/src/WasmEdge/lib/driver/fuzzPO.cpp

Source (jump to first uncovered line)
// SPDX-License-Identifier: Apache-2.0
// SPDX-FileCopyrightText: 2019-2024 Second State INC

#ifdef WASMEDGE_BUILD_FUZZING
#include "driver/fuzzPO.h"
#include "common/spdlog.h"
#include "common/version.h"
#include "po/argument_parser.h"

#include <algorithm>
#include <array>
#include <cstdio>
#include <type_traits>
#include <utility>
#include <vector>

namespace {
template <class Key, class Value, class Hash, class BinaryPredicate>
class SkipTable {
private:
  using UnsignedKey = std::make_unsigned_t<Key>;
  std::array<Value,
             static_cast<std::size_t>(std::numeric_limits<UnsignedKey>::max()) +
                 1u>
      Table;

public:
  SkipTable(std::size_t, Value Default, Hash, BinaryPredicate) {
    std::fill_n(Table.begin(), Table.size(), Default);
  }

  void insert(const Key &K, Value V) { Table[static_cast<UnsignedKey>(K)] = V; }

  const Value &at(const Key &K) const {
    return Table[static_cast<UnsignedKey>(K)];
  }
};

template <class RandomIt1,
          class Hash =
              std::hash<typename std::iterator_traits<RandomIt1>::value_type>,
          class BinaryPredicate = std::equal_to<>>
class BoyerMooreHorspoolSearcher {
private:
  using Key = typename std::iterator_traits<RandomIt1>::value_type;
  using Value = typename std::iterator_traits<RandomIt1>::difference_type;
  static_assert(std::is_integral_v<Key> && sizeof(Key) == 1 &&
                std::is_same_v<Hash, std::hash<Key>> &&
                std::is_same_v<BinaryPredicate, std::equal_to<>>);
  using SkipTableType = SkipTable<Key, Value, Hash, BinaryPredicate>;

public:
  BoyerMooreHorspoolSearcher(RandomIt1 First, RandomIt1 Last, Hash HF = Hash(),
                             BinaryPredicate Pred = BinaryPredicate())
      : Pattern(First), PatternLength(std::distance(First, Last)), Pred(Pred),
        Table(PatternLength, PatternLength, HF, Pred) {
    if (First != Last) {
      --Last;
      for (Value I = 0; First != Last; ++First, ++I) {
        Table.insert(*First, PatternLength - 1 - I);
      }
    }
  }

  template <class RandomIt2>
  std::pair<RandomIt2, RandomIt2> operator()(RandomIt2 First,
                                             RandomIt2 Last) const {
    static_assert(
        std::is_same_v<
            std::remove_cv_t<std::remove_reference_t<
                typename std::iterator_traits<RandomIt1>::value_type>>,
            std::remove_cv_t<std::remove_reference_t<
                typename std::iterator_traits<RandomIt2>::value_type>>>,
        "Corpus and Pattern iterators must point to the same type");
    if (First == Last) {
      // empty corpus
      return {Last, Last};
    }
    if (PatternLength == 0) {
      // empty pattern
      return {First, First};
    }
    // the pattern is larger than the corpus
    if (PatternLength > std::distance(First, Last)) {
      return {Last, Last};
    }

    RandomIt2 Curr = First;
    const RandomIt2 End = Last - PatternLength;
    while (Curr <= End) {
      Value J = PatternLength;
      while (Pred(Pattern[J - 1], Curr[J - 1])) {
        --J;
        if (J == 0) {
          // found
          return {Curr, Curr + PatternLength};
        }
      }
      const auto K = Curr[PatternLength - 1];
      const auto D = Table.at(K);
      Curr += D;
    }
    return {Last, Last};
  }

private:
  RandomIt1 Pattern;
  Value PatternLength;
  BinaryPredicate Pred;
  SkipTableType Table;
};
} // namespace

namespace WasmEdge {
namespace Driver {

int FuzzPO(const uint8_t *Data, size_t Size) noexcept {
  using namespace std::literals;

  std::ios::sync_with_stdio(false);
  spdlog::set_level(spdlog::level::info);

  PO::Option<std::string> SoName(PO::Description("Wasm or so file"sv),
                                 PO::MetaVar("WASM_OR_SO"sv));
  PO::List<std::string> Args(PO::Description("Execution arguments"sv),
                             PO::MetaVar("ARG"sv));

  PO::Option<PO::Toggle> Reactor(PO::Description(
      "Enable reactor mode. Reactor mode calls `_initialize` if exported."));

  PO::List<std::string> Dir(
      PO::Description(
          "Binding directories into WASI virtual filesystem. Each directories "
          "can specified as --dir `guest_path:host_path`, where `guest_path` "
          "specifies the path that will correspond to `host_path` for calls "
          "like `fopen` in the guest."sv),
      PO::MetaVar("PREOPEN_DIRS"sv));

  PO::List<std::string> Env(
      PO::Description(
          "Environ variables. Each variable can be specified as --env `NAME=VALUE`."sv),
      PO::MetaVar("ENVS"sv));

  PO::Option<PO::Toggle> PropMutGlobals(
      PO::Description("Disable Import/Export of mutable globals proposal"sv));
  PO::Option<PO::Toggle> PropNonTrapF2IConvs(PO::Description(
      "Disable Non-trapping float-to-int conversions proposal"sv));
  PO::Option<PO::Toggle> PropSignExtendOps(
      PO::Description("Disable Sign-extension operators proposal"sv));
  PO::Option<PO::Toggle> PropMultiValue(
      PO::Description("Disable Multi-value proposal"sv));
  PO::Option<PO::Toggle> PropBulkMemOps(
      PO::Description("Disable Bulk memory operations proposal"sv));
  PO::Option<PO::Toggle> PropRefTypes(
      PO::Description("Disable Reference types proposal"sv));
  PO::Option<PO::Toggle> PropSIMD(PO::Description("Disable SIMD proposal"sv));
  PO::Option<PO::Toggle> PropMultiMem(
      PO::Description("Enable Multiple memories proposal"sv));
  PO::Option<PO::Toggle> PropTailCall(
      PO::Description("Enable Tail-call proposal"sv));
  PO::Option<PO::Toggle> PropExtendConst(
      PO::Description("Enable Extended-const proposal"sv));
  PO::Option<PO::Toggle> PropThreads(
      PO::Description("Enable Threads proposal"sv));
  PO::Option<PO::Toggle> PropAll(PO::Description("Enable all features"sv));

  PO::Option<PO::Toggle> ConfEnableInstructionCounting(PO::Description(
      "Enable generating code for counting Wasm instructions executed."sv));
  PO::Option<PO::Toggle> ConfEnableGasMeasuring(PO::Description(
      "Enable generating code for counting gas burned during execution."sv));
  PO::Option<PO::Toggle> ConfEnableTimeMeasuring(PO::Description(
      "Enable generating code for counting time during execution."sv));
  PO::Option<PO::Toggle> ConfEnableAllStatistics(PO::Description(
      "Enable generating code for all statistics options include instruction counting, gas measuring, and execution time"sv));

  PO::Option<uint64_t> TimeLim(
      PO::Description(
          "Limitation of maximum time(in milliseconds) for execution, default value is 0 for no limitations"sv),
      PO::MetaVar("TIMEOUT"sv), PO::DefaultValue<uint64_t>(0));

  PO::List<int> GasLim(
      PO::Description(
          "Limitation of execution gas. Upper bound can be specified as --gas-limit `GAS_LIMIT`."sv),
      PO::MetaVar("GAS_LIMIT"sv));

  PO::List<int> MemLim(
      PO::Description(
          "Limitation of pages(as size of 64 KiB) in every memory instance. Upper bound can be specified as --memory-page-limit `PAGE_COUNT`."sv),
      PO::MetaVar("PAGE_COUNT"sv));

  PO::List<std::string> ForbiddenPlugins(
      PO::Description("List of plugins to ignore."sv), PO::MetaVar("NAMES"sv));

  auto Parser = PO::ArgumentParser();
  Parser.add_option(SoName)
      .add_option(Args)
      .add_option("reactor"sv, Reactor)
      .add_option("dir"sv, Dir)
      .add_option("env"sv, Env)
      .add_option("enable-instruction-count"sv, ConfEnableInstructionCounting)
      .add_option("enable-gas-measuring"sv, ConfEnableGasMeasuring)
      .add_option("enable-time-measuring"sv, ConfEnableTimeMeasuring)
      .add_option("enable-all-statistics"sv, ConfEnableAllStatistics)
      .add_option("disable-import-export-mut-globals"sv, PropMutGlobals)
      .add_option("disable-non-trap-float-to-int"sv, PropNonTrapF2IConvs)
      .add_option("disable-sign-extension-operators"sv, PropSignExtendOps)
      .add_option("disable-multi-value"sv, PropMultiValue)
      .add_option("disable-bulk-memory"sv, PropBulkMemOps)
      .add_option("disable-reference-types"sv, PropRefTypes)
      .add_option("disable-simd"sv, PropSIMD)
      .add_option("enable-multi-memory"sv, PropMultiMem)
      .add_option("enable-tail-call"sv, PropTailCall)
      .add_option("enable-extended-const"sv, PropExtendConst)
      .add_option("enable-threads"sv, PropThreads)
      .add_option("enable-all"sv, PropAll)
      .add_option("time-limit"sv, TimeLim)
      .add_option("gas-limit"sv, GasLim)
      .add_option("memory-page-limit"sv, MemLim)
      .add_option("forbidden-plugin"sv, ForbiddenPlugins);

  static constexpr const std::array<char, 4> Separator = {'\xde', '\xad',
                                                          '\xbe', '\xef'};
  static const BoyerMooreHorspoolSearcher Searcher(Separator.begin(),
                                                   Separator.end());
  Span<const char> RawArgs(reinterpret_cast<const char *>(Data), Size);
  std::vector<std::string> ArgvStr;
  std::vector<const char *> Argv;
  while (!RawArgs.empty()) {
    const auto It = std::search(RawArgs.begin(), RawArgs.end(), Searcher);
    ArgvStr.emplace_back(RawArgs.begin(), It);
    RawArgs = RawArgs.subspan(std::min<size_t>(
        std::distance(RawArgs.begin(), It) + 4, RawArgs.size()));
  }
  for (const auto &Arg : ArgvStr) {
    Argv.push_back(Arg.c_str());
  }

  std::unique_ptr<std::FILE, decltype(&std::fclose)> Out{
      std::fopen("/dev/null", "w"), std::fclose};
  if (!Parser.parse(Out.get(), Argv.size(), Argv.data())) {
    return EXIT_FAILURE;
  }
  if (Parser.isVersion()) {
    fmt::print(Out.get(), "{} version {}\n"sv, Argv.empty() ? "" : Argv[0],
               kVersionString);
    return EXIT_SUCCESS;
  }

  return EXIT_SUCCESS;
}

} // namespace Driver
} // namespace WasmEdge
#endif

Coverage Report

Created: 2025-07-11 06:21

Line	Count	Source (jump to first uncovered line)
1		// SPDX-License-Identifier: Apache-2.0
2		// SPDX-FileCopyrightText: 2019-2024 Second State INC
3
4		#ifdef WASMEDGE_BUILD_FUZZING
5		#include "driver/fuzzPO.h"
6		#include "common/spdlog.h"
7		#include "common/version.h"
8		#include "po/argument_parser.h"
9
10		#include <algorithm>
11		#include <array>
12		#include <cstdio>
13		#include <type_traits>
14		#include <utility>
15		#include <vector>
16
17		namespace {
18		template <class Key, class Value, class Hash, class BinaryPredicate>
19		class SkipTable {
20		private:
21		using UnsignedKey = std::make_unsigned_t<Key>;
22		std::array<Value,
23		static_cast<std::size_t>(std::numeric_limits<UnsignedKey>::max()) +
24		1u>
25		Table;
26
27		public:
28	1	SkipTable(std::size_t, Value Default, Hash, BinaryPredicate) {
29	1	std::fill_n(Table.begin(), Table.size(), Default);
30	1	}
31
32	3	void insert(const Key &K, Value V) { Table[static_cast<UnsignedKey>(K)] = V; }
33
34	23.1M	const Value &at(const Key &K) const {
35	23.1M	return Table[static_cast<UnsignedKey>(K)];
36	23.1M	}
37		};
38
39		template <class RandomIt1,
40		class Hash =
41		std::hash<typename std::iterator_traits<RandomIt1>::value_type>,
42		class BinaryPredicate = std::equal_to<>>
43		class BoyerMooreHorspoolSearcher {
44		private:
45		using Key = typename std::iterator_traits<RandomIt1>::value_type;
46		using Value = typename std::iterator_traits<RandomIt1>::difference_type;
47		static_assert(std::is_integral_v<Key> && sizeof(Key) == 1 &&
48		std::is_same_v<Hash, std::hash<Key>> &&
49		std::is_same_v<BinaryPredicate, std::equal_to<>>);
50		using SkipTableType = SkipTable<Key, Value, Hash, BinaryPredicate>;
51
52		public:
53		BoyerMooreHorspoolSearcher(RandomIt1 First, RandomIt1 Last, Hash HF = Hash(),
54		BinaryPredicate Pred = BinaryPredicate())
55	1	: Pattern(First), PatternLength(std::distance(First, Last)), Pred(Pred),
56	1	Table(PatternLength, PatternLength, HF, Pred) {
57	1	if (First != Last) {
58	1	--Last;
59	4	for (Value I = 0; First != Last; ++First, ++I) {
60	3	Table.insert(*First, PatternLength - 1 - I);
61	3	}
62	1	}
63	1	}
64
65		template <class RandomIt2>
66		std::pair<RandomIt2, RandomIt2> operator()(RandomIt2 First,
67	2.87M	RandomIt2 Last) const {
68	2.87M	static_assert(
69	2.87M	std::is_same_v<
70	2.87M	std::remove_cv_t<std::remove_reference_t<
71	2.87M	typename std::iterator_traits<RandomIt1>::value_type>>,
72	2.87M	std::remove_cv_t<std::remove_reference_t<
73	2.87M	typename std::iterator_traits<RandomIt2>::value_type>>>,
74	2.87M	"Corpus and Pattern iterators must point to the same type");
75	2.87M	if (First == Last) {
76		// empty corpus
77	0	return {Last, Last};
78	0	}
79	2.87M	if (PatternLength == 0) {
80		// empty pattern
81	0	return {First, First};
82	0	}
83		// the pattern is larger than the corpus
84	2.87M	if (PatternLength > std::distance(First, Last)) {
85	782	return {Last, Last};
86	782	}
87
88	2.87M	RandomIt2 Curr = First;
89	2.87M	const RandomIt2 End = Last - PatternLength;
90	25.9M	while (Curr <= End) {
91	25.9M	Value J = PatternLength;
92	35.4M	while (Pred(Pattern[J - 1], Curr[J - 1])) {
93	12.3M	--J;
94	12.3M	if (J == 0) {
95		// found
96	2.87M	return {Curr, Curr + PatternLength};
97	2.87M	}
98	12.3M	}
99	23.1M	const auto K = Curr[PatternLength - 1];
100	23.1M	const auto D = Table.at(K);
101	23.1M	Curr += D;
102	23.1M	}
103	1.23k	return {Last, Last};
104	2.87M	}
105
106		private:
107		RandomIt1 Pattern;
108		Value PatternLength;
109		BinaryPredicate Pred;
110		SkipTableType Table;
111		};
112		} // namespace
113
114		namespace WasmEdge {
115		namespace Driver {
116
117	2.05k	int FuzzPO(const uint8_t *Data, size_t Size) noexcept {
118	2.05k	using namespace std::literals;
119
120	2.05k	std::ios::sync_with_stdio(false);
121	2.05k	spdlog::set_level(spdlog::level::info);
122
123	2.05k	PO::Option<std::string> SoName(PO::Description("Wasm or so file"sv),
124	2.05k	PO::MetaVar("WASM_OR_SO"sv));
125	2.05k	PO::List<std::string> Args(PO::Description("Execution arguments"sv),
126	2.05k	PO::MetaVar("ARG"sv));
127
128	2.05k	PO::Option<PO::Toggle> Reactor(PO::Description(
129	2.05k	"Enable reactor mode. Reactor mode calls `_initialize` if exported."));
130
131	2.05k	PO::List<std::string> Dir(
132	2.05k	PO::Description(
133	2.05k	"Binding directories into WASI virtual filesystem. Each directories "
134	2.05k	"can specified as --dir `guest_path:host_path`, where `guest_path` "
135	2.05k	"specifies the path that will correspond to `host_path` for calls "
136	2.05k	"like `fopen` in the guest."sv),
137	2.05k	PO::MetaVar("PREOPEN_DIRS"sv));
138
139	2.05k	PO::List<std::string> Env(
140	2.05k	PO::Description(
141	2.05k	"Environ variables. Each variable can be specified as --env `NAME=VALUE`."sv),
142	2.05k	PO::MetaVar("ENVS"sv));
143
144	2.05k	PO::Option<PO::Toggle> PropMutGlobals(
145	2.05k	PO::Description("Disable Import/Export of mutable globals proposal"sv));
146	2.05k	PO::Option<PO::Toggle> PropNonTrapF2IConvs(PO::Description(
147	2.05k	"Disable Non-trapping float-to-int conversions proposal"sv));
148	2.05k	PO::Option<PO::Toggle> PropSignExtendOps(
149	2.05k	PO::Description("Disable Sign-extension operators proposal"sv));
150	2.05k	PO::Option<PO::Toggle> PropMultiValue(
151	2.05k	PO::Description("Disable Multi-value proposal"sv));
152	2.05k	PO::Option<PO::Toggle> PropBulkMemOps(
153	2.05k	PO::Description("Disable Bulk memory operations proposal"sv));
154	2.05k	PO::Option<PO::Toggle> PropRefTypes(
155	2.05k	PO::Description("Disable Reference types proposal"sv));
156	2.05k	PO::Option<PO::Toggle> PropSIMD(PO::Description("Disable SIMD proposal"sv));
157	2.05k	PO::Option<PO::Toggle> PropMultiMem(
158	2.05k	PO::Description("Enable Multiple memories proposal"sv));
159	2.05k	PO::Option<PO::Toggle> PropTailCall(
160	2.05k	PO::Description("Enable Tail-call proposal"sv));
161	2.05k	PO::Option<PO::Toggle> PropExtendConst(
162	2.05k	PO::Description("Enable Extended-const proposal"sv));
163	2.05k	PO::Option<PO::Toggle> PropThreads(
164	2.05k	PO::Description("Enable Threads proposal"sv));
165	2.05k	PO::Option<PO::Toggle> PropAll(PO::Description("Enable all features"sv));
166
167	2.05k	PO::Option<PO::Toggle> ConfEnableInstructionCounting(PO::Description(
168	2.05k	"Enable generating code for counting Wasm instructions executed."sv));
169	2.05k	PO::Option<PO::Toggle> ConfEnableGasMeasuring(PO::Description(
170	2.05k	"Enable generating code for counting gas burned during execution."sv));
171	2.05k	PO::Option<PO::Toggle> ConfEnableTimeMeasuring(PO::Description(
172	2.05k	"Enable generating code for counting time during execution."sv));
173	2.05k	PO::Option<PO::Toggle> ConfEnableAllStatistics(PO::Description(
174	2.05k	"Enable generating code for all statistics options include instruction counting, gas measuring, and execution time"sv));
175
176	2.05k	PO::Option<uint64_t> TimeLim(
177	2.05k	PO::Description(
178	2.05k	"Limitation of maximum time(in milliseconds) for execution, default value is 0 for no limitations"sv),
179	2.05k	PO::MetaVar("TIMEOUT"sv), PO::DefaultValue<uint64_t>(0));
180
181	2.05k	PO::List<int> GasLim(
182	2.05k	PO::Description(
183	2.05k	"Limitation of execution gas. Upper bound can be specified as --gas-limit `GAS_LIMIT`."sv),
184	2.05k	PO::MetaVar("GAS_LIMIT"sv));
185
186	2.05k	PO::List<int> MemLim(
187	2.05k	PO::Description(
188	2.05k	"Limitation of pages(as size of 64 KiB) in every memory instance. Upper bound can be specified as --memory-page-limit `PAGE_COUNT`."sv),
189	2.05k	PO::MetaVar("PAGE_COUNT"sv));
190
191	2.05k	PO::List<std::string> ForbiddenPlugins(
192	2.05k	PO::Description("List of plugins to ignore."sv), PO::MetaVar("NAMES"sv));
193
194	2.05k	auto Parser = PO::ArgumentParser();
195	2.05k	Parser.add_option(SoName)
196	2.05k	.add_option(Args)
197	2.05k	.add_option("reactor"sv, Reactor)
198	2.05k	.add_option("dir"sv, Dir)
199	2.05k	.add_option("env"sv, Env)
200	2.05k	.add_option("enable-instruction-count"sv, ConfEnableInstructionCounting)
201	2.05k	.add_option("enable-gas-measuring"sv, ConfEnableGasMeasuring)
202	2.05k	.add_option("enable-time-measuring"sv, ConfEnableTimeMeasuring)
203	2.05k	.add_option("enable-all-statistics"sv, ConfEnableAllStatistics)
204	2.05k	.add_option("disable-import-export-mut-globals"sv, PropMutGlobals)
205	2.05k	.add_option("disable-non-trap-float-to-int"sv, PropNonTrapF2IConvs)
206	2.05k	.add_option("disable-sign-extension-operators"sv, PropSignExtendOps)
207	2.05k	.add_option("disable-multi-value"sv, PropMultiValue)
208	2.05k	.add_option("disable-bulk-memory"sv, PropBulkMemOps)
209	2.05k	.add_option("disable-reference-types"sv, PropRefTypes)
210	2.05k	.add_option("disable-simd"sv, PropSIMD)
211	2.05k	.add_option("enable-multi-memory"sv, PropMultiMem)
212	2.05k	.add_option("enable-tail-call"sv, PropTailCall)
213	2.05k	.add_option("enable-extended-const"sv, PropExtendConst)
214	2.05k	.add_option("enable-threads"sv, PropThreads)
215	2.05k	.add_option("enable-all"sv, PropAll)
216	2.05k	.add_option("time-limit"sv, TimeLim)
217	2.05k	.add_option("gas-limit"sv, GasLim)
218	2.05k	.add_option("memory-page-limit"sv, MemLim)
219	2.05k	.add_option("forbidden-plugin"sv, ForbiddenPlugins);
220
221	2.05k	static constexpr const std::array<char, 4> Separator = {'\xde', '\xad',
222	2.05k	'\xbe', '\xef'};
223	2.05k	static const BoyerMooreHorspoolSearcher Searcher(Separator.begin(),
224	2.05k	Separator.end());
225	2.05k	Span<const char> RawArgs(reinterpret_cast<const char *>(Data), Size);
226	2.05k	std::vector<std::string> ArgvStr;
227	2.05k	std::vector<const char *> Argv;
228	2.87M	while (!RawArgs.empty()) {
229	2.87M	const auto It = std::search(RawArgs.begin(), RawArgs.end(), Searcher);
230	2.87M	ArgvStr.emplace_back(RawArgs.begin(), It);
231	2.87M	RawArgs = RawArgs.subspan(std::min<size_t>(
232	2.87M	std::distance(RawArgs.begin(), It) + 4, RawArgs.size()));
233	2.87M	}
234	2.87M	for (const auto &Arg : ArgvStr) {
235	2.87M	Argv.push_back(Arg.c_str());
236	2.87M	}
237
238	2.05k	std::unique_ptr<std::FILE, decltype(&std::fclose)> Out{
239	2.05k	std::fopen("/dev/null", "w"), std::fclose};
240	2.05k	if (!Parser.parse(Out.get(), Argv.size(), Argv.data())) {
241	920	return EXIT_FAILURE;
242	920	}
243	1.13k	if (Parser.isVersion()) {
244	331	fmt::print(Out.get(), "{} version {}\n"sv, Argv.empty() ? "" : Argv[0],
245	331	kVersionString);
246	331	return EXIT_SUCCESS;
247	331	}
248
249	799	return EXIT_SUCCESS;
250	1.13k	}
251
252		} // namespace Driver
253		} // namespace WasmEdge
254		#endif