File: README.md

package info (click to toggle)
swiftlang 6.2.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,856,264 kB
  • sloc: cpp: 9,995,718; ansic: 2,234,019; asm: 1,092,167; python: 313,940; objc: 82,726; f90: 80,126; lisp: 38,373; pascal: 25,580; sh: 20,378; ml: 5,058; perl: 4,751; makefile: 4,725; awk: 3,535; javascript: 3,018; xml: 918; fortran: 664; cs: 573; ruby: 396
file content (59 lines) | stat: -rw-r--r-- 2,188 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# Fuzz Testing

This subdirectory contains some [libFuzzer](https://www.llvm.org/docs/LibFuzzer.html) fuzzing targets for WasmKit.

> [!WARNING]
> libFuzzer does not work with the latest Swift runtime library on macOS for some reason. Run the fuzzing targets on Linux for now.

## Requirements

- [Open Source Swift Toolchain](https://swift.org/install) - Xcode toolchain does not contain fuzzing support, so you need to install the open source toolchain.
- [wasm-tools](https://github.com/bytecodealliance/wasm-tools) - Required to generate random seed corpora

## libFuzzer-based Fuzzing Targets

### Running the Fuzzing Targets

1. Generate seed corpora for the fuzzing targets:
    ```sh
    ./fuzz.py seed
    ```
2. Run the fuzzing targets, where `<target>` is one of the fuzzing targets available in `./Sources` directory:
    ```sh
    ./fuzz.py run <target>
    ```
3. Once the fuzzer finds a crash, it will generate a test case in the `FailCases/<target>` directory.


### Reproducing Crashes

To reproduce a crash found by the fuzzer

1. Build the fuzzer executable:
    ```sh
    ./fuzz.py build <target>
    ```
2. Run the fuzzer executable with the test case:
    ```sh
    ./.build/debug/<target> <testcase>
    ```

## Differential Testing

Generate a Wasm module with termination ensured by `wasm-tools smith` and check if WasmKit and another reference engine (e.g. Wasmtime) agree on the same result and the same memory state.

1. Build the differential testing tool:
    ```sh
    # Download and extract the Wasmtime C API library
    mkdir -p .build/libwasmtime && \
      curl -L https://github.com/bytecodealliance/wasmtime/releases/download/v23.0.2/wasmtime-v23.0.2-x86_64-linux-c-api.tar.xz -o - | \
      tar xJ --strip-component=1 -C ./.build/libwasmtime
    # Build the differential testing tool with libwasmtime
    swift build -Xlinker -L./.build/libwasmtime/lib -Xlinker -l:libwasmtime.a --product FuzzDifferential
    ```
    You can use any other reference engine implementing the [Wasm C API](https://github.com/WebAssembly/wasm-c-api) by replacing the `libwasmtime` library.

2. Run the differential testing tool:
    ```sh
    ./differential.py
    ```