File: instantiate.rs

package info (click to toggle)
rust-wasmtime 26.0.1%2Bdfsg-3
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 48,492 kB
  • sloc: ansic: 4,003; sh: 561; javascript: 542; cpp: 254; asm: 175; ml: 96; makefile: 55
file content (79 lines) | stat: -rw-r--r-- 2,537 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
#![no_main]

use libfuzzer_sys::arbitrary::{Arbitrary, Result, Unstructured};
use wasmtime_fuzzing::generators::Config;
use wasmtime_fuzzing::oracles::{instantiate, Timeout};
use wasmtime_fuzzing::single_module_fuzzer::KnownValid;

wasmtime_fuzzing::single_module_fuzzer!(execute gen_module);

#[derive(Debug)]
struct InstantiateInput {
    config: Config,
    timeout: Timeout,
}

impl<'a> Arbitrary<'a> for InstantiateInput {
    fn arbitrary(u: &mut Unstructured<'a>) -> Result<Self> {
        let mut config: Config = u.arbitrary()?;

        // Pick either fuel, duration-based, or module-based timeout. Note that
        // the module-based timeout is implemented with wasm-smith's
        // `ensure_termination` option.
        let timeout = if u.arbitrary()? {
            config.generate_timeout(u)?
        } else {
            Timeout::None
        };

        Ok(InstantiateInput { config, timeout })
    }
}

fn execute(
    module: &[u8],
    known_valid: KnownValid,
    mut input: InstantiateInput,
    u: &mut Unstructured<'_>,
) -> Result<()> {
    let timeout = match input.timeout {
        // If the input module isn't a "known valid" module then it can't be
        // relied on self-regulating itself, so force a timeout via epochs/fuel
        // in the configuration.
        Timeout::None if known_valid == KnownValid::No => input.config.generate_timeout(u)?,
        other => other,
    };
    instantiate(module, known_valid, &input.config, timeout);
    Ok(())
}

fn gen_module(
    input: &mut InstantiateInput,
    u: &mut Unstructured<'_>,
) -> Result<(Vec<u8>, KnownValid)> {
    // With a small-ish chance take raw fuzz input and put it in the module to
    // stress module compilation/validation. In such a situation we can't use
    // `ensure_termination` in wasm-smith so list the timeout as `None` to time
    // out via epochs or Wasmtime-level fuel.
    //
    // Otherwise though if no timeout is configured use wasm-smith fuel to
    // ensure termination.
    let allow_invalid_funcs = u.ratio(1, 10)?;

    let default_fuel = if allow_invalid_funcs {
        input.config.module_config.config.allow_invalid_funcs = true;
        input.timeout = Timeout::None;
        None
    } else if let Timeout::None = input.timeout {
        Some(1000)
    } else {
        None
    };
    let module = input.config.generate(u, default_fuel)?;
    let known_valid = if allow_invalid_funcs {
        KnownValid::No
    } else {
        KnownValid::Yes
    };
    Ok((module.to_bytes(), known_valid))
}