diff options
| author | Alon Zakai <azakai@google.com> | 2024-11-26 15:12:36 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-26 15:12:36 -0800 |
| commit | 73971d78e5355e8f08b4026b741992d78bd77476 (patch) | |
| tree | e1f3b8761cb2c5a226e9b87daac954eeb5e91ed7 /scripts/clusterfuzz/run.py | |
| parent | 4ffe27255ce99d452d05d4b352e3f6e1e9ca7d83 (diff) | |
| download | binaryen-73971d78e5355e8f08b4026b741992d78bd77476.tar.gz binaryen-73971d78e5355e8f08b4026b741992d78bd77476.tar.bz2 binaryen-73971d78e5355e8f08b4026b741992d78bd77476.zip | |
[Fuzzing] Emit secondary wasm files in ClusterFuzz testcases (#7122)
The two files are then linked and run by fuzz_shell.js (we had this functionality
already in order to fuzz wasm-split). By adding multiple build and run commands
of both the primary and secondary wasm files, we can end up with multiple
instances of two different wasm files that call between themselves.
To help testing, add a script that extracts the wasm files from the testcase. This
may also be useful in the future for testcase reduction.
Diffstat (limited to 'scripts/clusterfuzz/run.py')
| -rwxr-xr-x | scripts/clusterfuzz/run.py | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/scripts/clusterfuzz/run.py b/scripts/clusterfuzz/run.py index 6bbb74ef8..8ac880e0d 100755 --- a/scripts/clusterfuzz/run.py +++ b/scripts/clusterfuzz/run.py @@ -150,7 +150,18 @@ def get_js_file_contents(i, output_dir): # Prepend the wasm contents, so they are used (rather than the normal # mechanism where the wasm file's name is provided in argv). wasm_contents = get_wasm_contents(i, output_dir) - js = f'var binary = {wasm_contents};\n\n' + js + pre = f'var binary = {wasm_contents};\n' + bytes = wasm_contents.count(',') + + # Sometimes add a second wasm file as well. + has_second = False + if system_random.random() < 0.333: + has_second = True + wasm_contents = get_wasm_contents(i, output_dir) + pre += f'var secondBinary = {wasm_contents};\n' + bytes += wasm_contents.count(',') + + js = pre + '\n' + js # The default JS builds and runs the wasm. Append some random additional # operations as well, as more compiles and executions can find things. To @@ -171,16 +182,23 @@ def get_js_file_contents(i, output_dir): x = math.pow(x, power) num = math.floor(x * MAX_EXTRA_JS_OPERATIONS) assert num >= 0 and num <= MAX_EXTRA_JS_OPERATIONS + + extra_js_operations = [ + # Compile and link the wasm again. Each link adds more to the total + # exports that we can call. + 'build(binary);\n', + # Run all the exports we've accumulated. + 'callExports();\n', + ] + if has_second: + extra_js_operations += [ + 'build(secondBinary);\n', + ] + for i in range(num): - js += system_random.choice([ - # Compile and link the wasm again. Each link adds more to the total - # exports that we can call. - 'build(binary);\n', - # Run all the exports we've accumulated. - 'callExports();\n', - ]) - - print(f'Created {wasm_contents.count(",")} wasm bytes') + js += system_random.choice(extra_js_operations) + + print(f'Created {bytes} wasm bytes') return js |