Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement fuzz testing for Wasm execution #419

Closed
Robbepop opened this issue Aug 27, 2022 · 2 comments · Fixed by #833
Closed

Implement fuzz testing for Wasm execution #419

Robbepop opened this issue Aug 27, 2022 · 2 comments · Fixed by #833
Assignees
@Robbepop
Labels
enhancement New feature or request priority-high register-machine A work item for the register-machine engine.

Comments

@Robbepop
Copy link
Member

We currently have a very naive fuzz testing infrastructure for wasmi that works and already found bugs.
However, this fuzz testing infrastructure currently only tests Wasm parsing, validation and Wasm to wasmi bytecode translation but does not cover the important Wasm execution phase.

For this we require another Wasm engine that runs on the same Wasm inputs as wasmi. After each run we compare the state of the virtual machines (globals, linear memories, execution results, etc.) and see if they match. Divergent states indicate differences in execution behavior and therefore a bug on one side or the other.

The other engine should have a very strong focus on correctness and Wasm conformance. Nothing could beat the official Wasm spec interpreter in this regard.
Rust bindings for the official Wasm spec interpreter already exist but there currently has not been a public release on crates.io.

Once the official Wasm spec interpreter has been released on crates.io we can make use of it in a similar manner as done in Wasmtime.
@Robbepop Robbepop added enhancement New feature or request wasmi-v1 labels Aug 27, 2022
@Robbepop Robbepop mentioned this issue Aug 29, 2022
Closed
7 tasks
@Robbepop Robbepop removed the wasmi-v1 label Oct 25, 2022
@Robbepop
Copy link
Member Author

Robbepop commented Dec 2, 2023

Ideally we want two different fuzzing strategies to fuzz wasmi execution:

  1. Fuzzing execution for the register-machine wasmi engine.
    • This one just guards against unwanted panics at execution time.
  2. Differential fuzzing against the stack-machine wasmi engine.
    • This one asserts that executions between the stack-machine and register-machine wasmi engines are the same.

@Robbepop Robbepop added register-machine A work item for the register-machine engine. priority-high labels Dec 2, 2023
@Robbepop
Copy link
Member Author

Robbepop commented Dec 4, 2023

This PR (#832) implements execution fuzzing for wasmi.

@Robbepop Robbepop mentioned this issue Dec 4, 2023
Merged
@Robbepop Robbepop self-assigned this Dec 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Robbepop Robbepop

Labels
enhancement New feature or request priority-high register-machine A work item for the register-machine engine.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add differential fuzzing wasmi-labs/wasmi
1 participant
@Robbepop