fluencelabs/parity-wasm
1
0
Fork 0
mirror of https://github.com/fluencelabs/parity-wasm synced 2025-05-29 23:51:35 +00:00
Code Issues Projects Releases Wiki Activity

Use binaryen-rs for in-process wasm fuzzing

Browse Source
This commit is contained in:
Sergey Pepyakin 2018-01-20 01:47:56 +03:00
parent 9330a39ac1
commit 03b890da40
5 changed files with 9 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -1,6 +1,3 @@
[submodule "spec/wabt"] [submodule "spec/wabt"]
path = spec/wabt path = spec/wabt
url = https://github.com/WebAssembly/wabt url = https://github.com/WebAssembly/wabt
[submodule "fuzz/binaryen"]
path = fuzz/binaryen
url = https://github.com/WebAssembly/binaryen

7
fuzz/Cargo.toml
View File

@ -4,14 +4,13 @@ name = "parity-wasm-fuzz"
version = "0.0.1" version = "0.0.1"
authors = ["Pat Hickey phickey@fastly.com"] authors = ["Pat Hickey phickey@fastly.com"]
publish = false publish = false
build = "build.rs"
[build-dependencies]
cmake = "0.1"
[package.metadata] [package.metadata]
cargo-fuzz = true cargo-fuzz = true
[dependencies.binaryen]
version = "0.3.0"
[dependencies.parity-wasm] [dependencies.parity-wasm]
path = ".." path = ".."
[dependencies.libfuzzer-sys] [dependencies.libfuzzer-sys]

1
fuzz/binaryen

@ -1 +0,0 @@
Subproject commit a9bf3a323837c366b7d467b720495d08e46d2e32

7
fuzz/build.rs
View File

@ -1,7 +0,0 @@
extern crate cmake;
use cmake::Config;
fn main() {
let _dst = Config::new("binaryen")
.build();
}

49
fuzz/fuzz_targets/deserialize.rs
View File

@ -2,54 +2,17 @@
#[macro_use] #[macro_use]
extern crate libfuzzer_sys; extern crate libfuzzer_sys;
extern crate parity_wasm; extern crate parity_wasm;
extern crate mktemp; extern crate binaryen;
use std::fs::File;
use std::io::Write;
use std::path::PathBuf;
use std::process::Command;
fn wasm_opt() -> PathBuf {
let bin = PathBuf::from(env!("OUT_DIR")).join("bin").join("wasm-opt");
assert!(
bin.exists(),
format!(
"could not find wasm-opt at location installed by build.rs: {:?}",
wasm_opt()
)
);
bin
}
fuzz_target!(|data: &[u8]| { fuzz_target!(|data: &[u8]| {
let seed = mktemp::Temp::new_file().expect("mktemp file to store fuzzer input"); let binaryen_module = binaryen::tools::translate_to_fuzz(data);
let mut seedfile =
File::create(seed.as_ref()).expect("open temporary file for writing to store fuzzer input");
seedfile.write_all(data).expect(
"write fuzzer input to temporary file",
);
seedfile.flush().expect(
"flush fuzzer input to temporary file before starting wasm-opt",
);
let wasm = mktemp::Temp::new_file().expect("mktemp file to store wasm-opt output"); // enable binaryen's validation if in doubt.
let opt_fuzz = Command::new(wasm_opt()) // assert!(binaryen_module.is_valid());
.arg("--translate-to-fuzz")
.arg(seed.as_ref())
.arg("-o")
.arg(wasm.as_ref())
.output()
.expect("execute wasm-opt installed by build.rs");
assert!( let wasm = binaryen_module.write();
opt_fuzz.status.success(),
format!(
"wasm-opt failed with: {}",
String::from_utf8_lossy(&opt_fuzz.stderr)
)
);
let _module: parity_wasm::elements::Module = parity_wasm::deserialize_file(wasm.as_ref()) let _module: parity_wasm::elements::Module = parity_wasm::deserialize_buffer(&wasm)
.expect( .expect(
"deserialize output of wasm-opt, indicating possible bug in deserializer", "deserialize output of wasm-opt, indicating possible bug in deserializer",
); );