Skip to content

Commit 740e3ec

Browse files
committed
some fixes and updates
1 parent c9624f7 commit 740e3ec

13 files changed

Lines changed: 561 additions & 1338 deletions

File tree

Cargo.lock

Lines changed: 506 additions & 1301 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,11 @@ version = "0.1.0"
44
authors = []
55
license = "Apache-2.0 OR MIT"
66
edition = "2024"
7-
rust-version = "1.90"
7+
rust-version = "1.92"
88

99
[dependencies]
1010
wat = "1.0"
11-
wasmparser = "0.244"
11+
wasmparser = "0.247"
1212
rustc-demangle = "0.1"
1313
clap = { version = "4.4", features = ["derive", "env"] }
1414
md5 = "0.8"
@@ -23,19 +23,19 @@ anyhow = "1.0"
2323
dirs = "6.0"
2424
serde = "1.0"
2525
serde_json = { version = "1.0", features = ["arbitrary_precision"] }
26-
gimli = "0.32"
26+
gimli = "0.33"
2727
# We pin symbolic since DWARFv5 embedded source code support was removed >.>
2828
symbolic = { version = "12.11.1", features = ["demangle", "symcache"] }
2929
symbolic-debuginfo = "=12.11.1"
3030
rustc-hash = "2.0.0"
31-
hexyl = "0.16"
31+
hexyl = "0.17"
3232
humantime = "2.1"
3333
humansize = "2.1"
3434
crossbeam-channel = "0.5"
3535
ordered-float = { version = "5.0", features = ["speedy"] }
3636
decurse = "0.0.4"
3737
rustix = { version = "1.0", features = ["mm", "param", "fs"] }
38-
object = { version = "0.38", default-features = false, features = [
38+
object = { version = "0.39", default-features = false, features = [
3939
"read_core",
4040
"compression",
4141
"wasm",
@@ -51,7 +51,7 @@ libafl_bolts = { version = "0.15", default-features = false, features = [
5151
"derive",
5252
"serdeany_autoreg",
5353
] }
54-
cranelift = { version = "0.127", features = [
54+
cranelift = { version = "0.131", features = [
5555
"jit",
5656
"module",
5757
"native",
@@ -62,7 +62,7 @@ libc = "0.2.158"
6262
# feat:concolic
6363
# Note: waiting for 0.3.1 upstream
6464
smtlib = { git = "https://github.com/oeb25/smtlib-rs.git", rev = "4f0fad92289ba02931276cbe2bbe45f87f7a6f3e", optional = true }
65-
z3 = { version = "0.19", optional = true }
65+
z3 = { version = "0.20", optional = true }
6666
bitwuzla = { git = "https://github.com/Mrmaxmeier/bitwuzla-rs.git", optional = true }
6767

6868
# feat:with_mimalloc
@@ -117,3 +117,6 @@ opt-level = 3
117117
opt-level = 3
118118
[profile.dev.package."libafl"]
119119
opt-level = 3
120+
121+
[profile.release]
122+
debug = true

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# Build with `podman build . -t wasm-fuzzers-wasmfuzz`
22
FROM ubuntu:24.04
33
RUN apt-get update && apt-get install -y rustup git clang
4-
RUN rustup toolchain add --no-self-update 1.90
4+
RUN rustup toolchain add --no-self-update 1.92
55
RUN mkdir /wasmfuzz
66
COPY Cargo.toml Cargo.lock wasmfuzz/
77
COPY src wasmfuzz/src/

eval/container-runner.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ def time_as_seconds(v: str):
109109
parser.add_argument('--tag', action='append', help="Only run targets with this tag")
110110
parser.add_argument('--skip-tag', action='append', help="Don't run targets with this tag")
111111
parser.add_argument('--fuzzer', action='append', help="Run with this fuzzer")
112-
parser.add_argument('--keep-corpora', action='store_true', help="Copy resulting corpora to this path")
112+
parser.add_argument('--copy-corpora-to', default=None, help="Copy resulting corpora to this path")
113113

114114
args = parser.parse_args()
115115
fuzzers: list[str] = args.fuzzer or [
@@ -418,8 +418,8 @@ async def run_target(target, fuzzer, config=None, num_cores=1):
418418
core_ids=core_ids if args.pin_cores else None
419419
)
420420
await wasm_job.run(fuzzer=fuzzer, env=config_env)
421-
if args.keep_corpora:
422-
t_dir = Path(args.keep_corpora) / slug
421+
if args.copy_corpora_to:
422+
t_dir = Path(args.copy_corpora_to) / slug
423423
t_dir.mkdir(parents=True, exist_ok=True)
424424
shutil.copytree(corpus_dir, t_dir, dirs_exist_ok=True)
425425
except Exception as e:

harness-suite/scripts/prepare-toolchain.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
#!/bin/bash
22
set -e +x
33

4-
WASI_VERSION=29
4+
WASI_VERSION=32
55
WASI_VERSION_FULL=${WASI_VERSION}.0
66
WASI_DIR="wasi-sdk-${WASI_VERSION_FULL}-$(uname -m)-linux"
77
wget -q "https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-${WASI_VERSION}/${WASI_DIR}.tar.gz"

src/cli/mod.rs

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,8 @@ pub(crate) enum Subcommand {
5757
run_from_snapshot: FlagBool,
5858
#[clap(long)]
5959
input_size_limit: Option<usize>,
60+
#[clap(long)]
61+
memory_limit_pages: Option<u32>,
6062
},
6163
/// Check the system configuration and WebAssembly module for potential issues.
6264
Doctor {
@@ -238,6 +240,7 @@ pub(crate) fn main() {
238240
print_stdout,
239241
run_from_snapshot,
240242
input_size_limit,
243+
memory_limit_pages,
241244
} => {
242245
let inputs = gather_inputs_paths(&None, &inputs, true);
243246
let mod_spec = parse_program(&program);
@@ -253,6 +256,7 @@ pub(crate) fn main() {
253256
.instruction_limit(Some(2_000_000_000))
254257
.optimize_for_compilation_time(inputs.len() <= 10)
255258
.run_from_snapshot(*run_from_snapshot)
259+
.memory_limit_pages(memory_limit_pages)
256260
.build();
257261
if inputs.is_empty() {
258262
println!("No input specified. Exiting.")

src/fuzzer/orc.rs

Lines changed: 20 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -416,9 +416,17 @@ impl Orchestrator {
416416
swarm.input_size_limit = Some(1024 * self.config_epoch as u32);
417417
// First config: no additional feedback guidance.
418418
let mut opts = FeedbackOptions::minimal_code_coverage();
419-
opts.cmpcov_hamming = true;
420-
if self.config_epoch > 0 {
421-
opts.edge_shortest_trace = true;
419+
if self.opts.experiment == Some(Experiment::PassAblation) {
420+
let pass = std::env::var("FUZZER_PASS_ABLATION")
421+
.expect("FUZZER_PASS_ABLATION must be set");
422+
if pass != "baseline" {
423+
opts.activate_from_str(&pass);
424+
}
425+
} else {
426+
opts.cmpcov_hamming = true;
427+
if self.config_epoch > 0 {
428+
opts.edge_shortest_trace = true;
429+
}
422430
}
423431
return Config {
424432
passes: OrcPassesGen {
@@ -523,11 +531,15 @@ impl Orchestrator {
523531
swarm.discard_short_circuit_coverage = true;
524532
}
525533

526-
let mut opts = FeedbackOptions::nothing();
534+
let mut opts = FeedbackOptions::minimal_code_coverage();
535+
// We always enable edge coverage, and edge coverage subsumes function and bb coverage.
536+
// Function coverage is enabled for the CLI status line.
537+
opts.live_bbs = false;
538+
527539
let FeedbackOptions {
528-
live_funcs,
529-
live_bbs,
530-
live_edges,
540+
live_funcs: _,
541+
live_bbs: _,
542+
live_edges: _,
531543
cmpcov_hamming,
532544
cmpcov_absdist,
533545
cmpcov_u16dist,
@@ -550,12 +562,6 @@ impl Orchestrator {
550562
func_longest_trace,
551563
} = &mut opts;
552564

553-
// We always enable edge coverage, and edge coverage subsumes function and bb coverage.
554-
// Function coverage is enabled for the CLI status line.
555-
*live_funcs = true;
556-
*live_bbs = false;
557-
*live_edges = true;
558-
559565
if self.opts.experiment == Some(Experiment::PassAblation) {
560566
let pass =
561567
std::env::var("FUZZER_PASS_ABLATION").expect("FUZZER_PASS_ABLATION must be set");
@@ -611,7 +617,7 @@ impl Orchestrator {
611617

612618
if matches!(self.opts.experiment, Some(Experiment::OnlyEdgeCoverage)) {
613619
opts = FeedbackOptions::minimal_code_coverage();
614-
opts.live_edges = false;
620+
opts.live_bbs = false;
615621
}
616622

617623
Config {

src/ir/parse_cfg.rs

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -182,10 +182,8 @@ impl FuncCFG {
182182
Operator::If { .. } | Operator::BrIf { .. } | Operator::Else => {
183183
bb_starts.insert(InsnIdx(ip as u32 + 1));
184184
}
185-
Operator::End | Operator::Return => {
186-
if ip != end_idx.i() {
187-
bb_starts.insert(InsnIdx(ip as u32 + 1));
188-
}
185+
Operator::End | Operator::Return if ip != end_idx.i() => {
186+
bb_starts.insert(InsnIdx(ip as u32 + 1));
189187
}
190188
_ => {}
191189
}

src/jit/instance.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ impl ModuleInstance {
3737
*self
3838
.export_func_ptrs
3939
.get(export)
40-
.unwrap_or_else(|| panic!("export {export:?} not found"))
40+
.unwrap_or_else(|| panic!("export {export:?} not found: can't continue"))
4141
}
4242

4343
// TODO: Verify that ABI matches? ABI mismatches can be hard to track down!

src/jit/instrumentation.rs

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -56,9 +56,10 @@ pub(crate) fn instrument_func(
5656
trace_strcmp(state, bcx, location, a, b)
5757
}
5858
if let Some(libfunc) = state.fspec().known_libfunc
59-
&& state.options.is_concolic() {
60-
super::concolic::translate_concolic_trace_libcall(libfunc, state, bcx);
61-
}
59+
&& state.options.is_concolic()
60+
{
61+
super::concolic::translate_concolic_trace_libcall(libfunc, state, bcx);
62+
}
6263
}
6364
}
6465

0 commit comments

Comments
 (0)