From 791e60f5335dc78537321943d6f58c7082974980 Mon Sep 17 00:00:00 2001 From: "liang.he" Date: Mon, 28 Apr 2025 21:44:04 +0800 Subject: [PATCH] feat(fuzz): add a new fuzzing target about aot compiler (#4121) support llvm-jit running mode as another fuzzing target --- build-scripts/version.cmake | 2 +- core/iwasm/compilation/aot_llvm.c | 3 +- tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt | 211 ++++++------------ tests/fuzz/wasm-mutator-fuzz/README.md | 57 +++-- .../aot-compiler/CMakeLists.txt | 164 ++++++++++++++ .../aot-compiler/aot_compiler_fuzz.cc | 85 +++++++ .../wasm-mutator-fuzz/clang_toolchain.cmake | 29 +++ .../wasm-mutator/CMakeLists.txt | 70 ++++++ .../{ => wasm-mutator}/wasm_mutator_fuzz.cc | 0 9 files changed, 455 insertions(+), 166 deletions(-) create mode 100644 tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt create mode 100644 tests/fuzz/wasm-mutator-fuzz/aot-compiler/aot_compiler_fuzz.cc create mode 100644 tests/fuzz/wasm-mutator-fuzz/clang_toolchain.cmake create mode 100644 tests/fuzz/wasm-mutator-fuzz/wasm-mutator/CMakeLists.txt rename tests/fuzz/wasm-mutator-fuzz/{ => wasm-mutator}/wasm_mutator_fuzz.cc (100%) diff --git a/build-scripts/version.cmake b/build-scripts/version.cmake index 04c4e1ccb..21eaedca8 100644 --- a/build-scripts/version.cmake +++ b/build-scripts/version.cmake @@ -3,7 +3,7 @@ if(NOT WAMR_ROOT_DIR) # if from wamr-compiler - set(WAMR_ROOT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..) + set(WAMR_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/..) endif() set(WAMR_VERSION_MAJOR 2) diff --git a/core/iwasm/compilation/aot_llvm.c b/core/iwasm/compilation/aot_llvm.c index 21e675bc7..9270f0efe 100644 --- a/core/iwasm/compilation/aot_llvm.c +++ b/core/iwasm/compilation/aot_llvm.c @@ -2520,7 +2520,8 @@ aot_compiler_init(void) LLVMInitializeCore(LLVMGetGlobalPassRegistry()); #endif -#if WASM_ENABLE_WAMR_COMPILER != 0 +/* fuzzing only use host targets for simple */ +#if WASM_ENABLE_WAMR_COMPILER != 0 && WASM_ENABLE_FUZZ_TEST == 0 /* Init environment of all targets for AOT compiler */ LLVMInitializeAllTargetInfos(); LLVMInitializeAllTargets(); diff --git a/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt b/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt index 813afa21f..8bb860788 100644 --- a/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt +++ b/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt @@ -1,170 +1,101 @@ # Copyright (C) 2019 Intel Corporation. All rights reserved. # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception -cmake_minimum_required (VERSION 3.14) +cmake_minimum_required(VERSION 3.14) -if (NOT DEFINED CMAKE_C_COMPILER) -set (CMAKE_C_COMPILER "clang") -endif () -if (NOT DEFINED CMAKE_CXX_COMPILER) -set (CMAKE_CXX_COMPILER "clang++") -endif () +project(wamr_fuzzing LANGUAGES ASM C CXX) -project(wasm_mutator) +include(CMakePrintHelpers) -set (CMAKE_BUILD_TYPE Debug) - -string (TOLOWER ${CMAKE_HOST_SYSTEM_NAME} WAMR_BUILD_PLATFORM) - -# Reset default linker flags -set (CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") -set (CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS "") - -set (CMAKE_C_STANDARD 11) -set (CMAKE_CXX_STANDARD 17) - -# Set WAMR_BUILD_TARGET, currently values supported: -# "X86_64", "AMD_64", "X86_32", "AARCH64[sub]", "ARM[sub]", "THUMB[sub]", -# "MIPS", "XTENSA", "RISCV64[sub]", "RISCV32[sub]" -if (NOT DEFINED WAMR_BUILD_TARGET) - if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm64|aarch64)") - set (WAMR_BUILD_TARGET "AARCH64") - elseif (CMAKE_SYSTEM_PROCESSOR STREQUAL "riscv64") - set (WAMR_BUILD_TARGET "RISCV64") - elseif (CMAKE_SIZEOF_VOID_P EQUAL 8) - # Build as X86_64 by default in 64-bit platform - set (WAMR_BUILD_TARGET "X86_64") - elseif (CMAKE_SIZEOF_VOID_P EQUAL 4) - # Build as X86_32 by default in 32-bit platform - set (WAMR_BUILD_TARGET "X86_32") - else () - message(SEND_ERROR "Unsupported build target platform!") - endif () -endif () - -if (APPLE) - add_definitions(-DBH_PLATFORM_DARWIN) -endif () - -if(CUSTOM_MUTATOR EQUAL 1) - add_compile_definitions(CUSTOM_MUTATOR) +# Ensure Clang is used as the compiler +if(NOT CMAKE_C_COMPILER_ID STREQUAL "Clang" + OR NOT CMAKE_ASM_COMPILER_ID STREQUAL "Clang") + message(FATAL_ERROR "Please use Clang as the C compiler for libFuzzer compatibility.") endif() -if (NOT DEFINED WAMR_BUILD_INTERP) - # Enable Interpreter by default - set (WAMR_BUILD_INTERP 1) -endif () +# +# Global settings +# +set(CMAKE_BUILD_TYPE Debug) +set(CMAKE_C_STANDARD 11) +set(CMAKE_CXX_STANDARD 17) -if (NOT DEFINED WAMR_BUILD_AOT) - # Enable AOT by default. - set (WAMR_BUILD_AOT 1) -endif () +string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} WAMR_BUILD_PLATFORM) -if (NOT DEFINED WAMR_BUILD_JIT) - # Disable JIT by default. - set (WAMR_BUILD_JIT 0) -endif () +# Reset default linker flags +set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") +set(CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS "") -if (NOT DEFINED WAMR_BUILD_LIBC_BUILTIN) - # Disable libc builtin support by default - set (WAMR_BUILD_LIBC_BUILTIN 0) -endif () +# Check if the compiler supports the sanitizer flags +include(CheckCXXCompilerFlag) +check_cxx_compiler_flag("-fsanitize=address" HAS_ADDRESS_SANITIZER) +check_cxx_compiler_flag("-fsanitize=memory" HAS_MEMORY_SANITIZER) +check_cxx_compiler_flag("-fsanitize=undefined" HAS_UNDEFINED_SANITIZER) -if (NOT DEFINED WAMR_BUILD_LIBC_WASI) - # Enable libc wasi support by default - set (WAMR_BUILD_LIBC_WASI 0) -endif () +# Determine WAMR_BUILD_TARGET based on system properties +if(NOT DEFINED WAMR_BUILD_TARGET) + if(CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm64|aarch64)") + set(WAMR_BUILD_TARGET "AARCH64") + elseif(CMAKE_SYSTEM_PROCESSOR STREQUAL "riscv64") + set(WAMR_BUILD_TARGET "RISCV64") + elseif(CMAKE_SIZEOF_VOID_P EQUAL 8) + set(WAMR_BUILD_TARGET "X86_64") + elseif(CMAKE_SIZEOF_VOID_P EQUAL 4) + set(WAMR_BUILD_TARGET "X86_32") + else() + message(SEND_ERROR "Unsupported build target platform!") + endif() +endif() -if (NOT DEFINED WAMR_BUILD_FAST_INTERP) - # Enable fast interpreter - set (WAMR_BUILD_FAST_INTERP 1) -endif () +if(APPLE) + add_definitions(-DBH_PLATFORM_DARWIN) +endif() -if (NOT DEFINED WAMR_BUILD_MULTI_MODULE) - # Disable multiple modules - set (WAMR_BUILD_MULTI_MODULE 0) -endif () +# Disable hardware bound check and enable AOT validator +set(WAMR_DISABLE_HW_BOUND_CHECK 1) +set(WAMR_BUILD_AOT_VALIDATOR 1) -if (NOT DEFINED WAMR_BUILD_LIB_PTHREAD) - # Disable pthread library by default - set (WAMR_BUILD_LIB_PTHREAD 0) -endif () +set(REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..) +message(STATUS "REPO_ROOT_DIR: ${REPO_ROOT_DIR}") -if (NOT DEFINED WAMR_BUILD_MINI_LOADER) - # Disable wasm mini loader by default - set (WAMR_BUILD_MINI_LOADER 0) -endif () +# Use LLVM_DIR from command line if defined +# LLVM_DIR should be something like /path/to/llvm/build/lib/cmake/llvm +if(DEFINED LLVM_DIR) + set(LLVM_DIR $ENV{LLVM_DIR}) +else() + set(LLVM_SRC_ROOT ${REPO_ROOT_DIR}/core/deps/llvm) + set(LLVM_BUILD_ROOT ${LLVM_SRC_ROOT}/build) + set(LLVM_DIR ${LLVM_BUILD_ROOT}/lib/cmake/llvm) +endif() -if (NOT DEFINED WAMR_BUILD_SIMD) - # Enable SIMD by default - set (WAMR_BUILD_SIMD 1) -endif () +# if LLVM_DIR is an existing directory, use it +if(NOT EXISTS ${LLVM_DIR}) + message(FATAL_ERROR "LLVM_DIR not found: ${LLVM_DIR}") +endif() -if (NOT DEFINED WAMR_BUILD_REF_TYPES) - # Enable reference type by default - set (WAMR_BUILD_REF_TYPES 1) -endif () +find_package(LLVM REQUIRED CONFIG) -if (NOT DEFINED WAMR_BUILD_DEBUG_INTERP) - # Disable Debug feature by default - set (WAMR_BUILD_DEBUG_INTERP 0) -endif () +message(STATUS "Found LLVM ${LLVM_PACKAGE_VERSION}") +message(STATUS "Using LLVMConfig.cmake in: ${LLVM_DIR}") -if (WAMR_BUILD_DEBUG_INTERP EQUAL 1) - set (WAMR_BUILD_FAST_INTERP 0) - set (WAMR_BUILD_MINI_LOADER 0) - set (WAMR_BUILD_SIMD 0) -endif () +include_directories(${LLVM_INCLUDE_DIRS}) +separate_arguments(LLVM_DEFINITIONS_LIST NATIVE_COMMAND ${LLVM_DEFINITIONS}) +add_definitions(${LLVM_DEFINITIONS_LIST}) -# sanitizer may use kHandleSignalExclusive to handle SIGSEGV -# like `UBSAN_OPTIONS=handle_segv=2:...` -set (WAMR_DISABLE_HW_BOUND_CHECK 1) -# Enable aot validator -set (WAMR_BUILD_AOT_VALIDATOR 1) +set(SHARED_DIR ${REPO_ROOT_DIR}/core/shared) +set(IWASM_DIR ${REPO_ROOT_DIR}/core/iwasm) -set (REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..) -message([ceith]:REPO_ROOT_DIR, ${REPO_ROOT_DIR}) - -set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") -set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") - -add_definitions(-DWAMR_USE_MEM_POOL=0 -DWASM_ENABLE_FUZZ_TEST=1) +# Global setting +add_compile_options(-Wno-unused-command-line-argument) # Enable fuzzer +add_definitions(-DWASM_ENABLE_FUZZ_TEST=1) add_compile_options(-fsanitize=fuzzer) add_link_options(-fsanitize=fuzzer) -# if not calling from oss-fuzz helper, enable all support sanitizers -# oss-fuzz will define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION in CFLAGS and CXXFLAGS +# Enable sanitizers if not in oss-fuzz environment set(CFLAGS_ENV $ENV{CFLAGS}) string(FIND "${CFLAGS_ENV}" "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" IN_OSS_FUZZ) -if (IN_OSS_FUZZ EQUAL -1) - message("[ceith]:Enable ASan and UBSan in non-oss-fuzz environment") - add_compile_options( - -fprofile-instr-generate -fcoverage-mapping - -fno-sanitize-recover=all - -fsanitize=address,undefined - # reference: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html - # -fsanitize=undefined: All of the checks listed above other than float-divide-by-zero, - # unsigned-integer-overflow, implicit-conversion, local-bounds and - # the nullability-* group of checks. - # - # for now, we disable below from UBSan - # -alignment - # -implicit-conversion - # - -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability - -fno-sanitize=alignment - ) - add_link_options(-fsanitize=address -fprofile-instr-generate) -endif () -include(${REPO_ROOT_DIR}/core/shared/utils/uncommon/shared_uncommon.cmake) -include(${REPO_ROOT_DIR}/build-scripts/runtime_lib.cmake) - -add_library(vmlib - ${WAMR_RUNTIME_LIB_SOURCE} -) - -add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc) -target_link_libraries(wasm_mutator_fuzz vmlib -lm) +add_subdirectory(aot-compiler) +add_subdirectory(wasm-mutator) diff --git a/tests/fuzz/wasm-mutator-fuzz/README.md b/tests/fuzz/wasm-mutator-fuzz/README.md index acf210ae4..09fd757be 100644 --- a/tests/fuzz/wasm-mutator-fuzz/README.md +++ b/tests/fuzz/wasm-mutator-fuzz/README.md @@ -1,44 +1,53 @@ # WAMR fuzz test framework -## install wasm-tools +## Install wasm-tools + +Download the release suitable for your specific platform from https://github.com/bytecodealliance/wasm-tools/releases/latest, unpack it, and add the executable wasm-tools to the `PATH`. Then, you should be able to verify that the installation was successful by using the following command: ```bash -1.git clone https://github.com/bytecodealliance/wasm-tools -$ cd wasm-tools -2.This project can be installed and compiled from source with this Cargo command: -$ cargo install wasm-tools -3.Installation can be confirmed with: $ wasm-tools --version -4.Subcommands can be explored with: +# Or learn subcommands with $ wasm-tools help ``` +## Install clang Toolchain + +Refer to: https://apt.llvm.org/ and ensure that you have clang installed. + +```bash +$ clang --version + +$ clang++ --version +``` + ## Build ```bash -mkdir build && cd build # Without custom mutator (libfuzzer modify the buffer randomly) -cmake .. -# TODO: TBC. `wasm-tools mutate` is not supported yet -# With custom mutator (wasm-tools mutate) -cmake .. -DCUSTOM_MUTATOR=1 -make -j$(nproc) +$ cmake -S . -B build -DCMAKE_TOOLCHAIN_FILE=./clang_toolchain.cmake -DLLVM_DIR=/lib/cmake/llvm + +# TBC: if `wasm-tools mutate` is supported or not +# Or With custom mutator (wasm-tools mutate) +$ cmake -S . -B build -DCMAKE_TOOLCHAIN_FILE=./clang_toolchain.cmake -DLLVM_DIR=/lib/cmake/llvm -DCUSTOM_MUTATOR=1 + +# Then +$ cmake --build build ``` ## Manually generate wasm file in build -```bash +````bash # wasm-tools smith generate some valid wasm file # The generated wasm file is in corpus_dir under build # N - Number of files to be generated -./smith_wasm.sh N +$ ./smith_wasm.sh N # running ``` bash -cd build -./wasm-mutate-fuzz CORPUS_DIR - -``` +$ ./build/wasm-mutator/wasm_mutator_fuzz ./build/CORPUS_DIR + +$ ./build/aot-compiler/aot_compiler_fuzz ./build/CORPUS_DIR +```` ## Fuzzing Server @@ -49,20 +58,20 @@ $ pip install -r requirements.txt 2. Database Migration $ python3 app/manager.py db init -$ python3 app/manager.py db migrate -$ python3 app/manager.py db upgrade +$ python3 app/manager.py db migrate +$ python3 app/manager.py db upgrade 3. Change localhost to your machine's IP address -$ cd ../portal +$ cd ../portal $ vim .env # Change localhost to your machine's IP address # http://:16667 4. Run Server and Portal $ cd .. # Switch to the original directory If you want to customize the front-end deployment port: # defaut 9999 - $ vim .env # Please change the portal_port to the port you want to use + $ vim .env # Please change the portal_port to the port you want to use The server is deployed on port 16667 by default, If you want to change the server deployment port: - $ vim .env # Please change the server_port to the port you want to use + $ vim .env # Please change the server_port to the port you want to use $ vim portal/.env # Please change the VITE_SERVER_URL to the port you want to use # http://ip: diff --git a/tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt b/tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt new file mode 100644 index 000000000..cf3caa16d --- /dev/null +++ b/tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt @@ -0,0 +1,164 @@ +# Copyright (C) 2025 Intel Corporation. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + +# Set default build options with the ability to override from the command line +if(NOT WAMR_BUILD_INTERP) + set(WAMR_BUILD_INTERP 1) +endif() + +set(WAMR_BUILD_WAMR_COMPILER 1) +set(WAMR_BUILD_AOT 1) +set(WAMR_BUILD_INTERP 1) +set(WAMR_BUILD_JIT 0) + +include(${SHARED_DIR}/platform/${WAMR_BUILD_PLATFORM}/shared_platform.cmake) +include(${SHARED_DIR}/mem-alloc/mem_alloc.cmake) +include(${SHARED_DIR}/utils/shared_utils.cmake) +include(${SHARED_DIR}/utils/uncommon/shared_uncommon.cmake) +include(${IWASM_DIR}/compilation/iwasm_compl.cmake) +include(${IWASM_DIR}/libraries/thread-mgr/thread_mgr.cmake) +include(${IWASM_DIR}/common/iwasm_common.cmake) +include(${IWASM_DIR}/common/gc/iwasm_gc.cmake) +include(${IWASM_DIR}/interpreter/iwasm_interp.cmake) +include(${IWASM_DIR}/aot/iwasm_aot.cmake) +include(${IWASM_DIR}/compilation/iwasm_compl.cmake) +include(${REPO_ROOT_DIR}/build-scripts/version.cmake) + +add_library(aotclib + ${PLATFORM_SHARED_SOURCE} + ${MEM_ALLOC_SHARED_SOURCE} + ${UTILS_SHARED_SOURCE} + ${UNCOMMON_SHARED_SOURCE} + ${THREAD_MGR_SOURCE} + ${IWASM_COMMON_SOURCE} + ${IWASM_INTERP_SOURCE} + ${IWASM_AOT_SOURCE} + ${IWASM_GC_SOURCE} + ${IWASM_COMPL_SOURCE} +) + +target_compile_definitions(aotclib + PUBLIC + -DWASM_ENABLE_WAMR_COMPILER=1 + -DWASM_ENABLE_FAST_INTERP=0 + -DWASM_ENABLE_INTERP=1 + -DWASM_ENABLE_BULK_MEMORY=1 + -DWASM_ENABLE_SHARED_MEMORY=1 + -DWASM_ENABLE_TAIL_CALL=1 + -DWASM_ENABLE_SIMD=1 + -DWASM_ENABLE_REF_TYPES=1 + -DWASM_ENABLE_MEMORY64=1 + -DWASM_ENABLE_GC=1 + -DWASM_ENABLE_CUSTOM_NAME_SECTION=1 + -DWASM_ENABLE_AOT_STACK_FRAME=1 + -DWASM_ENABLE_DUMP_CALL_STACK=1 + -DWASM_ENABLE_PERF_PROFILING=1 + -DWASM_ENABLE_LOAD_CUSTOM_SECTION=1 + -DWASM_ENABLE_THREAD_MGR=1 + ${LLVM_DEFINITIONS} +) + +target_include_directories(aotclib PUBLIC + ${IWASM_DIR}/include + ${SHARED_DIR}/include +) + +target_link_directories(aotclib PUBLIC ${LLVM_LIBRARY_DIR}) + +target_link_libraries(aotclib + PUBLIC + LLVMDemangle + LLVMSupport + LLVMTableGen + LLVMTableGenGlobalISel + LLVMCore + LLVMFuzzerCLI + LLVMFuzzMutate + LLVMFileCheck + LLVMInterfaceStub + LLVMIRReader + LLVMCodeGen + LLVMSelectionDAG + LLVMAsmPrinter + LLVMMIRParser + LLVMGlobalISel + LLVMBinaryFormat + LLVMBitReader + LLVMBitWriter + LLVMBitstreamReader + LLVMDWARFLinker + LLVMExtensions + LLVMFrontendOpenACC + LLVMFrontendOpenMP + LLVMTransformUtils + LLVMInstrumentation + LLVMAggressiveInstCombine + LLVMInstCombine + LLVMScalarOpts + LLVMipo + LLVMVectorize + LLVMObjCARCOpts + LLVMCoroutines + LLVMCFGuard + LLVMLinker + LLVMAnalysis + LLVMLTO + LLVMMC + LLVMMCParser + LLVMMCDisassembler + LLVMMCA + LLVMObjCopy + LLVMObject + LLVMObjectYAML + LLVMOption + LLVMRemarks + LLVMDebuginfod + LLVMDebugInfoDWARF + LLVMDebugInfoGSYM + LLVMDebugInfoMSF + LLVMDebugInfoCodeView + LLVMDebugInfoPDB + LLVMSymbolize + LLVMDWP + LLVMExecutionEngine + LLVMInterpreter + LLVMJITLink + LLVMMCJIT + LLVMOrcJIT + LLVMOrcShared + LLVMOrcTargetProcess + LLVMRuntimeDyld + LLVMTarget + LLVMX86CodeGen + LLVMX86AsmParser + LLVMX86Disassembler + LLVMX86TargetMCA + LLVMX86Desc + LLVMX86Info + LLVMAsmParser + LLVMLineEditor + LLVMProfileData + LLVMCoverage + LLVMPasses + LLVMTextAPI + LLVMDlltoolDriver + LLVMLibDriver + LLVMXRay + LLVMWindowsDriver + LLVMWindowsManifest +) + +if(NOT IN_OSS_FUZZ) + message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment") + target_compile_options(aotclib PUBLIC + -fprofile-instr-generate -fcoverage-mapping + -fno-sanitize-recover=all + -fsanitize=address,undefined + -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability + -fno-sanitize=alignment + ) + target_link_options(aotclib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate) +endif() + +add_executable(aot_compiler_fuzz aot_compiler_fuzz.cc) +target_link_libraries(aot_compiler_fuzz PRIVATE stdc++ aotclib) diff --git a/tests/fuzz/wasm-mutator-fuzz/aot-compiler/aot_compiler_fuzz.cc b/tests/fuzz/wasm-mutator-fuzz/aot-compiler/aot_compiler_fuzz.cc new file mode 100644 index 000000000..e758cd974 --- /dev/null +++ b/tests/fuzz/wasm-mutator-fuzz/aot-compiler/aot_compiler_fuzz.cc @@ -0,0 +1,85 @@ +// Copyright (C) 2025 Intel Corporation. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + +#include +#include +#include +#include +#include +#include + +#include "aot_export.h" +#include "wasm_export.h" +#include "bh_read_file.h" + +static void +handle_aot_recent_error(const char *tag) +{ + const char *error = aot_get_last_error(); + if (strlen(error) == 0) { + error = "UNKNOWN ERROR"; + } + + std::cout << tag << " " << error << std::endl; +} + +extern "C" int +LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) +{ + wasm_module_t module = NULL; + char error_buf[128] = { 0 }; + AOTCompOption option = { 0 }; + aot_comp_data_t comp_data = NULL; + aot_comp_context_t comp_ctx = NULL; + + /* libfuzzer don't allow to modify the given Data, so make a copy here */ + std::vector myData(Data, Data + Size); + + wasm_runtime_init(); + + module = wasm_runtime_load((uint8_t *)myData.data(), Size, error_buf, 120); + if (!module) { + std::cout << "[LOADING] " << error_buf << std::endl; + goto DESTROY_RUNTIME; + } + + // TODO: target_arch and other fields + option.target_arch = "x86_64"; + option.target_abi = "gnu"; + option.enable_bulk_memory = true; + option.enable_thread_mgr = true; + option.enable_tail_call = true; + option.enable_simd = true; + option.enable_ref_types = true; + option.enable_gc = true; + + comp_data = + aot_create_comp_data(module, option.target_arch, option.enable_gc); + if (!comp_data) { + handle_aot_recent_error("[CREATING comp_data]"); + goto UNLOAD_MODULE; + } + + comp_ctx = aot_create_comp_context(comp_data, &option); + if (!comp_ctx) { + handle_aot_recent_error("[CREATING comp_context]"); + goto DESTROY_COMP_DATA; + } + + if (!aot_compile_wasm(comp_ctx)) { + handle_aot_recent_error("[COMPILING]"); + goto DESTROY_COMP_CTX; + } + +DESTROY_COMP_CTX: + aot_destroy_comp_context(comp_ctx); +DESTROY_COMP_DATA: + aot_destroy_comp_data(comp_data); +UNLOAD_MODULE: + wasm_runtime_unload(module); +DESTROY_RUNTIME: + wasm_runtime_destroy(); + + /* Values other than 0 and -1 are reserved for future use. */ + return 0; +} diff --git a/tests/fuzz/wasm-mutator-fuzz/clang_toolchain.cmake b/tests/fuzz/wasm-mutator-fuzz/clang_toolchain.cmake new file mode 100644 index 000000000..d16a0b207 --- /dev/null +++ b/tests/fuzz/wasm-mutator-fuzz/clang_toolchain.cmake @@ -0,0 +1,29 @@ +# Copyright (C) 2025 Intel Corporation. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + +# Check for Clang C compiler +find_program(CLANG_C_COMPILER NAMES clang) +if(NOT CLANG_C_COMPILER) + message(FATAL_ERROR "Clang C compiler not found. Please install Clang.") +else() + message(STATUS "Clang C compiler found: ${CLANG_C_COMPILER}") + set(CMAKE_C_COMPILER ${CLANG_C_COMPILER}) +endif() + +# Check for Clang C++ compiler +find_program(CLANG_CXX_COMPILER NAMES clang++) +if(NOT CLANG_CXX_COMPILER) + message(FATAL_ERROR "Clang C++ compiler not found. Please install Clang.") +else() + message(STATUS "Clang C++ compiler found: ${CLANG_CXX_COMPILER}") + set(CMAKE_CXX_COMPILER ${CLANG_CXX_COMPILER}) +endif() + +# Check for Clang assembler +find_program(CLANG_ASM_COMPILER NAMES clang) +if(NOT CLANG_ASM_COMPILER) + message(FATAL_ERROR "Clang assembler not found. Please install Clang.") +else() + message(STATUS "Clang assembler found: ${CLANG_ASM_COMPILER}") + set(CMAKE_ASM_COMPILER ${CLANG_ASM_COMPILER}) +endif() diff --git a/tests/fuzz/wasm-mutator-fuzz/wasm-mutator/CMakeLists.txt b/tests/fuzz/wasm-mutator-fuzz/wasm-mutator/CMakeLists.txt new file mode 100644 index 000000000..1e12be3a7 --- /dev/null +++ b/tests/fuzz/wasm-mutator-fuzz/wasm-mutator/CMakeLists.txt @@ -0,0 +1,70 @@ +# Copyright (C) 2025 Intel Corporation. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + +if(CUSTOM_MUTATOR EQUAL 1) + add_compile_definitions(CUSTOM_MUTATOR) +endif() + +# Set default build options with the ability to override from the command line +if(NOT WAMR_BUILD_INTERP) + set(WAMR_BUILD_INTERP 1) +endif() + +if(NOT WAMR_BUILD_AOT) + set(WAMR_BUILD_AOT 1) +endif() + +if(NOT WAMR_BUILD_JIT) + set(WAMR_BUILD_JIT 0) +endif() + +if(NOT WAMR_BUILD_LIBC_BUILTIN) + set(WAMR_BUILD_LIBC_BUILTIN 0) +endif() + +if(NOT WAMR_BUILD_LIBC_WASI) + set(WAMR_BUILD_LIBC_WASI 1) +endif() + +if(NOT WAMR_BUILD_FAST_INTERP) + set(WAMR_BUILD_FAST_INTERP 1) +endif() + +if(NOT WAMR_BUILD_MULTI_MODULE) + set(WAMR_BUILD_MULTI_MODULE 0) +endif() + +if(NOT WAMR_BUILD_LIB_PTHREAD) + set(WAMR_BUILD_LIB_PTHREAD 0) +endif() + +if(NOT WAMR_BUILD_MINI_LOADER) + set(WAMR_BUILD_MINI_LOADER 0) +endif() + +set(WAMR_BUILD_SIMD 1) +set(WAMR_BUILD_REF_TYPES 1) +set(WAMR_BUILD_GC 1) + +include(${REPO_ROOT_DIR}/build-scripts/runtime_lib.cmake) +include(${REPO_ROOT_DIR}/core/shared/utils/uncommon/shared_uncommon.cmake) + +add_library(vmlib ${WAMR_RUNTIME_LIB_SOURCE}) +target_include_directories(vmlib PUBLIC ${RUNTIME_LIB_HEADER_LIST}) +target_link_directories(vmlib PUBLIC ${RUNTIME_LIB_LINK_LIST}) +target_link_libraries(vmlib PUBLIC ${LLVM_AVAILABLE_LIBS}) + +add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc) +target_link_libraries(wasm_mutator_fuzz PRIVATE vmlib m) + +if(NOT IN_OSS_FUZZ) + message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment") + target_compile_options(vmlib PUBLIC + -fprofile-instr-generate -fcoverage-mapping + -fno-sanitize-recover=all + -fsanitize=address,undefined + -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability + -fno-sanitize=alignment + ) + target_link_options(vmlib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate) +endif() diff --git a/tests/fuzz/wasm-mutator-fuzz/wasm_mutator_fuzz.cc b/tests/fuzz/wasm-mutator-fuzz/wasm-mutator/wasm_mutator_fuzz.cc similarity index 100% rename from tests/fuzz/wasm-mutator-fuzz/wasm_mutator_fuzz.cc rename to tests/fuzz/wasm-mutator-fuzz/wasm-mutator/wasm_mutator_fuzz.cc