Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
bytecodealliance
GitHub Repository: bytecodealliance/wasmtime
 Path: blob/main/crates/fuzzing/src/generators/module.rs
1693 views
1
//! Generate a Wasm module and the configuration for generating it.

2


3
use arbitrary::{Arbitrary, Unstructured};

4
use std::sync::atomic::{AtomicUsize, Ordering::Relaxed};

5


6
/// Default module-level configuration for fuzzing Wasmtime.

7
///

8
/// Internally this uses `wasm-smith`'s own `Config` but we further refine

9
/// the defaults here as well.

10
#[derive(Debug, Clone)]

11
#[expect(missing_docs, reason = "self-describing fields")]

12
pub struct ModuleConfig {

13
    pub config: wasm_smith::Config,

14


15
    // These knobs aren't exposed in `wasm-smith` at this time but are exposed

16
    // in our `*.wast` testing so keep knobs here so they can be read during

17
    // config-to-`wasmtime::Config` translation.

18
    pub function_references_enabled: bool,

19
    pub component_model_async: bool,

20
    pub component_model_async_builtins: bool,

21
    pub component_model_async_stackful: bool,

22
    pub component_model_error_context: bool,

23
    pub component_model_gc: bool,

24
    pub legacy_exceptions: bool,

25
}

26


27
impl<'a> Arbitrary<'a> for ModuleConfig {

28
    fn arbitrary(u: &mut Unstructured<'a>) -> arbitrary::Result<ModuleConfig> {

29
        let mut config = wasm_smith::Config::arbitrary(u)?;

30


31
        // This list is intended to be the definitive source of truth for

32
        // what's at least possible to fuzz within Wasmtime. This is a

33
        // combination of features in `wasm-smith` where some proposals are

34
        // on-by-default (as determined by fuzz input) and others are

35
        // off-by-default (as they aren't stage4+). Wasmtime will default-fuzz

36
        // proposals that a pre-stage-4 to test our own implementation. Wasmtime

37
        // might also unconditionally disable proposals that it doesn't

38
        // implement yet which are stage4+. This is intended to be an exhaustive

39
        // list of all the wasm proposals that `wasm-smith` supports and the

40
        // fuzzing status within Wasmtime too.

41
        let _ = config.multi_value_enabled;

42
        let _ = config.saturating_float_to_int_enabled;

43
        let _ = config.sign_extension_ops_enabled;

44
        let _ = config.bulk_memory_enabled;

45
        let _ = config.reference_types_enabled;

46
        let _ = config.simd_enabled;

47
        let _ = config.relaxed_simd_enabled;

48
        let _ = config.tail_call_enabled;

49
        let _ = config.extended_const_enabled;

50
        let _ = config.gc_enabled;

51
        let _ = config.exceptions_enabled;

52
        config.custom_page_sizes_enabled = u.arbitrary()?;

53
        config.wide_arithmetic_enabled = u.arbitrary()?;

54
        config.memory64_enabled = u.ratio(1, 20)?;

55
        config.threads_enabled = u.ratio(1, 20)?;

56
        // Allow multi-memory but make it unlikely

57
        if u.ratio(1, 20)? {

58
            config.max_memories = config.max_memories.max(2);

59
        } else {

60
            config.max_memories = 1;

61
        }

62
        // ... NB: if you add something above this line please be sure to update

63
        // `docs/stability-wasm-proposals.md`

64


65
        // We get better differential execution when we disallow traps, so we'll

66
        // do that most of the time.

67
        config.disallow_traps = u.ratio(9, 10)?;

68


69
        Ok(ModuleConfig {

70
            component_model_async: false,

71
            component_model_async_builtins: false,

72
            component_model_async_stackful: false,

73
            component_model_error_context: false,

74
            component_model_gc: false,

75
            legacy_exceptions: false,

76
            function_references_enabled: config.gc_enabled,

77
            config,

78
        })

79
    }

80
}

81


82
impl ModuleConfig {

83
    /// Uses this configuration and the supplied source of data to generate a

84
    /// Wasm module.

85
    ///

86
    /// If a `default_fuel` is provided, the resulting module will be configured

87
    /// to ensure termination; as doing so will add an additional global to the

88
    /// module, the pooling allocator, if configured, must also have its globals

89
    /// limit updated.

90
    pub fn generate(

91
        &self,

92
        input: &mut Unstructured<'_>,

93
        default_fuel: Option<u32>,

94
    ) -> arbitrary::Result<wasm_smith::Module> {

95
        crate::init_fuzzing();

96


97
        // If requested, save `*.{dna,json}` files for recreating this module

98
        // in wasm-tools alone.

99
        let input_before = if log::log_enabled!(log::Level::Debug) {

100
            let len = input.len();

101
            Some(input.peek_bytes(len).unwrap().to_vec())

102
        } else {

103
            None

104
        };

105


106
        let mut module = wasm_smith::Module::new(self.config.clone(), input)?;

107


108
        if let Some(before) = input_before {

109
            static GEN_CNT: AtomicUsize = AtomicUsize::new(0);

110
            let used = before.len() - input.len();

111
            let i = GEN_CNT.fetch_add(1, Relaxed);

112
            let dna = format!("testcase{i}.dna");

113
            let config = format!("testcase{i}.json");

114
            log::debug!("writing `{dna}` and `{config}`");

115
            std::fs::write(&dna, &before[..used]).unwrap();

116
            std::fs::write(&config, serde_json::to_string_pretty(&self.config).unwrap()).unwrap();

117
        }

118


119
        if let Some(default_fuel) = default_fuel {

120
            module.ensure_termination(default_fuel).unwrap();

121
        }

122


123
        Ok(module)

124
    }

125
}

126


127