This document describes how to fuzz cranelift with cargo-fuzz
. The fuzz targets use wasm-opt
from binaryen-rs
to generate valid WebAssembly modules from the fuzzed input supplied by cargo-fuzz
(via libfuzzer). In this scheme coverage feedback from both cranelift and the wasm-opt
input generation code is used to inform the fuzzer.
- Install all dependencies required to build
binaryen-rs
andcargo-fuzz
(includingcmake
) - Use the rust nightly toolchain (required by
cargo-fuzz
):rustup override set nightly
- Execute the fuzz target:
cargo fuzz run fuzz_translate_module