mleku/wazero
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fuzz: update README instructions (#1175)

Browse Source 
Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io>
This commit is contained in:
Takeshi Yoneda
2023-02-27 16:13:16 -08:00
committed by GitHub
parent 3d5b6d609a
commit 599e01b65a
1 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
internal/integration_test/fuzz/README.md
View File

@@ -9,17 +9,26 @@ Fuzzing infrastructure for wazero engines via [wasm-tools](https://github.com/by
### Run Fuzzing
Currently, we only have one kind of fuzzing named `basic` where we compare the results from the compiler
and interpreter engines, and see if there's a diff in them. To run the test, execute the following command:
Currently, we have the following fuzzing targets:
- `basic`: compares the results from the compiler and interpreter engines, and see if there's a diff in them.
- `memory_no_diff`: same as `basic` except that in addition to the results, it also compares the entire memory buffer between engines to ensure the consistency around memory access.
Therefore, this takes much longer than `basic`.
- `validation`: try compiling maybe-invalid Wasm module binaries. This is to ensure that our validation phase works correctly as well as the engines do not panic during compilation.
To run the fuzzer on a target, execute the following command:
```
# Running on the host archictecture.
cargo fuzz run basic
cargo fuzz run <target>
# Running on the specified architecture which is handy when developping on M1 Mac.
cargo fuzz run basic-x86_64-apple-darwin
cargo fuzz run <target>-x86_64-apple-darwin
```
where you replace `<target>` with one of the targets described above.
See `cargo fuzz run --help` for the options. Especially, the following flags are useful:
- `-jobs=N`: `cargo fuzz run` by default only spawns one worker, so this flag helps do the parallel fuzzing.
@@ -29,6 +38,19 @@ See `cargo fuzz run --help` for the options. Especially, the following flags are
- `-timeout` sets the timeout seconds _per fuzzing run_, not the entire job.
#### Example commands
```
# Running the `basic` target with 15 concurrent jobs with total runnig time with 2hrs.
$ cargo fuzz run basic -- -max_len=5000000 -max_total_time=7200 -jobs=15
# Running the `memory_no_diff` target with 15 concurrent jobs with timeout 2hrs and setting timeout per fuzz case to 30s.
$ cargo fuzz run memory_no_diff -- -timeout=30 -max_total_time=7200 -jobs=15
# Running the `validation` target with 4 concurrent jobs with timeout 2hrs and setting timeout per fuzz case to 30s.
# cargo fuzz run validation -- -timeout=30 -max_total_time=7200 -jobs=4
```
### Reproduce errors
If the fuzzer encounters error, you would get the output like the following: