summaryrefslogtreecommitdiffstats
path: root/third_party/rust/wasm-smith/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/rust/wasm-smith/README.md')
-rw-r--r--third_party/rust/wasm-smith/README.md101
1 files changed, 101 insertions, 0 deletions
diff --git a/third_party/rust/wasm-smith/README.md b/third_party/rust/wasm-smith/README.md
new file mode 100644
index 0000000000..720472ebb6
--- /dev/null
+++ b/third_party/rust/wasm-smith/README.md
@@ -0,0 +1,101 @@
+# `wasm-smith`
+
+**A WebAssembly test case generator.**
+
+[![](https://docs.rs/wasm-smith/badge.svg)](https://docs.rs/wasm-smith/)
+[![](https://img.shields.io/crates/v/wasm-smith.svg)](https://crates.io/crates/wasm-smith)
+[![](https://img.shields.io/crates/d/wasm-smith.svg)](https://crates.io/crates/wasm-smith)
+![Rust](https://github.com/fitzgen/wasm-smith/workflows/Rust/badge.svg)
+
+* [Features](#features)
+* [Usage](#usage)
+ * [With `cargo fuzz` and `libfuzzer-sys`](#with-cargo-fuzz-and-libfuzzer-sys)
+ * [As a Command Line Tool](#as-a-command-line-tool)
+
+## Features
+
+* **Always valid:** All generated Wasm modules pass validation. `wasm-smith`
+ gets past your wasm parser and validator, exercising the guts of your Wasm
+ compiler, runtime, or tool.
+
+* **Supports the full WebAssembly language:** Doesn't have blind spots or
+ unimplemented instructions.
+
+* **Implements the
+ [`Arbitrary`](https://docs.rs/arbitrary/*/arbitrary/trait.Arbitrary.html)
+ trait**: Easy to use with [`cargo
+ fuzz`](https://github.com/rust-fuzz/cargo-fuzz) and
+ [`libfuzzer-sys`](https://github.com/rust-fuzz/libfuzzer)!
+
+* **Deterministic:** Given the same input seed, always generates the same output
+ Wasm module, so you can always reproduce test failures.
+
+* **Plays nice with mutation-based fuzzers:** Small changes to the input tend to
+ produce small changes to the output Wasm module. Larger inputs tend to
+ generate larger Wasm modules.
+
+## Usage
+
+### With `cargo fuzz` and `libfuzzer-sys`
+
+First, use `cargo fuzz` to define a new fuzz target:
+
+```shell
+$ cargo fuzz add my_wasm_smith_fuzz_target
+```
+
+Next, add `wasm-smith` to your dependencies:
+
+```shell
+$ cargo add wasm-smith
+```
+
+Then, define your fuzz target so that it takes arbitrary `wasm_smith::Module`s
+as an argument, convert the module into serialized Wasm bytes via the `to_bytes`
+method, and then feed it into your system:
+
+```rust
+// fuzz/fuzz_targets/my_wasm_smith_fuzz_target.rs
+
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use wasm_smith::Module;
+
+fuzz_target!(|module: Module| {
+ let wasm_bytes = module.to_bytes();
+
+ // Your code here...
+});
+```
+
+Finally, start fuzzing:
+
+```shell
+$ cargo fuzz run my_wasm_smith_fuzz_target
+```
+
+> **Note:** Also check out [the `validate` fuzz
+> target](https://github.com/fitzgen/wasm-smith/blob/main/fuzz/fuzz_targets/validate.rs)
+> defined in this repository. Using the `wasmparser` crate, it checks that every
+> module generated by `wasm-smith` validates successfully.
+
+### As a Command Line Tool
+
+Install the CLI tool via `cargo`:
+
+```shell
+$ cargo install wasm-tools
+```
+
+Convert some arbitrary input into a valid Wasm module:
+
+```shell
+$ head -c 100 /dev/urandom | wasm-tools smith -o test.wasm
+```
+
+Finally, run your tool on the generated Wasm module:
+
+```shell
+$ my-wasm-tool test.wasm
+```