Skip to content

Commit

Permalink
fuzz: update README instructions (#1175)
Browse files Browse the repository at this point in the history
Signed-off-by: Takeshi Yoneda <[email protected]>
  • Loading branch information
mathetake authored Feb 28, 2023
1 parent 3d5b6d6 commit 599e01b
Showing 1 changed file with 26 additions and 4 deletions.
30 changes: 26 additions & 4 deletions internal/integration_test/fuzz/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,26 @@ Fuzzing infrastructure for wazero engines via [wasm-tools](https://github.com/by

### Run Fuzzing

Currently, we only have one kind of fuzzing named `basic` where we compare the results from the compiler
and interpreter engines, and see if there's a diff in them. To run the test, execute the following command:
Currently, we have the following fuzzing targets:

- `basic`: compares the results from the compiler and interpreter engines, and see if there's a diff in them.
- `memory_no_diff`: same as `basic` except that in addition to the results, it also compares the entire memory buffer between engines to ensure the consistency around memory access.
Therefore, this takes much longer than `basic`.
- `validation`: try compiling maybe-invalid Wasm module binaries. This is to ensure that our validation phase works correctly as well as the engines do not panic during compilation.


To run the fuzzer on a target, execute the following command:

```
# Running on the host archictecture.
cargo fuzz run basic
cargo fuzz run <target>
# Running on the specified architecture which is handy when developping on M1 Mac.
cargo fuzz run basic-x86_64-apple-darwin
cargo fuzz run <target>-x86_64-apple-darwin
```

where you replace `<target>` with one of the targets described above.

See `cargo fuzz run --help` for the options. Especially, the following flags are useful:

- `-jobs=N`: `cargo fuzz run` by default only spawns one worker, so this flag helps do the parallel fuzzing.
Expand All @@ -29,6 +38,19 @@ See `cargo fuzz run --help` for the options. Especially, the following flags are
- `-timeout` sets the timeout seconds _per fuzzing run_, not the entire job.


#### Example commands

```
# Running the `basic` target with 15 concurrent jobs with total runnig time with 2hrs.
$ cargo fuzz run basic -- -max_len=5000000 -max_total_time=7200 -jobs=15
# Running the `memory_no_diff` target with 15 concurrent jobs with timeout 2hrs and setting timeout per fuzz case to 30s.
$ cargo fuzz run memory_no_diff -- -timeout=30 -max_total_time=7200 -jobs=15
# Running the `validation` target with 4 concurrent jobs with timeout 2hrs and setting timeout per fuzz case to 30s.
# cargo fuzz run validation -- -timeout=30 -max_total_time=7200 -jobs=4
```

### Reproduce errors

If the fuzzer encounters error, you would get the output like the following:
Expand Down

0 comments on commit 599e01b

Please sign in to comment.