summaryrefslogtreecommitdiff
path: root/src/tools/spec-wrapper.h
diff options
context:
space:
mode:
authorAlon Zakai <alonzakai@gmail.com>2017-08-11 10:53:21 -0700
committerGitHub <noreply@github.com>2017-08-11 10:53:21 -0700
commit4216894b22e5891e83851d2af42080293e6089e4 (patch)
treee4fdcdd5becaf80dcaf924bd20e01f107b05b388 /src/tools/spec-wrapper.h
parent5295929fd239ea8a760cd2c3f65510da9972c33c (diff)
downloadbinaryen-4216894b22e5891e83851d2af42080293e6089e4.tar.gz
binaryen-4216894b22e5891e83851d2af42080293e6089e4.tar.bz2
binaryen-4216894b22e5891e83851d2af42080293e6089e4.zip
New fuzzer (#1126)
This adds a new method of fuzzing, "translate to fuzz" which means we consider the input to be a stream of data that we translate into a valid wasm module. It's sort of like a random seed for a process that creates a random wasm module. By using the input that way, we can explore the space of valid wasm modules quickly, and it makes afl-fuzz integration easy. Also adds a "fuzz binary" option which is similar to "fuzz execution". It makes wasm-opt not only execute the code before and after opts, but also write to binary and read from it, helping to fuzz the binary format.
Diffstat (limited to 'src/tools/spec-wrapper.h')
-rw-r--r--src/tools/spec-wrapper.h47
1 files changed, 47 insertions, 0 deletions
diff --git a/src/tools/spec-wrapper.h b/src/tools/spec-wrapper.h
new file mode 100644
index 000000000..4da746a5d
--- /dev/null
+++ b/src/tools/spec-wrapper.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2017 WebAssembly Community Group participants
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//
+// Emit a wasm spec interpreter wrapper to run a wasm module with some test
+// values, useful for fuzzing.
+//
+
+namespace wasm {
+
+static std::string generateSpecWrapper(Module& wasm) {
+ std::string ret;
+ for (auto& exp : wasm.exports) {
+ auto* func = wasm.getFunctionOrNull(exp->value);
+ if (!func) continue; // something exported other than a function
+ ret += std::string("(invoke \"hangLimitInitializer\") (invoke \"") + exp->name.str + "\" ";
+ for (WasmType param : func->params) {
+ // zeros in arguments TODO more?
+ switch (param) {
+ case i32: ret += "(i32.const 0)"; break;
+ case i64: ret += "(i64.const 0)"; break;
+ case f32: ret += "(f32.const 0)"; break;
+ case f64: ret += "(f64.const 0)"; break;
+ default: WASM_UNREACHABLE();
+ }
+ ret += " ";
+ }
+ ret += ") ";
+ }
+ return ret;
+}
+
+} // namespace wasm
+