This subdirectory contains some libFuzzer fuzzing targets for WasmKit.
Warning
libFuzzer does not work with the latest Swift runtime library on macOS for some reason. Run the fuzzing targets on Linux for now.
- Open Source Swift Toolchain - Xcode toolchain does not contain fuzzing support, so you need to install the open source toolchain.
- wasm-tools - Required to generate random seed corpora
- Generate seed corpora for the fuzzing targets:
./fuzz.py seed
- Run the fuzzing targets, where
<target>is one of the fuzzing targets available in./Sourcesdirectory:./fuzz.py run <target>
- Once the fuzzer finds a crash, it will generate a test case in the
FailCases/<target>directory.
To reproduce a crash found by the fuzzer
- Build the fuzzer executable:
./fuzz.py build <target>
- Run the fuzzer executable with the test case:
./.build/debug/<target> <testcase>
Generate a Wasm module with termination ensured by wasm-tools smith and check if WasmKit and another reference engine (e.g. Wasmtime) agree on the same result and the same memory state.
-
Build the differential testing tool:
# Download and extract the Wasmtime C API library mkdir -p .build/libwasmtime && \ curl -L https://github.com/bytecodealliance/wasmtime/releases/download/v23.0.2/wasmtime-v23.0.2-x86_64-linux-c-api.tar.xz -o - | \ tar xJ --strip-component=1 -C ./.build/libwasmtime # Build the differential testing tool with libwasmtime swift build -Xlinker -L./.build/libwasmtime/lib -Xlinker -l:libwasmtime.a --product FuzzDifferential
You can use any other reference engine implementing the Wasm C API by replacing the
libwasmtimelibrary. -
Run the differential testing tool:
./differential.py