/src/wasmtime/fuzz/fuzz_targets/compile.rs
Line | Count | Source |
1 | | //! Compile arbitrary bytes from the fuzzer as if they were Wasm. Also use |
2 | | //! `wasm-mutate` to mutate the fuzz inputs. |
3 | | |
4 | | #![no_main] |
5 | | |
6 | | use libfuzzer_sys::{fuzz_mutator, fuzz_target}; |
7 | | use wasmtime::{Config, Engine, Module}; |
8 | | |
9 | 25.2k | fn create_engine() -> Engine { |
10 | 25.2k | let mut config = Config::default(); |
11 | 25.2k | // Safety: the Cranelift option `regalloc_checker` does not alter |
12 | 25.2k | // the generated code at all; it only does extra checking after |
13 | 25.2k | // compilation. |
14 | 25.2k | unsafe { |
15 | 25.2k | config.cranelift_flag_enable("regalloc_checker"); |
16 | 25.2k | } |
17 | 25.2k | Engine::new(&config).expect("Could not construct Engine") |
18 | 25.2k | } |
19 | | |
20 | | fuzz_target!(|data: &[u8]| { |
21 | | let engine = create_engine(); |
22 | | wasmtime_fuzzing::oracles::log_wasm(data); |
23 | | drop(Module::new(&engine, data)); |
24 | | }); |
25 | | |
26 | | fuzz_mutator!(|data: &mut [u8], size: usize, max_size: usize, seed: u32| { |
27 | | // Half of the time use libfuzzer's built in mutators, and the other half of |
28 | | // the time use `wasm-mutate`. |
29 | | if seed.count_ones() % 2 == 0 { |
30 | | libfuzzer_sys::fuzzer_mutate(data, size, max_size) |
31 | | } else { |
32 | | wasmtime_fuzzing::mutators::wasm_mutate( |
33 | | data, |
34 | | size, |
35 | | max_size, |
36 | | seed, |
37 | | libfuzzer_sys::fuzzer_mutate, |
38 | | ) |
39 | | } |
40 | | }); |