github-actions[bot] commented on issue #5104:
Subscribe to Label Action
cc @fitzgen
<details>
This issue or pull request has been labeled: "fuzzing"Thus the following users have been cc'd because of the following labels:
- fitzgen: fuzzing
To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.
Learn more.
</details>
Robbepop commented on issue #5104:
We have not yet integrated full fuzz testing for the newest
wasmi
engine (just very basic fuzzing so far) so I am a bit worried that it might be a big noisy at start. If that's the case we will definitely fix foundwasmi
bugs asap.Concerning
cargo-vet
the following crates must be registered to your database:
wasmi
: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM).wasmi_core
: This is just a small utility crate and should be pretty boring. Also it has nounsafe
code.wasmi_arena
: Similar towasmi_core
. Just defines some arena data structures for use inwasmi
.memory-units
: Can be safely ignored sincewasmi
already removed it.indexmap-nostd
: This again is interesting. It is a reimlpementation of the API of the well-knownindexmap
crate. It uses nounsafe
Rust code and is implemented as simple as it gets. We use it in thewasmparser-nostd
fork ofwasmparser
and it passes allwasm-tools
tests as well as all ofwasmi
tests but has no tests on its own.wasmparser-nostd
: More or less trivial fork ofwasmparser
. The most interesting difference is the use of the aforementionedindexmap-nostd
.
Robbepop edited a comment on issue #5104:
Very cool to see
wasmi
update in the Wasmtime fuzzing.We have not yet integrated full fuzz testing for the newest
wasmi
engine (just very basic fuzzing so far) so I am a bit worried that it might be a big noisy at start. If that's the case we will definitely fix foundwasmi
bugs asap.Concerning
cargo-vet
the following crates must be registered to your database:
wasmi
: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM).wasmi_core
: This is just a small utility crate and should be pretty boring. Also it has nounsafe
code.wasmi_arena
: Similar towasmi_core
. Just defines some arena data structures for use inwasmi
.memory-units
: Can be safely ignored sincewasmi
already removed it.indexmap-nostd
: This again is interesting. It is a reimlpementation of the API of the well-knownindexmap
crate. It uses nounsafe
Rust code and is implemented as simple as it gets. We use it in thewasmparser-nostd
fork ofwasmparser
and it passes allwasm-tools
tests as well as all ofwasmi
tests but has no tests on its own.wasmparser-nostd
: More or less trivial fork ofwasmparser
. The most interesting difference is the use of the aforementionedindexmap-nostd
.
Robbepop edited a comment on issue #5104:
Very cool to see
wasmi
update in the Wasmtime fuzzing.We have not yet integrated full fuzz testing for the newest
wasmi
engine ourselves (just very basic fuzzing so far) so my main worry is that this new fuzzy test might be a big noisy at start. If that's the case we will definitely fix foundwasmi
bugs asap.Concerning
cargo-vet
the following crates must be registered to your database:
wasmi
: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM).wasmi_core
: This is just a small utility crate and should be pretty boring. Also it has nounsafe
code.wasmi_arena
: Similar towasmi_core
. Just defines some arena data structures for use inwasmi
.memory-units
: Can be safely ignored sincewasmi
already removed it.indexmap-nostd
: This again is interesting. It is a reimlpementation of the API of the well-knownindexmap
crate. It uses nounsafe
Rust code and is implemented as simple as it gets. We use it in thewasmparser-nostd
fork ofwasmparser
and it passes allwasm-tools
tests as well as all ofwasmi
tests but has no tests on its own.wasmparser-nostd
: More or less trivial fork ofwasmparser
. The most interesting difference is the use of the aforementionedindexmap-nostd
.
Robbepop edited a comment on issue #5104:
Very cool to see
wasmi
update in the Wasmtime fuzzing.We have not yet integrated full fuzz testing for the newest
wasmi
engine ourselves (just very basic fuzzing so far) so my main worry is that this new fuzzy test might be a big noisy at start. If that's the case we will definitely fix foundwasmi
bugs asap.Concerning
cargo-vet
the following crates must be registered to your database:
wasmi
: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM). I am the author of that crate.wasmi_core
: This is just a small utility crate and should be pretty boring. Also it has nounsafe
code. I am the author of that crate.wasmi_arena
: Similar towasmi_core
. Just defines some arena data structures for use inwasmi
. I am the author of that crate.memory-units
: Can be safely ignored sincewasmi
already removed it.indexmap-nostd
: This again is interesting. It is a reimlpementation of the API of the well-knownindexmap
crate. It uses nounsafe
Rust code and is implemented as simple as it gets. We use it in thewasmparser-nostd
fork ofwasmparser
and it passes allwasm-tools
tests as well as all ofwasmi
tests but has no tests on its own. I am the author of that crate.wasmparser-nostd
: More or less trivial fork ofwasmparser
. The most interesting difference is the use of the aforementionedindexmap-nostd
.
Robbepop edited a comment on issue #5104:
Very cool to see
wasmi
update in the Wasmtime fuzzing.We have not yet integrated full fuzz testing for the newest
wasmi
engine ourselves (just very basic fuzzing so far) so my main worry is that this new fuzzy test might be a big noisy at start. If that's the case we will definitely fix foundwasmi
bugs asap.Concerning
cargo-vet
the following crates must be registered to your database:
wasmi
: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM). I am the author of that crate.wasmi_core
: This is just a small utility crate and should be pretty boring. Also it has nounsafe
code. I am the author of that crate.wasmi_arena
: Similar towasmi_core
. Just defines some arena data structures for use inwasmi
. I am the author of that crate.memory-units
: Can be safely ignored sincewasmi
already removed it.indexmap-nostd
: This again is interesting. It is a reimlpementation of the API of the well-knownindexmap
crate. It uses nounsafe
Rust code and is implemented as simple as it gets. We use it in thewasmparser-nostd
fork ofwasmparser
and it passes allwasm-tools
tests as well as all ofwasmi
tests but has no tests on its own. I am the author of that crate.wasmparser-nostd
: More or less trivial fork ofwasmparser
. The most interesting difference is the use of the aforementionedindexmap-nostd
. I am the author of that fork.
alexcrichton commented on issue #5104:
I've added
cargo vet
entries for all new dependencies added here, except for thewasmi
crate itself. I've updated the exemption from 0.11.0 to 0.19.0 so we're not necessarily in much worse of a position, but othewise I'm not in a position to provide a "vet" of that crate in the official sense but I believe it's safe to run for fuzzing for us.Otherwise thanks for the info @Robbepop, I've run the fuzzer for a number of hours locally and nothing has shown up, so if something pops up on oss-fuzz I'll forward along the issue.
Robbepop commented on issue #5104:
Otherwise thanks for the info @Robbepop, I've run the fuzzer for a number of hours locally and nothing has shown up, so if something pops up on oss-fuzz I'll forward along the issue.
Oh wow, that's incredible news. Also looking forward to any forwarded bugs. :)
Last updated: Dec 23 2024 at 12:05 UTC