Skip to content

Update some fuzzing defaults and infrastructure#1793

Merged
alexcrichton merged 2 commits intobytecodealliance:mainfrom
alexcrichton:fuzz-fixes
Sep 17, 2024
Merged

Update some fuzzing defaults and infrastructure#1793
alexcrichton merged 2 commits intobytecodealliance:mainfrom
alexcrichton:fuzz-fixes

Conversation

@alexcrichton
Copy link
Member

@alexcrichton alexcrichton commented Sep 17, 2024

  • Update wasm_smith::Config to default-enable some stage4+ proposals: exceptions, gc, reference_types, relaxed_simd, simd, tail_call, threads. These can still all be disabled via configuration and CLI flags.
  • All stage4+ proposals are now swarm-enabled through Arbitrary for Config
  • Default generation of modules in wasm-tools's own fuzzing no longer special-cases these proposals since they're all already handled.
  • The WasmFeatures used for validating fuzz-generated modules now starts with a minimal baseline set of features to ensure that all proposals are disabled in the validator if the corresponding wasm-smith configuration flag is disabled.
  • The wasm-mutate crate was updated to return errors instead of panicking for unsupported wasm proposals. All wasm proposals are now enabled when passing to wasm-mutate.

The primary motivation for this commit was this last point where I'm seeing panics on OSS-Fuzz for Wasmtime using wasm-mutate as a mutation hook because wasm-mutate is panicking on some GC types. When fixing that I noticed other fuzz-related things I wanted to clean up while I was here.

@alexcrichton
Update some fuzzing defaults and infrastructure
09d1606 
* Update `wasm_smith::Config` to default-enable some stage4+ proposals:
  `exceptions`, `gc`, `reference_types`, `relaxed_simd`, `simd`,
  `tail_call`, `threads`. These can still all be disabled via
  configuration and CLI flags.
* All stage4+ proposals are now swarm-enabled through
  `Arbitrary for Config`
* Default generation of modules in wasm-tools's own fuzzing no longer
  special-cases these proposals since they're all already handled.
* The `WasmFeatures` used for validating fuzz-generated modules now
  starts with a minimal baseline set of features to ensure that all
  proposals are disabled in the validator if the corresponding
  wasm-smith configuration flag is disabled.
* The `wasm-mutate` crate was updated to return errors instead of
  panicking for unsupported wasm proposals. All wasm proposals are now
  enabled when passing to `wasm-mutate`.

The primary motivation for this commit was this last point where I'm
seeing panics on OSS-Fuzz for Wasmtime using `wasm-mutate` as a mutation
hook because `wasm-mutate` is panicking on some GC types. When fixing
that I noticed other fuzz-related things I wanted to clean up while I
was here.
fitzgen
fitzgen approved these changes Sep 17, 2024
View reviewed changes
Copy link
Member

@fitzgen fitzgen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@fitzgen fitzgen enabled auto-merge September 17, 2024 21:32
@alexcrichton alexcrichton added this pull request to the merge queue Sep 17, 2024
Merged via the queue into bytecodealliance:main with commit ebd4b68 Sep 17, 2024
@alexcrichton alexcrichton deleted the fuzz-fixes branch September 17, 2024 22:48
@alexcrichton alexcrichton mentioned this pull request Apr 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fitzgen fitzgen fitzgen approved these changes

Assignees

@fitzgen fitzgen

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexcrichton @fitzgen