From 7b4bc1c9e869f1e2d1a95104df2def44a239c260 Mon Sep 17 00:00:00 2001 From: Sergey Pepyakin Date: Sat, 24 Feb 2018 15:21:36 +0300 Subject: [PATCH] Impl hfuzz --- hfuzz/Cargo.toml | 3 ++- hfuzz/src/lib.rs | 7 ----- hfuzz/src/main.rs | 65 ++++++++++++++++++++++++++++++++++++----------- hfuzz/test.sh | 5 ++++ 4 files changed, 57 insertions(+), 23 deletions(-) delete mode 100644 hfuzz/src/lib.rs create mode 100755 hfuzz/test.sh diff --git a/hfuzz/Cargo.toml b/hfuzz/Cargo.toml index d79e9bd..8226f93 100644 --- a/hfuzz/Cargo.toml +++ b/hfuzz/Cargo.toml @@ -6,4 +6,5 @@ authors = ["Sergey Pepyakin "] [dependencies] honggfuzz = "0.5" wasmi = { path = ".." } - +tempdir = "0.3.6" +wabt = "0.2.0" diff --git a/hfuzz/src/lib.rs b/hfuzz/src/lib.rs deleted file mode 100644 index 31e1bb2..0000000 --- a/hfuzz/src/lib.rs +++ /dev/null @@ -1,7 +0,0 @@ -#[cfg(test)] -mod tests { - #[test] - fn it_works() { - assert_eq!(2 + 2, 4); - } -} diff --git a/hfuzz/src/main.rs b/hfuzz/src/main.rs index da4d3f6..cd00346 100644 --- a/hfuzz/src/main.rs +++ b/hfuzz/src/main.rs @@ -1,21 +1,56 @@ #[macro_use] extern crate honggfuzz; -fn main() { - // Here you can parse `std::env::args and - // setup / initialize your project +extern crate wabt; +extern crate wasmi; +extern crate tempdir; - // You have full control over the loop but - // you're supposed to call `fuzz` ad vitam aeternam - loop { - // The fuzz macro gives an arbitrary object (see `arbitrary crate`) - // to a closure-like block of code. - // For performance reasons, it is recommended that you use the native type - // `&[u8]` when possible. - // Here, this slice will contain a "random" quantity of "random" data. - fuzz!(|data: &[u8]| { - }); - } +use std::fs::File; +use std::io::Write; +use std::process::{Command, Stdio}; - +fn run_spec(data: &[u8]) -> Result<(), ()> { + let temp_dir = tempdir::TempDir::new("spec").unwrap(); + let mut seed_path = temp_dir.path().to_path_buf(); + seed_path.push("test.wasm"); + + { + let mut seedfile = + File::create(&seed_path).expect("open temporary file for writing to store fuzzer input"); + seedfile.write_all(data).expect( + "write fuzzer input to temporary file", + ); + seedfile.flush().expect( + "flush fuzzer input to temporary file before starting wasm-opt", + ); + } + + let exit_status = Command::new("wasm") + .arg("-d") + .arg(&seed_path) + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .status() + .expect("failed to execute `wasm`"); + + if exit_status.success() { + Ok(()) + } else { + Err(()) + } } +fn run_wasmi(data: &[u8]) -> Result<(), ()> { + let _ = wasmi::Module::from_buffer(data).map_err(|_| ())?; + Ok(()) +} + +fn main() { + loop { + fuzz!(|data: &[u8]| { + let wasmi_result = run_wasmi(data); + let wasm_result = run_spec(data); + + assert_eq!(wasmi_result.is_ok(), wasm_result.is_ok()); + }); + } +} diff --git a/hfuzz/test.sh b/hfuzz/test.sh new file mode 100755 index 0000000..eab042b --- /dev/null +++ b/hfuzz/test.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +export HFUZZ_RUN_ARGS="--max_file_size 2048" + +rustup run nightly cargo hfuzz run hfuzz