feat(fuzz): add AOT compiler fuzzing tests and CMake configuration

Author: lum1n0us

tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt

@@ -1,178 +1,79 @@
 # Copyright (C) 2019 Intel Corporation. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
-cmake_minimum_required (VERSION 2.8)
+cmake_minimum_required(VERSION 3.14)
 
-if (NOT DEFINED CMAKE_C_COMPILER)
-set (CMAKE_C_COMPILER "clang")
-endif ()
-if (NOT DEFINED CMAKE_CXX_COMPILER)
-set (CMAKE_CXX_COMPILER "clang++")
-endif ()
+project(wasm_fuzzing LANGUAGES C CXX)
 
-project(wasm_mutator)
+# Ensure Clang is used as the compiler
+if(NOT CMAKE_C_COMPILER_ID STREQUAL "Clang" OR NOT CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+  message(FATAL_ERROR "Please use Clang as the C compiler for libFuzzer compatibility.")
+endif()
 
-set (CMAKE_BUILD_TYPE Debug)
+set(CMAKE_BUILD_TYPE Debug)
+set(CMAKE_C_STANDARD 11)
+set(CMAKE_CXX_STANDARD 17)
 
-string (TOLOWER ${CMAKE_HOST_SYSTEM_NAME} WAMR_BUILD_PLATFORM)
+string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} WAMR_BUILD_PLATFORM)
 
 # Reset default linker flags
-set (CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
-set (CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS "")
-
-set (CMAKE_C_STANDARD 11)
-set (CMAKE_CXX_STANDARD 17)
-
-# Set WAMR_BUILD_TARGET, currently values supported:
-# "X86_64", "AMD_64", "X86_32", "AARCH64[sub]", "ARM[sub]", "THUMB[sub]",
-# "MIPS", "XTENSA", "RISCV64[sub]", "RISCV32[sub]"
-if (NOT DEFINED WAMR_BUILD_TARGET)
-  if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm64|aarch64)")
-    set (WAMR_BUILD_TARGET "AARCH64")
-  elseif (CMAKE_SYSTEM_PROCESSOR STREQUAL "riscv64")
-    set (WAMR_BUILD_TARGET "RISCV64")
-  elseif (CMAKE_SIZEOF_VOID_P EQUAL 8)
-    # Build as X86_64 by default in 64-bit platform
-    set (WAMR_BUILD_TARGET "X86_64")
-  elseif (CMAKE_SIZEOF_VOID_P EQUAL 4)
-    # Build as X86_32 by default in 32-bit platform
-    set (WAMR_BUILD_TARGET "X86_32")
-  else ()
+set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+set(CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS "")
+
+# Determine WAMR_BUILD_TARGET based on system properties
+if(NOT DEFINED WAMR_BUILD_TARGET)
+  if(CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm64|aarch64)")
+    set(WAMR_BUILD_TARGET "AARCH64")
+  elseif(CMAKE_SYSTEM_PROCESSOR STREQUAL "riscv64")
+    set(WAMR_BUILD_TARGET "RISCV64")
+  elseif(CMAKE_SIZEOF_VOID_P EQUAL 8)
+    set(WAMR_BUILD_TARGET "X86_64")
+  elseif(CMAKE_SIZEOF_VOID_P EQUAL 4)
+    set(WAMR_BUILD_TARGET "X86_32")
+  else()
     message(SEND_ERROR "Unsupported build target platform!")
-  endif ()
-endif ()
+  endif()
+endif()
 
-if (APPLE)
+if(APPLE)
   add_definitions(-DBH_PLATFORM_DARWIN)
-endif ()
-
-if(CUSTOM_MUTATOR EQUAL 1)
-  add_compile_definitions(CUSTOM_MUTATOR)
 endif()
 
-if (NOT DEFINED WAMR_BUILD_INTERP)
-  # Enable Interpreter by default
-  set (WAMR_BUILD_INTERP 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_AOT)
-  # Enable AOT by default.
-  set (WAMR_BUILD_AOT 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_JIT)
-  # Disable JIT by default.
-  set (WAMR_BUILD_JIT 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_LIBC_BUILTIN)
-  # Disable libc builtin support by default
-  set (WAMR_BUILD_LIBC_BUILTIN 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_LIBC_WASI)
-  # Enable libc wasi support by default
-  set (WAMR_BUILD_LIBC_WASI 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_FAST_INTERP)
-  # Enable fast interpreter
-  set (WAMR_BUILD_FAST_INTERP 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_MULTI_MODULE)
-  # Disable multiple modules
-  set (WAMR_BUILD_MULTI_MODULE 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_LIB_PTHREAD)
-  # Disable pthread library by default
-  set (WAMR_BUILD_LIB_PTHREAD 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_MINI_LOADER)
-  # Disable wasm mini loader by default
-  set (WAMR_BUILD_MINI_LOADER 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_SIMD)
-  # Enable SIMD by default
-  set (WAMR_BUILD_SIMD 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_REF_TYPES)
-  # Enable reference type by default
-  set (WAMR_BUILD_REF_TYPES 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_DEBUG_INTERP)
-  # Disable Debug feature by default
-  set (WAMR_BUILD_DEBUG_INTERP 0)
-endif ()
-
-if (WAMR_BUILD_DEBUG_INTERP EQUAL 1)
-  set (WAMR_BUILD_FAST_INTERP 0)
-  set (WAMR_BUILD_MINI_LOADER 0)
-  set (WAMR_BUILD_SIMD 0)
-endif ()
-
-# sanitizer may use kHandleSignalExclusive to handle SIGSEGV
-# like `UBSAN_OPTIONS=handle_segv=2:...`
-set (WAMR_DISABLE_HW_BOUND_CHECK 1)
-# Enable aot validator
-set (WAMR_BUILD_AOT_VALIDATOR 1)
-
-set (REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..)
-message([ceith]:REPO_ROOT_DIR, ${REPO_ROOT_DIR})
-
-set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
-set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
-
-add_definitions(-DWAMR_USE_MEM_POOL=0 -DWASM_ENABLE_FUZZ_TEST=1)
+# Disable hardware bound check and enable AOT validator
+set(WAMR_DISABLE_HW_BOUND_CHECK 1)
+set(WAMR_BUILD_AOT_VALIDATOR 1)
+
+set(REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..)
+message(STATUS "REPO_ROOT_DIR: ${REPO_ROOT_DIR}")
+
+set(LLVM_SRC_ROOT ${REPO_ROOT_DIR}/core/deps/llvm)
+set(LLVM_BUILD_ROOT ${LLVM_SRC_ROOT}/build)
+set(LLVM_DIR ${LLVM_BUILD_ROOT}/lib/cmake/llvm)
+
+find_package(LLVM REQUIRED CONFIG)
+
+message(STATUS "Found LLVM ${LLVM_PACKAGE_VERSION}")
+message(STATUS "Using LLVMConfig.cmake in: ${LLVM_DIR}")
 
 # Enable fuzzer
+add_definitions(-DWASM_ENABLE_FUZZ_TEST=1)
 add_compile_options(-fsanitize=fuzzer)
 add_link_options(-fsanitize=fuzzer)
 
-# if not calling from oss-fuzz helper, enable all support sanitizers
-# oss-fuzz will define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION in CFLAGS and CXXFLAGS
+# Enable sanitizers if not in oss-fuzz environment
 set(CFLAGS_ENV $ENV{CFLAGS})
 string(FIND "${CFLAGS_ENV}" "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" IN_OSS_FUZZ)
-if (IN_OSS_FUZZ EQUAL -1)
-  message("[ceith]:Enable ASan and UBSan in non-oss-fuzz environment")
+if(IN_OSS_FUZZ EQUAL -1)
+  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment")
   add_compile_options(
     -fprofile-instr-generate -fcoverage-mapping
     -fno-sanitize-recover=all
     -fsanitize=address,undefined
-    # reference: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
-    # -fsanitize=undefined: All of the checks listed above other than float-divide-by-zero,
-    #     unsigned-integer-overflow, implicit-conversion, local-bounds and
-    #     the nullability-* group of checks.
-    #
-    # for now, we disable below from UBSan
-    # -alignment
-    # -implicit-conversion
-    #
     -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
     -fno-sanitize=alignment
   )
   add_link_options(-fsanitize=address -fprofile-instr-generate)
-endif ()
-
-include(${REPO_ROOT_DIR}/core/shared/utils/uncommon/shared_uncommon.cmake)
-include(${REPO_ROOT_DIR}/build-scripts/runtime_lib.cmake)
-
-add_library(vmlib ${WAMR_RUNTIME_LIB_SOURCE})
-
-add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc)
-target_link_libraries(wasm_mutator_fuzz vmlib -lm)
-
-find_package(LLVM REQUIRED CONFIG)
-
-message(STATUS "Found LLVM ${LLVM_PACKAGE_VERSION}")
-message(STATUS "Using LLVMConfig.cmake in: ${LLVM_DIR}")
+endif()
 
-include(${REPO_ROOT_DIR}/core/iwasm/compilation/iwasm_compl.cmake)
-add_library(aotclib ${IWASM_COMPL_SOURCE})
-target_compile_definitions(aotclib PUBLIC -DWASM_ENABLE_WAMR_COMPILER=1 ${LLVM_DEFINITIONS})
-target_include_directories(aotclib PUBLIC ${LLVM_INCLUDE_DIRS})
+add_subdirectory(wasm_mutator)
+add_subdirectory(aot_compiler)

tests/fuzz/wasm-mutator-fuzz/aot_compiler/CMakeLists.txt

@@ -0,0 +1,73 @@
+# Copyright (C) 2019 Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+project(aot_compiler_fuzzing LANGUAGES ASM C CXX)
+
+set(SHARED_DIR ${REPO_ROOT_DIR}/core/shared)
+set(IWASM_DIR ${REPO_ROOT_DIR}/core/iwasm)
+
+# Set default build options with the ability to override from the command line
+if(NOT WAMR_BUILD_INTERP)
+  set(WAMR_BUILD_INTERP 1)
+endif()
+
+set(WAMR_BUILD_WAMR_COMPILER 1)
+set(WAMR_BUILD_INTERP 1)
+set(WAMR_BUILD_AOT 1)
+
+include(${SHARED_DIR}/platform/${WAMR_BUILD_PLATFORM}/shared_platform.cmake)
+include(${SHARED_DIR}/mem-alloc/mem_alloc.cmake)
+include(${SHARED_DIR}/utils/shared_utils.cmake)
+include(${SHARED_DIR}/utils/uncommon/shared_uncommon.cmake)
+include(${IWASM_DIR}/compilation/iwasm_compl.cmake)
+include(${IWASM_DIR}/libraries/thread-mgr/thread_mgr.cmake)
+include(${IWASM_DIR}/common/iwasm_common.cmake)
+include(${IWASM_DIR}/common/gc/iwasm_gc.cmake)
+include(${IWASM_DIR}/interpreter/iwasm_interp.cmake)
+include(${IWASM_DIR}/aot/iwasm_aot.cmake)
+include(${IWASM_DIR}/compilation/iwasm_compl.cmake)
+include(${REPO_ROOT_DIR}/build-scripts/version.cmake)
+
+add_library(aotclib 
+  ${PLATFORM_SHARED_SOURCE}
+  ${MEM_ALLOC_SHARED_SOURCE}
+  ${UTILS_SHARED_SOURCE}
+  ${UNCOMMON_SHARED_SOURCE}
+  ${THREAD_MGR_SOURCE}
+  ${IWASM_COMMON_SOURCE}
+  ${IWASM_INTERP_SOURCE}
+  ${IWASM_AOT_SOURCE}
+  ${IWASM_GC_SOURCE}
+  ${IWASM_COMPL_SOURCE}
+)
+
+target_compile_definitions(aotclib 
+  PUBLIC 
+    -DWASM_ENABLE_WAMR_COMPILER=1 
+    -DWASM_ENABLE_FAST_INTERP=0
+    -DWASM_ENABLE_INTERP=1
+    -DWASM_ENABLE_BULK_MEMORY=1
+    -DWASM_ENABLE_SHARED_MEMORY=1
+    -DWASM_ENABLE_TAIL_CALL=1
+    -DWASM_ENABLE_SIMD=1
+    -DWASM_ENABLE_REF_TYPES=1
+    -DWASM_ENABLE_MEMORY64=1
+    -DWASM_ENABLE_GC=1
+    -DWASM_ENABLE_CUSTOM_NAME_SECTION=1
+    -DWASM_ENABLE_AOT_STACK_FRAME=1
+    -DWASM_ENABLE_DUMP_CALL_STACK=1
+    -DWASM_ENABLE_PERF_PROFILING=1
+    -DWASM_ENABLE_LOAD_CUSTOM_SECTION=1
+    -DWASM_ENABLE_THREAD_MGR=1
+    ${LLVM_DEFINITIONS}
+)
+
+target_include_directories(aotclib PUBLIC 
+  ${LLVM_INCLUDE_DIRS}
+  ${IWASM_DIR}/include
+  ${SHARED_DIR}/include
+)
+target_link_libraries(aotclib PUBLIC ${LLVM_AVAILABLE_LIBS})
+
+add_executable(aot_compiler_fuzz aot_compiler_fuzz.cc)
+target_link_libraries(aot_compiler_fuzz PRIVATE aotclib m)

tests/fuzz/wasm-mutator-fuzz/aot_compiler/aot_compiler_fuzz.cc

@@ -0,0 +1,85 @@
+// Copyright (C) 2019 Intel Corporation. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <iostream>
+#include <vector>
+
+#include "aot_export.h"
+#include "wasm_export.h"
+#include "bh_read_file.h"
+
+static void
+handle_aot_recent_error(const char *tag)
+{
+    const char *error = aot_get_last_error();
+    if (strlen(error) == 0) {
+        error = "UNKNOWN ERROR";
+    }
+
+    std::cout << tag << " " << error << std::endl;
+}
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+    wasm_module_t module = NULL;
+    char error_buf[128] = { 0 };
+    AOTCompOption option = { 0 };
+    aot_comp_data_t comp_data = NULL;
+    aot_comp_context_t comp_ctx = NULL;
+
+    /* libfuzzer don't allow to modify the given Data, so make a copy here */
+    std::vector<uint8_t> myData(Data, Data + Size);
+
+    wasm_runtime_init();
+
+    module = wasm_runtime_load((uint8_t *)myData.data(), Size, error_buf, 120);
+    if (!module) {
+        std::cout << "[LOADING] " << error_buf << std::endl;
+        goto DESTROY_RUNTIME;
+    }
+
+    // TODO: target_arch and other fields
+    option.target_arch = "x86_64";
+    option.target_abi = "gnu";
+    option.enable_bulk_memory = true;
+    option.enable_thread_mgr = true;
+    option.enable_tail_call = true;
+    option.enable_simd = true;
+    option.enable_ref_types = true;
+    option.enable_gc = true;
+
+    comp_data =
+        aot_create_comp_data(module, option.target_arch, option.enable_gc);
+    if (!comp_data) {
+        handle_aot_recent_error("[CREATING comp_data]");
+        goto UNLOAD_MODULE;
+    }
+
+    comp_ctx = aot_create_comp_context(comp_data, &option);
+    if (!comp_ctx) {
+        handle_aot_recent_error("[CREATING comp_context]");
+        goto DESTROY_COMP_DATA;
+    }
+
+    if (!aot_compile_wasm(comp_ctx)) {
+        handle_aot_recent_error("[COMPILING]");
+        goto DESTROY_COMP_CTX;
+    }
+
+DESTROY_COMP_CTX:
+    aot_destroy_comp_context(comp_ctx);
+DESTROY_COMP_DATA:
+    aot_destroy_comp_data(comp_data);
+UNLOAD_MODULE:
+    wasm_runtime_unload(module);
+DESTROY_RUNTIME:
+    wasm_runtime_destroy();
+
+    /* Values other than 0 and -1 are reserved for future use. */
+    return 0;
+}