gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2026-03-14 15:48:46 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
9d1dc3e4d2
wasm-micro-runtime/tests/fuzz/wasm-mutator-fuzz
History
liang.he 9e4aa9c850
fuzzing: reject non-wasm files quickly and execute aot after compilation (#4780) 
* fix: disable unsigned integer overflow sanitization in build configurations

FYI: from https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

`-fsanitize=unsigned-integer-overflow`: Unsigned integer overflow, where the result of an unsigned integer computation cannot be represented in its type. Unlike signed integer overflow, this is not undefined behavior, but it is often unintentional. This sanitizer does not check for lossy implicit conversions performed before such a computation.

It brings a more common question: which is better, pre-additional-check or post-additional-check to fix a potential unsigned integer overflow? A pre-additional-check involves using a check to prevent integer overflow from the very beginning. A post-additional-check involves using a check after addition to see if there is an overflow.

In this project, post-additional-checking is widely used. let's follow the routine.

for performance sensitive logic, use __builtin_add_overflow etc. provide something like 9a5622791e/lib/platform.h (L176-L191) and encourage the use of them.

ref. https://github.com/bytecodealliance/wasm-micro-runtime/pull/4549#issuecomment-3218687294

* fix: update AOT compiler configuration and enhance error handling in fuzz tests
2026-03-09 18:24:43 -07:00
..
aot-compiler fuzzing: reject non-wasm files quickly and execute aot after compilation (#4780) 2026-03-09 18:24:43 -07:00
common fuzzing: reject non-wasm files quickly and execute aot after compilation (#4780) 2026-03-09 18:24:43 -07:00
wasm-mutator fuzzing: reject non-wasm files quickly and execute aot after compilation (#4780) 2026-03-09 18:24:43 -07:00
.env Add wasm-mutator-fuzz test (#3420) 2024-05-21 12:01:13 +08:00
.gitignore Add wasm-mutator-fuzz test (#3420) 2024-05-21 12:01:13 +08:00
clang_toolchain.cmake feat(fuzz): add a new fuzzing target about aot compiler (#4121) 2025-04-28 21:44:04 +08:00
CMakeLists.txt fix: disable unsigned integer overflow sanitization (#4785) 2026-01-22 05:40:52 -08:00
README.md Remove local fuzzing server (#4729) 2025-11-25 21:02:10 +08:00
sanitizer_flags.cmake fuzzing: reject non-wasm files quickly and execute aot after compilation (#4780) 2026-03-09 18:24:43 -07:00
smith_wasm.sh update wasm-tool smith generation parameters for improved testing (#4779) 2026-01-07 11:26:27 +08:00

README.md

WAMR fuzz test framework

Install wasm-tools

Download the release suitable for your specific platform from https://github.com/bytecodealliance/wasm-tools/releases/latest, unpack it, and add the executable wasm-tools to the PATH. Then, you should be able to verify that the installation was successful by using the following command:

$ wasm-tools --version
# Or learn subcommands with
$ wasm-tools help

Install clang Toolchain

Refer to: https://apt.llvm.org/ and ensure that you have clang installed.

$ clang --version

$ clang++ --version

Build

# Without custom mutator (libfuzzer modify the buffer randomly)
$ cmake -S . -B build -DCMAKE_TOOLCHAIN_FILE=./clang_toolchain.cmake -DLLVM_DIR=<llvm_install_dir>/lib/cmake/llvm

# TBC: if `wasm-tools mutate` is supported or not
# Or With custom mutator (wasm-tools mutate)
$ cmake -S . -B build -DCMAKE_TOOLCHAIN_FILE=./clang_toolchain.cmake -DLLVM_DIR=<llvm_install_dir>/lib/cmake/llvm -DCUSTOM_MUTATOR=1

# Then
$ cmake --build build

Manually generate wasm file in build

# wasm-tools smith generate some valid wasm file
# The generated wasm file is in corpus_dir under build
# N - Number of files to be generated
$ ./smith_wasm.sh N

# running
``` bash
$ ./build/wasm-mutator/wasm_mutator_fuzz ./build/CORPUS_DIR

$ ./build/aot-compiler/aot_compiler_fuzz ./build/CORPUS_DIR