Wasmtime GitHub notifications bot (Nov 30 2021 at 20:09): Wasmtime GitHub notifications bot (Nov 30 2021 at 20:09):cfallin opened issue #3574:
In this comment on ISLE documentation, @avanhatt mentioned fuzzing as related to the
Contexttrait that separates generated code from the Cranelift glue. This got me thinking that there is actually a nice way we could fuzz the ISLE-generated code independently.Specifically, we could write an alternate implementation of the
Contextthat stubs out external constructors, and that implements all external extractors in terms of anarbitrary::Unstructuredstate that it carries. As the pattern-matching makes queries about its input by calling external extractors, the context object could invent answers on the fly withArbitraryimplementations.This would allow us both to test the generated code to look for unexpected panics -- for example, if we have
unreachable!()anywhere -- and to look for inefficiencies/timeouts, e.g. if there is an infinite recursion.There is some maintenance effort involved (separate implementation of each external etor/ctor that we add) but it might be worthwhile; thoughts?
Wasmtime GitHub notifications bot (Nov 30 2021 at 21:01):alexcrichton labeled issue #3574:
In this comment on ISLE documentation, @avanhatt mentioned fuzzing as related to the
Contexttrait that separates generated code from the Cranelift glue. This got me thinking that there is actually a nice way we could fuzz the ISLE-generated code independently.Specifically, we could write an alternate implementation of the
Contextthat stubs out external constructors, and that implements all external extractors in terms of anarbitrary::Unstructuredstate that it carries. As the pattern-matching makes queries about its input by calling external extractors, the context object could invent answers on the fly withArbitraryimplementations.This would allow us both to test the generated code to look for unexpected panics -- for example, if we have
unreachable!()anywhere -- and to look for inefficiencies/timeouts, e.g. if there is an infinite recursion.There is some maintenance effort involved (separate implementation of each external etor/ctor that we add) but it might be worthwhile; thoughts?
Wasmtime GitHub notifications bot (Nov 30 2021 at 21:02):github-actions[bot] commented on issue #3574:
Subscribe to Label Action
cc @cfallin, @fitzgen
<details>
This issue or pull request has been labeled: "isle"Thus the following users have been cc'd because of the following labels:
- cfallin: isle
- fitzgen: isle
To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.
Learn more.
</details>
Wasmtime GitHub notifications bot (May 04 2022 at 20:02):cfallin labeled issue #3574:
In this comment on ISLE documentation, @avanhatt mentioned fuzzing as related to the
Contexttrait that separates generated code from the Cranelift glue. This got me thinking that there is actually a nice way we could fuzz the ISLE-generated code independently.Specifically, we could write an alternate implementation of the
Contextthat stubs out external constructors, and that implements all external extractors in terms of anarbitrary::Unstructuredstate that it carries. As the pattern-matching makes queries about its input by calling external extractors, the context object could invent answers on the fly withArbitraryimplementations.This would allow us both to test the generated code to look for unexpected panics -- for example, if we have
unreachable!()anywhere -- and to look for inefficiencies/timeouts, e.g. if there is an infinite recursion.There is some maintenance effort involved (separate implementation of each external etor/ctor that we add) but it might be worthwhile; thoughts?
Last updated: Oct 23 2024 at 20:03 UTC