Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fuzz: update README instructions #1175

Merged
merged 2 commits into from
Feb 28, 2023
Merged

fuzz: update README instructions #1175

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fad71f6
fuzz: update README instructions
mathetake Feb 28, 2023
c25a59b
fuzz
mathetake Feb 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 26 additions & 4 deletions internal/integration_test/fuzz/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,26 @@ Fuzzing infrastructure for wazero engines via [wasm-tools](https://github.com/by

### Run Fuzzing

Currently, we only have one kind of fuzzing named `basic` where we compare the results from the compiler
and interpreter engines, and see if there's a diff in them. To run the test, execute the following command:
Currently, we only have the following fuzzing targets:

- `basic`: compares the results from the compiler and interpreter engines, and see if there's a diff in them.
- `memory_no_diff`: same as `basic` except that in addition to the results, it also compares the entire memory buffer between engines to ensure the consistency around memory access.
Therefore, this takes much longer than `basic`.
- `validation`: try compiling maybe-invalid Wasm module binaries. This is to ensure that our validation phase works correctly as well as the engines do not panic during compilation.


To run the fuzzer on a target, execute the following command:

```
# Running on the host archictecture.
cargo fuzz run basic
cargo fuzz run <target>

# Running on the specified architecture which is handy when developping on M1 Mac.
cargo fuzz run basic-x86_64-apple-darwin
cargo fuzz run <target>-x86_64-apple-darwin
```

where you replace `<target>` is one of the targets described above.

See `cargo fuzz run --help` for the options. Especially, the following flags are useful:

- `-jobs=N`: `cargo fuzz run` by default only spawns one worker, so this flag helps do the parallel fuzzing.
Expand All @@ -29,6 +38,19 @@ See `cargo fuzz run --help` for the options. Especially, the following flags are
- `-timeout` sets the timeout seconds _per fuzzing run_, not the entire job.


#### Example commands

```
# Running the `basic` target with 15 concurrent jobs with total runnig time with 2hrs.
$ cargo fuzz run basic -- -max_len=5000000 -max_total_time=7200 -jobs=15

# Running the `memory_no_diff` target with 15 concurrent jobs with timeout 2hrs and setting timeout per fuzz case to 30s.
$ cargo fuzz run memory_no_diff -- -timeout=30 -max_total_time=7200 -jobs=15

# Running the `validation` target with 4 concurrent jobs with timeout 2hrs and setting timeout per fuzz case to 30s.
# cargo fuzz run validation -- -timeout=30 -max_total_time=7200 -jobs=4
```

### Reproduce errors

If the fuzzer encounters error, you would get the output like the following:
Expand Down