Skip to content

Test Suggestion: Add Fuzzing Tests  #780

Open
@Mossaka

Description

@Mossaka

Fuzz testing is testing mechanism that involves providing pseudo-random data as input into the generators to find correctness issues. There are multiple Bytecode Alliance projects that heavily leverage fuzz testing to improve code quality and find security and correctness issues (e.g. wasmtime and wasm-tools). So far, there is no fuzz testing existing in this repo. Part of the reasons applying fuzz testing against wit-bindgen repo is to raise the bar for generator code quality across multiple languages.

The goal of this issue is to suggest a fuzz framework adding to this repo. It could be as simply as feeding generated valid WIT packages to each wit-bindgen generator and check if the generated code are buildable. As the wit-bindgen-go maintainer, I hope there is a continuous fuzzing running in the background and invokes TinyGo compiler to compile generated WIT bindings. It could go as difficult as making sure the generated code is "correct" - the compiled Wasm modules / components are correct to our expectations.

To get started, I propose to use wit-smith and libfuzzer-sys crate and cargo-fuzz tool for fuzz testing.

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions