Stream: git-wasmtime

Topic: wasmtime / issue #9699 Consider integrating Fuzz Introspe...


view this post on Zulip Wasmtime GitHub notifications bot (Dec 01 2024 at 16:01):

tschneidereit edited issue #9699:

Feature

Fuzz Introspector helps to gain insights into the effectiveness of a fuzzing setup and to identify blockers that keep parts of the code base uncovered.

Benefit

Wasmtime is sufficiently complex that it's challenging to reason about the effectiveness of the various fuzzing harnesses we employ. That's the very problem Fuzz Introspector was created to help address.

Implementation

Rust support was added to Fuzz Introspector very recently, so it's not yet fully documented. I think that PR contains sufficient bread crumbs to find the right path to integration with our OSS-Fuzz setup, though.

Alternatives

There might be alternative initiatives with similar goals that'd be more valuable to integrate. If so, I'm not aware of them.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 01 2024 at 16:03):

tschneidereit commented on issue #9699:

One potentially interesting benefit is that we could experiment with Google's LLM-based fuzz target generation, which relies in Fuzz Introspector. "Potentially interesting" because I absolutely don't know if that would be valuable for a project like Wasmtime.

view this post on Zulip Wasmtime GitHub notifications bot (Dec 05 2024 at 20:35):

fitzgen commented on issue #9699:

This looks like it would give us really insightful feedback!


Last updated: Dec 23 2024 at 13:07 UTC