same "random" wasm file
its essentially an "unparser" that uses the input byte sequence as a predetermined path through its "what should I generate next?" decision tree
(wasm-opt
is part of binaryen: https://github.com/WebAssembly/binaryen)
@Deian Stefan ^
cool, that looks like what we were looking for. I'll take a look at it, thanks
Last updated: Dec 23 2024 at 12:05 UTC