-
Notifications
You must be signed in to change notification settings - Fork 646
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fuzzing] execute every exported function #3959
base: main
Are you sure you want to change the base?
Conversation
4042677
to
c4e6caa
Compare
…nd random value generation
…ion and ensure termination in WASM shape
…nt logging in execution
c4e6caa
to
59b1581
Compare
for a similar fuzzier (https://github.com/yamt/toywasm/tree/master/examples/fuzz) |
May I ask the negative consequences of executing too many functions? |
it takes very long. practically ~forever. |
Just FYI: If the issue is due to an infinite loop, the |
does the fuel thing "accumulate" among function calls? |
IIUC, yes. |
pre_defined_val(wasm_valkind_t kind) | ||
{ | ||
if (kind == WASM_I32) { | ||
return wasm_val_t{ .kind = WASM_I32, .of = { .i32 = 2025 } }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be better to generate random value to cover more value range?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😄 It makes it easier to replicate the issue that led to the failure. In a fuzzing issue report, you typically only get the error information generated by XSAN, with no accompanying logs. Using random values as function parameters can make it challenging to identify the exact combination that triggered the problem.
🤔 Additionally, I'm looking for a way to run opcodes with random operands. It appears to be a variant of the LLVMFuzzerTestOneInput()
function. Perhaps I should create a new test LLVMFuzzerTestOneInput()
to execute each opcode individually, allowing the fuzzer to supply random operands.
after #3984