Expand description
Oracles.
Oracles take a test case and determine whether we have a bug. For example, one of the simplest oracles is to take a Wasm binary as our input test case, validate and instantiate it, and (implicitly) check that no assertions failed or segfaults happened. A more complicated oracle might compare the result of executing a Wasm file with and without optimizations enabled, and make sure that the two executions are observably identical.
When an oracle finds a bug, it should report it to the fuzzing engine by panicking.
Modules§
- diff_
spec - Evaluate an exported Wasm function using the WebAssembly specification reference interpreter.
- diff_
wasmi - Evaluate an exported Wasm function using the wasmi interpreter.
- diff_
wasmtime - Evaluate an exported Wasm function using Wasmtime.
- dummy
- Dummy implementations of things that a Wasm module can import.
- engine
- Define the interface for differential evaluation of Wasm functions.
- memory
- Oracles related to memory.
Structs§
- Store
Limits - The
TinStore<T>for fuzzing stores, used to limit resource consumption during fuzzing.
Enums§
- Command
- Represents supported commands to the
instantiate_manyfunction. - Diff
EqResult - Result of comparing the result of two operations during differential execution.
- Timeout
- Methods of timing out execution of a WebAssembly module
Functions§
- call_
async - Instantiates a wasm module and runs its exports with dummy values, all in an async fashion.
- check_
stacks - Run the given
Stackstest case and assert that the host’s view of the Wasm stack matches the test case’s understanding of the Wasm stack. - differential
- Evaluate the function identified by
namein two different engine instances–lhsandrhs. - dynamic_
component_ api_ target - Generate and execute a
crate::generators::component_types::TestCaseusing the specifiedinputto create arbitrary types and values. - instantiate
- Instantiate the Wasm buffer, and implicitly fail if we have an unexpected panic or segfault or anything else that can be detected “passively”.
- instantiate_
many - Instantiates many instances from the given modules.
- instantiate_
with_ dummy - Create a Wasmtime [
Instance] from a [Module] and fill in all imports with dummy values (e.g., zeroed values, immediately-trapping functions). Also, this function catches certain fuzz-related instantiation failures and returnsNoneinstead of panicking. - log_
wasm - Logs a wasm file to the filesystem to make it easy to figure out what wasm was used when debugging.
- make_
api_ calls - Invoke the given API calls.
- table_
ops - Execute a series of
table.getandtable.setoperations. - wast_
test - Executes the wast
testwith theconfigspecified.