Add a new fuzzer focused on component-model-async events #12119
+3,657
−32
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Author
|
Currently leaving this in draft form while bytecodealliance/wit-bindgen#1446 is pending. |
alexcrichton
added
the
wasm-proposal:component-model-async
Member
Author
|
I'll also note that I understand this is a pretty meat and pretty dense fuzzer, so I'm happy to walk through it if @dicej you or anyone else is interested. I'm also happy to write up more docs anywhere as necessary. Current docs are primarily located at crates/test-programs/src/bin/fuzz_async.rs |
github-actions
bot
added
fuzzing
alexcrichton
force-pushed
the
more-async-fuzz
branch
from
5e53b7e to
c8a2128
Compare
Subscribe to Label Actioncc @fitzgen
This issue or pull request has been labeled: "fuzzing", "wasm-proposal:component-model-async", "wasmtime:api"
Thus the following users have been cc'd because of the following labels:
To subscribe or unsubscribe from this label, edit the |
This commit adds a new fuzzer mode to the `misc` fuzzer of Wasmtime which is focused on async events and interleavings of components using the component-model-async proposal. This fuzzer works by having a precompiled guest program which serves as the component to run. This precompiled component has a custom `fuzz.wit` which is used to interface with the fuzzer itself. The fuzzer is then a fuzz-generated sequence of commands to send to the component which verifies that everything executes correctly, has no panics, etc. This fuzzer intends to stress async communication and task infrastructure with component-model-async. Notably this does not stress lifting/lowering or arbitrary type signatures. This does, however, permute all of the following: * Guest/host interactions (also guest/guest, host/host, etc). * Async functions, both ready and pending. * Future operations: reads, writes, cancellation, transfers, etc. * Stream operations: reads, writes, cancellation, transfers, etc. This is all throwing into a large "soup" and then asserted to work correctly. There's a few gotchas here and there for how this fuzzer is designed, such as some events requiring "yield N times to await this event happening". This is required because Wasmtime is allowed to non-deterministically select between a number of "ready events" and what to dispatch. This is not intended to be a one-size-fits-all fuzzer for component-model-async. The recent enhancements to the `component_api` fuzzer are intended to complement this fuzzer in terms of what's stressed where internally.
alexcrichton
force-pushed
the
more-async-fuzz
branch
from
4facb4c to
aedb2bb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds a new fuzzer mode to the
miscfuzzer of Wasmtime which is focused on async events and interleavings of components using the component-model-async proposal. This fuzzer works by having a precompiled guest program which serves as the component to run. This precompiled component has a customfuzz.witwhich is used to interface with the fuzzer itself. The fuzzer is then a fuzz-generated sequence of commands to send to the component which verifies that everything executes correctly, has no panics, etc.This fuzzer intends to stress async communication and task infrastructure with component-model-async. Notably this does not stress lifting/lowering or arbitrary type signatures. This does, however, permute all of the following:
This is all throwing into a large "soup" and then asserted to work correctly. There's a few gotchas here and there for how this fuzzer is designed, such as some events requiring "yield N times to await this event happening". This is required because Wasmtime is allowed to non-deterministically select between a number of "ready events" and what to dispatch.
This is not intended to be a one-size-fits-all fuzzer for component-model-async. The recent enhancements to the
component_apifuzzer are intended to complement this fuzzer in terms of what's stressed where internally.