From 40182b6699607e857afbf9d15940307ea1ac457a Mon Sep 17 00:00:00 2001
From: Robin Freyler <robin.freyler@gmail.com>
Date: Sun, 12 Feb 2023 15:53:58 +0100
Subject: [PATCH] CI: Add fuzzing (#670)

* add fuzzing to CI

* fix fuzz CI job

* only do 2 minutes of fuzzing per run

* run 2 fuzz workers

* add translation fuzz test with fuel metering codegen
---
 .github/workflows/rust.yml             | 40 ++++++++++++++++++++++++++
 fuzz/Cargo.toml                        |  6 ++++
 fuzz/fuzz_targets/translate_metered.rs | 11 +++++++
 3 files changed, 57 insertions(+)
 create mode 100644 fuzz/fuzz_targets/translate_metered.rs

diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index 086290ca1f..a4c8cc6e39 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -194,6 +194,46 @@ jobs:
           command: udeps
           args: --all-targets
 
+  fuzz:
+    name: Fuzzing
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+          override: true
+      - name: Set up Cargo cache
+        uses: actions/cache@v3
+        continue-on-error: false
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-fuzz-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-fuzz-
+      - name: Checkout Submodules
+        run: git submodule update --init --recursive
+      - name: Install cargo-fuzz
+        run: |
+          # Note: We use `|| true` because cargo install returns an error
+          #       if cargo-udeps was already installed on the CI runner.
+          cargo install --locked cargo-fuzz || true
+      - name: Fuzz Translate
+        uses: actions-rs/cargo@v1
+        with:
+          command: fuzz
+          args: run translate -j 2 -- -max_total_time=60 # 1 minute of fuzzing
+      - name: Fuzz Translate (metered)
+        uses: actions-rs/cargo@v1
+        with:
+          command: fuzz
+          args: run translate -j 2 -- -max_total_time=60 # 1 minute of fuzzing
+
   miri:
     name: Miri
     runs-on: ubuntu-latest
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index 2b9de01279..f237900816 100644
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -24,3 +24,9 @@ name = "translate"
 path = "fuzz_targets/translate.rs"
 test = false
 doc = false
+
+[[bin]]
+name = "translate_metered"
+path = "fuzz_targets/translate_metered.rs"
+test = false
+doc = false
diff --git a/fuzz/fuzz_targets/translate_metered.rs b/fuzz/fuzz_targets/translate_metered.rs
new file mode 100644
index 0000000000..b79e5aa5d0
--- /dev/null
+++ b/fuzz/fuzz_targets/translate_metered.rs
@@ -0,0 +1,11 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+use wasmi::{Engine, Module, Config};
+
+fuzz_target!(|data: wasm_smith::Module| {
+    let wasm = data.to_bytes();
+    let mut config = Config::default();
+    config.consume_fuel(true);
+    let engine = Engine::new(&config);
+    Module::new(&engine, &mut &wasm[..]).unwrap();
+});