diff options
| author | Alon Zakai <alonzakai@gmail.com> | 2017-08-11 10:53:21 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-11 10:53:21 -0700 |
| commit | 4216894b22e5891e83851d2af42080293e6089e4 (patch) | |
| tree | e4fdcdd5becaf80dcaf924bd20e01f107b05b388 /src/tools/spec-wrapper.h | |
| parent | 5295929fd239ea8a760cd2c3f65510da9972c33c (diff) | |
| download | binaryen-4216894b22e5891e83851d2af42080293e6089e4.tar.gz binaryen-4216894b22e5891e83851d2af42080293e6089e4.tar.bz2 binaryen-4216894b22e5891e83851d2af42080293e6089e4.zip | |
New fuzzer (#1126)
This adds a new method of fuzzing, "translate to fuzz" which means we consider the input to be a stream of data that we translate into a valid wasm module. It's sort of like a random seed for a process that creates a random wasm module. By using the input that way, we can explore the space of valid wasm modules quickly, and it makes afl-fuzz integration easy.
Also adds a "fuzz binary" option which is similar to "fuzz execution". It makes wasm-opt not only execute the code before and after opts, but also write to binary and read from it, helping to fuzz the binary format.
Diffstat (limited to 'src/tools/spec-wrapper.h')
| -rw-r--r-- | src/tools/spec-wrapper.h | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/src/tools/spec-wrapper.h b/src/tools/spec-wrapper.h new file mode 100644 index 000000000..4da746a5d --- /dev/null +++ b/src/tools/spec-wrapper.h @@ -0,0 +1,47 @@ +/* + * Copyright 2017 WebAssembly Community Group participants + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// +// Emit a wasm spec interpreter wrapper to run a wasm module with some test +// values, useful for fuzzing. +// + +namespace wasm { + +static std::string generateSpecWrapper(Module& wasm) { + std::string ret; + for (auto& exp : wasm.exports) { + auto* func = wasm.getFunctionOrNull(exp->value); + if (!func) continue; // something exported other than a function + ret += std::string("(invoke \"hangLimitInitializer\") (invoke \"") + exp->name.str + "\" "; + for (WasmType param : func->params) { + // zeros in arguments TODO more? + switch (param) { + case i32: ret += "(i32.const 0)"; break; + case i64: ret += "(i64.const 0)"; break; + case f32: ret += "(f32.const 0)"; break; + case f64: ret += "(f64.const 0)"; break; + default: WASM_UNREACHABLE(); + } + ret += " "; + } + ret += ") "; + } + return ret; +} + +} // namespace wasm + |