Skip to content

Latest commit

 

History

History

fuzz

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
in
in
 
 
README.md
README.md
 
 
basic.ml
basic.ml
 
 
dune
dune
 
 
env.ml
env.ml
 
 
fuzzer.ml
fuzzer.ml
 
 
gen.ml
gen.ml
 
 
gen.mli
gen.mli
 
 
interprets.ml
interprets.ml
 
 
param.ml
param.ml
 
 
type_stack.ml
type_stack.ml
 
 

README.md

Fuzzer

This fuzzer generates random (valid) Wasm programs.

Once a random Wasm program was generated, it performs differential testing with different to test various stuff:

  • optimize_fuzzing will compare the original program against its optimized (with owi opt) version by running them both in the concrete interpreter and comparing the output;
  • reference_fuzzing will compare the output of the program in the concrete interpreter and in Wasm reference interpreter;
  • symbolic_fuzzing will compare the output of the program in the concrete interpreter and in the symbolic interpreter.

You can choose which of the different kind of differential testing should be performed in param.ml. This file also contains other parameters, feel free to tune them.

Fuzzing mode

There are two ways to run the fuzzer.

In quick-check mode:

$ dune exec ./fuzzer.exe

In AFL mode:

$ afl-fuzz -i in/ -o out -- ../../_build/default/test/fuzz/fuzzer.exe @@

In order to run in AFL mode, you need an AFL-instrumented compiler. You can create a switch for it with the following command:

$ opam switch create 5.3.0+flambda+afl --packages=ocaml-variants.5.3.0+options,ocaml-option-flambda,ocaml-option-afl