Fuzzing: Set up a resource limiter for FuzzTranslator

kateinoigakukun · kateinoigakukun · commit 780a0eaec7b7 · 2024-10-23T07:04:15.000Z
And validate memory type when creating a new memory instance outside of
the instantiation process.
diff --git a/FuzzTesting/Package.swift b/FuzzTesting/Package.swift
@@ -35,6 +35,7 @@ let package = Package(
             .product(name: "WasmKit", package: "WasmKit")
         ]),
         .target(name: "FuzzExecute", dependencies: [
+            "WasmKitFuzzing",
             .product(name: "WasmKit", package: "WasmKit"),
         ]),
         .executableTarget(name: "FuzzDifferential", dependencies: [
diff --git a/FuzzTesting/Sources/FuzzExecute/FuzzExecute.swift b/FuzzTesting/Sources/FuzzExecute/FuzzExecute.swift
@@ -1,13 +1,5 @@
 @_spi(Fuzzing) import WasmKit
-
-struct FuzzerResourceLimiter: ResourceLimiter {
-    func limitMemoryGrowth(to desired: Int) throws -> Bool {
-        return desired < 1024 * 1024 * 1024
-    }
-    func limitTableGrowth(to desired: Int) throws -> Bool {
-        return desired < 1024 * 1024
-    }
-}
+import WasmKitFuzzing
 
 @_cdecl("LLVMFuzzerTestOneInput")
 public func FuzzCheck(_ start: UnsafePointer<UInt8>, _ count: Int) -> CInt {
diff --git a/FuzzTesting/Sources/WasmKitFuzzing/WasmKitFuzzing.swift b/FuzzTesting/Sources/WasmKitFuzzing/WasmKitFuzzing.swift
@@ -1,6 +1,18 @@
 // This module defines utilities for fuzzing WasmKit.
 
-import WasmKit
+@_spi(Fuzzing) import WasmKit
+
+/// A resource limiter that restricts allocations to fuzzer limits.
+public struct FuzzerResourceLimiter: ResourceLimiter {
+    public init() {}
+
+    public func limitMemoryGrowth(to desired: Int) throws -> Bool {
+        return desired < 1024 * 1024 * 1024
+    }
+    public func limitTableGrowth(to desired: Int) throws -> Bool {
+        return desired < 1024 * 1024
+    }
+}
 
 /// Check if a Wasm module can be instantiated without crashing.
 ///
@@ -9,6 +21,7 @@ public func fuzzInstantiation(bytes: [UInt8]) throws {
     let module = try WasmKit.parseWasm(bytes: bytes)
     let engine = Engine(configuration: EngineConfiguration(compilationMode: .eager))
     let store = Store(engine: engine)
+    store.resourceLimiter = FuzzerResourceLimiter()
 
     // Prepare dummy imports
     var imports = Imports()
diff --git a/Sources/WasmKit/Engine.swift b/Sources/WasmKit/Engine.swift
@@ -1,5 +1,7 @@
 import _CWasmKit.Platform
 
+import struct WasmParser.WasmFeatureSet
+
 /// A WebAssembly execution engine.
 ///
 /// An engine is responsible storing the configuration for the execution of
@@ -85,14 +87,30 @@ public struct EngineConfiguration {
     /// "call stack exhausted" ``Trap`` errors thrown by the interpreter.
     public var stackSize: Int
 
+    /// The WebAssembly features that can be used by Wasm modules running on this engine.
+    public var features: WasmFeatureSet
+
     /// Initializes a new instance of `EngineConfiguration`.
+    ///
     /// - Parameter threadingModel: The threading model to use for the virtual
     /// machine interpreter. If `nil`, the default threading model for the
     /// current platform will be used.
-    public init(threadingModel: ThreadingModel? = nil, compilationMode: CompilationMode? = nil, stackSize: Int? = nil) {
+    /// - Parameter compilationMode: The compilation mode to use for WebAssembly
+    /// modules. If `nil`, the default compilation mode (lazy) will be used.
+    /// - Parameter stackSize: The stack size in bytes for the virtual machine
+    /// interpreter. If `nil`, the default stack size (512KB) will be used.
+    /// - Parameter features: The WebAssembly features that can be used by Wasm
+    /// modules running on this engine.
+    public init(
+        threadingModel: ThreadingModel? = nil,
+        compilationMode: CompilationMode? = nil,
+        stackSize: Int? = nil,
+        features: WasmFeatureSet = .default
+    ) {
         self.threadingModel = threadingModel ?? .defaultForCurrentPlatform
         self.compilationMode = compilationMode ?? .lazy
         self.stackSize = stackSize ?? (1 << 19)
+        self.features = features
     }
 }
 
diff --git a/Sources/WasmKit/Execution/Instances.swift b/Sources/WasmKit/Execution/Instances.swift
@@ -580,6 +580,9 @@ public struct Memory: Equatable {
     /// let instance = try module.instantiate(store: store, imports: imports)
     /// ```
     public init(store: Store, type: MemoryType) throws {
+        // Validate the memory type because the type is not validated at instantiation time.
+        try ModuleValidator.checkMemoryType(type, features: store.engine.configuration.features)
+
         self.init(
             handle: try store.allocator.allocate(memoryType: type, resourceLimiter: store.resourceLimiter),
             allocator: store.allocator
