Skip to content

Commit 6e254ca

Browse files
kateinoigakukunkateinoigakukun
committed
Add README about fuzz testing
1 parent 506a826 commit 6e254ca

File tree

3 files changed

+42
-10
lines changed

3 files changed

+42
-10
lines changed

FuzzTesting/.gitignore

Lines changed: 0 additions & 8 deletions
This file was deleted.

FuzzTesting/README.md

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
# Fuzz Testing
2+
3+
This subdirectory contains some [libFuzzer](https://www.llvm.org/docs/LibFuzzer.html) fuzzing targets for WasmKit.
4+
5+
> [!WARNING]
6+
> libFuzzer does not work with the latest Swift runtime library on macOS for some reason. Run the fuzzing targets on Linux for now.
7+
8+
## Requirements
9+
10+
- [Open Source Swift Toolchain](https://swift.org/install) - Xcode toolchain does not contain fuzzing supoort, so you need to install the open source toolchain.
11+
- [wasm-tools](https://github.com/bytecodealliance/wasm-tools) - Required to generate random seed corpora
12+
13+
14+
## Running the Fuzzing Targets
15+
16+
1. Generate seed corpora for the fuzzing targets:
17+
```sh
18+
./fuzz.py seed
19+
```
20+
2. Run the fuzzing targets, where `<target>` is one of the fuzzing targets available in `./Sources` directory:
21+
```sh
22+
./fuzz.py run <target>
23+
```
24+
3. Once the fuzzer finds a crash, it will generate a test case in the `FailCases/<target>` directory.
25+
26+
27+
## Reproducing Crashes
28+
29+
To reproduce a crash found by the fuzzer
30+
31+
1. Build the fuzzer executable:
32+
```sh
33+
./fuzz.py build <target>
34+
```
35+
2. Run the fuzzer executable with the test case:
36+
```sh
37+
./.build/debug/<target> <testcase>
38+
```

FuzzTesting/fuzz.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,14 +29,16 @@ def main():
2929
# Subcommands
3030
subparsers = parser.add_subparsers(required=True)
3131

32+
available_targets = list(os.listdir('Sources'))
33+
3234
build_parser = subparsers.add_parser('build', help='Build the fuzzer')
3335
build_parser.add_argument(
34-
'target_name', type=str, help='Name of the target')
36+
'target_name', type=str, help='Name of the target', choices=available_targets)
3537
build_parser.set_defaults(func=build)
3638

3739
run_parser = subparsers.add_parser('run', help='Run the fuzzer')
3840
run_parser.add_argument(
39-
'target_name', type=str, help='Name of the target')
41+
'target_name', type=str, help='Name of the target', choices=available_targets)
4042
run_parser.add_argument(
4143
'--skip-build', action='store_true',
4244
help='Skip building the fuzzer')

0 commit comments

Comments
 (0)