finite-wasm 0.6.0

Guarantee deterministic limits on execution time and space resources made available to the WebAssembly programs in a runtime-agnostic way. 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

use std::fmt::Write;
use std::path::PathBuf;

/// Finds all no-parameter exported functions
pub fn find_entry_points(contract: &[u8]) -> Vec<String> {
    let mut tys = Vec::new();
    let mut fns = Vec::new();
    let mut entries = Vec::new();
    for payload in wasmparser::Parser::default().parse_all(contract) {
        match payload {
            Ok(wasmparser::Payload::FunctionSection(rdr)) => fns.extend(rdr),
            Ok(wasmparser::Payload::TypeSection(rdr)) => {
                tys.extend(rdr.into_iter_err_on_gc_types())
            }
            Ok(wasmparser::Payload::ExportSection(rdr)) => {
                for export in rdr {
                    if let Ok(wasmparser::Export {
                        name,
                        kind: wasmparser::ExternalKind::Func,
                        index,
                    }) = export
                    {
                        if name.chars().any(|c| !c.is_ascii_alphanumeric()) {
                            continue; // ignore non-ascii-alnum exports for convenience
                        }
                        if let Some(&Ok(ty_index)) = fns.get(index as usize) {
                            if let Some(Ok(func_type)) = tys.get(ty_index as usize) {
                                if func_type.params().is_empty() {
                                    entries.push(name.to_string());
                                }
                            }
                        }
                    }
                }
            }
            _ => (),
        }
    }
    entries
}

fn adjust_cfg(mut config: wasm_smith::Config) -> wasm_smith::Config {
    config.max_imports = 0;
    config.max_instructions = 1000;
    config.allow_start_export = false;
    config.exceptions_enabled = false;
    config.gc_enabled = false;
    config
}

#[derive(Debug)]
struct WasmSmithModule {
    data: Vec<u8>,
}

impl<'a> arbitrary::Arbitrary<'a> for WasmSmithModule {
    fn arbitrary(u: &mut arbitrary::Unstructured<'a>) -> arbitrary::Result<Self> {
        let config = adjust_cfg(wasm_smith::Config::arbitrary(u)?);
        wasm_smith::Module::new(config, u).map(|m| Self { data: m.to_bytes() })
    }
    fn size_hint(depth: usize) -> (usize, Option<usize>) {
        let cfg_size = wasm_smith::Config::size_hint(depth);
        let module_size = wasm_smith::Module::size_hint(depth);
        (cfg_size.0 + module_size.0, None)
    }
}

#[test]
fn fuzz() {
    bolero::check!()
        .with_arbitrary::<WasmSmithModule>()
        .for_each(|module| {
            let bytes = &module.data;
            let exports = find_entry_points(&bytes);

            if exports.is_empty() {
                // It’s pointless looking more into this test as we won’t be running anything anyway.
                return;
            }

            let mut wast_test = String::new();
            write!(wast_test, "(module binary \"").unwrap();
            for b in bytes.iter() {
                write!(wast_test, "\\{:02X}", b).unwrap();
            }
            write!(wast_test, "\")\n").unwrap();
            for e in exports {
                // `(invoke ...)` will be turned into `(just_run ...)` by the test framework after wast parsing.
                // XREF:INVOKE-FOR-JUST-RUN
                write!(wast_test, "(invoke {:?})\n", e).unwrap();
            }

            let mut f = tempfile::Builder::new()
                .prefix("fuzzed-module-")
                .tempfile()
                .expect("creating temp file");
            std::io::Write::write_all(&mut f, wast_test.as_bytes())
                .expect("writing wast test file");

            let mut t = crate::wast_tests::test::TestContext::new(
                "fuzz".to_owned(),
                f.path().to_owned(),
                PathBuf::from("/"),
                PathBuf::from("/tmp"),
                false,
            );
            t.run();
            if t.failed() {
                let _ = std::fs::write("/tmp/fuzz-crash.wasm", &bytes);
                let output = String::from_utf8_lossy(&t.output);
                eprintln!(
                    "Test failed, module available in /tmp/fuzz-crash.wasm.
Module bytes were:
{:?}
Wast test was:
{}
Test output:
{}",
                    bytes, wast_test, output,
                );
                panic!("{}", output.lines().collect::<Vec<_>>().join("; "));
            }
        })
}