Description
Fuzz testing is testing mechanism that involves providing pseudo-random data as input into the generators to find correctness issues. There are multiple Bytecode Alliance projects that heavily leverage fuzz testing to improve code quality and find security and correctness issues (e.g. wasmtime
and wasm-tools
). So far, there is no fuzz testing existing in this repo. Part of the reasons applying fuzz testing against wit-bindgen
repo is to raise the bar for generator code quality across multiple languages.
The goal of this issue is to suggest a fuzz framework adding to this repo. It could be as simply as feeding generated valid WIT packages to each wit-bindgen
generator and check if the generated code are buildable. As the wit-bindgen-go
maintainer, I hope there is a continuous fuzzing running in the background and invokes TinyGo
compiler to compile generated WIT bindings. It could go as difficult as making sure the generated code is "correct" - the compiled Wasm modules / components are correct to our expectations.
To get started, I propose to use wit-smith
and libfuzzer-sys
crate and cargo-fuzz
tool for fuzz testing.