CI: Add fuzzing (#670)

* add fuzzing to CI * fix fuzz CI job * only do 2 minutes of fuzzing per run * run 2 fuzz workers * add translation fuzz test with fuel metering codegen
wasmi-labs · Feb 12, 2023 · 40182b6 · 40182b6
1 parent 67253b2
commit 40182b6
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 0 deletions.
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -194,6 +194,46 @@ jobs:
           command: udeps
           args: --all-targets
 
+  fuzz:
+    name: Fuzzing
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+          override: true
+      - name: Set up Cargo cache
+        uses: actions/cache@v3
+        continue-on-error: false
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-fuzz-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-fuzz-
+      - name: Checkout Submodules
+        run: git submodule update --init --recursive
+      - name: Install cargo-fuzz
+        run: |
+          # Note: We use `|| true` because cargo install returns an error
+          #       if cargo-udeps was already installed on the CI runner.
+          cargo install --locked cargo-fuzz || true
+      - name: Fuzz Translate
+        uses: actions-rs/cargo@v1
+        with:
+          command: fuzz
+          args: run translate -j 2 -- -max_total_time=60 # 1 minute of fuzzing
+      - name: Fuzz Translate (metered)
+        uses: actions-rs/cargo@v1
+        with:
+          command: fuzz
+          args: run translate -j 2 -- -max_total_time=60 # 1 minute of fuzzing
+
   miri:
     name: Miri
     runs-on: ubuntu-latest

diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -24,3 +24,9 @@ name = "translate"
 path = "fuzz_targets/translate.rs"
 test = false
 doc = false
+
+[[bin]]
+name = "translate_metered"
+path = "fuzz_targets/translate_metered.rs"
+test = false
+doc = false
diff --git a/fuzz/fuzz_targets/translate_metered.rs b/fuzz/fuzz_targets/translate_metered.rs
@@ -0,0 +1,11 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+use wasmi::{Engine, Module, Config};
+
+fuzz_target!(|data: wasm_smith::Module| {
+    let wasm = data.to_bytes();
+    let mut config = Config::default();
+    config.consume_fuel(true);
+    let engine = Engine::new(&config);
+    Module::new(&engine, &mut &wasm[..]).unwrap();
+});