diff options
| author | Alon Zakai <azakai@google.com> | 2024-11-19 09:28:01 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-19 09:28:01 -0800 |
| commit | b0e999a2b8841d8be21cbcdc84cbc1d6469e36d7 (patch) | |
| tree | 55f1d24ca38d3a0c9b6e9197f0e1a28493c50f50 /src/tools/wasm-opt.cpp | |
| parent | 25b8e6a714d2217e8735a925bc751900bce09d53 (diff) | |
| download | binaryen-b0e999a2b8841d8be21cbcdc84cbc1d6469e36d7.tar.gz binaryen-b0e999a2b8841d8be21cbcdc84cbc1d6469e36d7.tar.bz2 binaryen-b0e999a2b8841d8be21cbcdc84cbc1d6469e36d7.zip | |
Fuzzing: ClusterFuzz integration (#7079)
The main addition here is a bundle_clusterfuzz.py script which will package up
the exact files that should be uploaded to ClusterFuzz. It also documents the
process and bundling and testing. You can do
bundle.py OUTPUT_FILE.tgz
That bundles wasm-opt from ./bin., which is enough for local testing. For
actually uploading to ClusterFuzz, we need a portable build, and @dschuff
had the idea to reuse the emsdk build, which works nicely. Doing
bundle.py OUTPUT_FILE.tgz --build-dir=/path/to/emsdk/upstream/
will bundle wasm-opt (+libs) from the emsdk. I verified that those builds
work on ClusterFuzz.
I added several forms of testing here. First, our main fuzzer fuzz_opt.py now
has a ClusterFuzz testcase handler, which simulates a ClusterFuzz environment.
Second, there are smoke tests that run in the unit test suite, and can also be
run separately:
python -m unittest test/unit/test_cluster_fuzz.py
Those unit tests can also run on a given bundle, e.g. one created from an
emsdk build, for testing right before upload:
BINARYEN_CLUSTER_FUZZ_BUNDLE=/path/to/bundle.tgz python -m unittest test/unit/test_cluster_fuzz.py
A third piece of testing is to add a --fuzz-passes test. That is a mode for
-ttf (translate random data into a valid wasm fuzz testcase) that uses random
data to pick and run a set of passes, to further shape the wasm. (--fuzz-passes
had no previous testing, and this PR fixes it and tidies it up a little, adding some
newer passes too).
Otherwise this PR includes the key run.py script that is bundled and then
executed by ClusterFuzz, basically a python script that runs wasm-opt -ttf [..]
to generate testcases, sets up their JS, and emits them.
fuzz_shell.js, which is the JS to execute testcases, will now check if it is
provided binary data of a wasm file. If so, it does not read a wasm file from
argv[1]. (This is needed because ClusterFuzz expects a single file for the
testcase, so we make a JS file with bundled wasm inside it.)
Diffstat (limited to 'src/tools/wasm-opt.cpp')
| -rw-r--r-- | src/tools/wasm-opt.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/tools/wasm-opt.cpp b/src/tools/wasm-opt.cpp index 3e1152179..3e429a976 100644 --- a/src/tools/wasm-opt.cpp +++ b/src/tools/wasm-opt.cpp @@ -161,8 +161,8 @@ int main(int argc, const char* argv[]) { }) .add("--fuzz-passes", "-fp", - "Pick a random set of passes to run, useful for fuzzing. this depends " - "on translate-to-fuzz (it picks the passes from the input)", + "When doing translate-to-fuzz, pick a set of random passes from the " + "input to further shape the wasm", WasmOptOption, Options::Arguments::Zero, [&](Options* o, const std::string& arguments) { fuzzPasses = true; }) |