-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Wasm fuzzers #1145
Comments
Hi @vanhauser-thc , could you please specify what exactly would be required to merge upstream into Wasmi? For that I need (way) more information about what needs to be done in Wasmi. |
The plan is to make it generic, so that any wasm code can be fuzzed then with AFL++ and libafl (the best open source fuzzers). |
I am not expecting a "yes sure I will merge any pile of shit you throw at me", but rather a "if the code looks reasonable and does not impact my maintenance/dev I am inclined to yes" or "I have no interest at all". :-) |
How will this be different from the already existing fuzzing infrastructure for Wasmi? And can you already describe in what ways Wasmi will be extended to support this new fuzzing? For sure I am inclined to merge code that is well written, general purpose and reasonable that improves quality of Wasmi but be sure that every code that I merge into the |
https://github.com/wasmi-labs/wasmi/tree/main/fuzz are fuzzers that fuzz wasmi as I read it. we want to fuzz wasm targets. so the lifted/executed wasm code needs to be instrumented for fuzzing, not wasmi itself. but the code to do that needs to be in wasmi. I made specifically the WAFL comparison because this basically is a dead fork. They should have upstreamed their modifications to WAVM so WAVM users would be able to fuzz their wasm programs with actual interpreter, not an outdated one. |
What exactly do you mean with "we want to fuzz wasm targets"? Do you want to fuzz compilers that output Wasm? Do you want to fuzz a specific Wasm target such as It would be very helpful to know in what ways Wasmi would be required to be extended. So far I have little understanding of what needs to be done in Wasmi to support your use case. Also why cannot it be a standalone tool such as |
wasmi is executing wasm blobs. we want to fuzz what is happening in the wasm blobs to find security issue in there, and extending this, in ink! contracts. wasmi will provide coverage instrumentation to fuzzers (e.g. cargo-afl) so that the fuzzing of the wasm blobs happens coverage guided. e.g. by writing coverage information when a |
How about this: you develop this functionality in a Wasmi fork and once development is finished and polished you can open a PR and we can discuss the proposed inclusions into upstream. Until then it seems to be too vague for me to provide a yes or no. If the utility can be isolated, is generally useful and well engineered to be maintainable then I see no issues for inclusion into upstream. Lots of "if"s I know ... :) Also: is a more general proper name for this issue: "Support for Wasm fuzzers"? |
@vanhauser-thc what is your opinion or thinking on the above? |
We will send a pr once we are ready |
@vanhauser-thc Is this still on your agenda? The link to the referenda in the first post seems to be broken. Or can this be closed? |
The referendum was accepted and the fuzzer is actively developed. You can close this if you want, we will a create a PR when we are ready |
We are implementing an ink! fuzzer (https://polkadot.polkassembly.io/referenda/942).
For this we want to use wasmi to make it easier for developers to use the fuzzer.
As this requires code changes we could fork the repository and people would need to use that, but it would be a better user experience if we can merge this feature upstream into wasmi.
This would be hidden behind a feature flag, as normal wasmi usage should not be affected.
Is that something that would be OK for you to merge?
The text was updated successfully, but these errors were encountered: