feat(fuzz): add a new fuzzing target about aot compiler (#4121)
support llvm-jit running mode as another fuzzing target
This commit is contained in:
liang.he
164
tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt
Normal file
164
tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt
Normal file
@ -0,0 +1,164 @@
|
||||
# Copyright (C) 2025 Intel Corporation. All rights reserved.
|
||||
# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
||||
|
||||
# Set default build options with the ability to override from the command line
|
||||
if(NOT WAMR_BUILD_INTERP)
|
||||
set(WAMR_BUILD_INTERP 1)
|
||||
endif()
|
||||
|
||||
set(WAMR_BUILD_WAMR_COMPILER 1)
|
||||
set(WAMR_BUILD_AOT 1)
|
||||
set(WAMR_BUILD_INTERP 1)
|
||||
set(WAMR_BUILD_JIT 0)
|
||||
|
||||
include(${SHARED_DIR}/platform/${WAMR_BUILD_PLATFORM}/shared_platform.cmake)
|
||||
include(${SHARED_DIR}/mem-alloc/mem_alloc.cmake)
|
||||
include(${SHARED_DIR}/utils/shared_utils.cmake)
|
||||
include(${SHARED_DIR}/utils/uncommon/shared_uncommon.cmake)
|
||||
include(${IWASM_DIR}/compilation/iwasm_compl.cmake)
|
||||
include(${IWASM_DIR}/libraries/thread-mgr/thread_mgr.cmake)
|
||||
include(${IWASM_DIR}/common/iwasm_common.cmake)
|
||||
include(${IWASM_DIR}/common/gc/iwasm_gc.cmake)
|
||||
include(${IWASM_DIR}/interpreter/iwasm_interp.cmake)
|
||||
include(${IWASM_DIR}/aot/iwasm_aot.cmake)
|
||||
include(${IWASM_DIR}/compilation/iwasm_compl.cmake)
|
||||
include(${REPO_ROOT_DIR}/build-scripts/version.cmake)
|
||||
|
||||
add_library(aotclib
|
||||
${PLATFORM_SHARED_SOURCE}
|
||||
${MEM_ALLOC_SHARED_SOURCE}
|
||||
${UTILS_SHARED_SOURCE}
|
||||
${UNCOMMON_SHARED_SOURCE}
|
||||
${THREAD_MGR_SOURCE}
|
||||
${IWASM_COMMON_SOURCE}
|
||||
${IWASM_INTERP_SOURCE}
|
||||
${IWASM_AOT_SOURCE}
|
||||
${IWASM_GC_SOURCE}
|
||||
${IWASM_COMPL_SOURCE}
|
||||
)
|
||||
|
||||
target_compile_definitions(aotclib
|
||||
PUBLIC
|
||||
-DWASM_ENABLE_WAMR_COMPILER=1
|
||||
-DWASM_ENABLE_FAST_INTERP=0
|
||||
-DWASM_ENABLE_INTERP=1
|
||||
-DWASM_ENABLE_BULK_MEMORY=1
|
||||
-DWASM_ENABLE_SHARED_MEMORY=1
|
||||
-DWASM_ENABLE_TAIL_CALL=1
|
||||
-DWASM_ENABLE_SIMD=1
|
||||
-DWASM_ENABLE_REF_TYPES=1
|
||||
-DWASM_ENABLE_MEMORY64=1
|
||||
-DWASM_ENABLE_GC=1
|
||||
-DWASM_ENABLE_CUSTOM_NAME_SECTION=1
|
||||
-DWASM_ENABLE_AOT_STACK_FRAME=1
|
||||
-DWASM_ENABLE_DUMP_CALL_STACK=1
|
||||
-DWASM_ENABLE_PERF_PROFILING=1
|
||||
-DWASM_ENABLE_LOAD_CUSTOM_SECTION=1
|
||||
-DWASM_ENABLE_THREAD_MGR=1
|
||||
${LLVM_DEFINITIONS}
|
||||
)
|
||||
|
||||
target_include_directories(aotclib PUBLIC
|
||||
${IWASM_DIR}/include
|
||||
${SHARED_DIR}/include
|
||||
)
|
||||
|
||||
target_link_directories(aotclib PUBLIC ${LLVM_LIBRARY_DIR})
|
||||
|
||||
target_link_libraries(aotclib
|
||||
PUBLIC
|
||||
LLVMDemangle
|
||||
LLVMSupport
|
||||
LLVMTableGen
|
||||
LLVMTableGenGlobalISel
|
||||
LLVMCore
|
||||
LLVMFuzzerCLI
|
||||
LLVMFuzzMutate
|
||||
LLVMFileCheck
|
||||
LLVMInterfaceStub
|
||||
LLVMIRReader
|
||||
LLVMCodeGen
|
||||
LLVMSelectionDAG
|
||||
LLVMAsmPrinter
|
||||
LLVMMIRParser
|
||||
LLVMGlobalISel
|
||||
LLVMBinaryFormat
|
||||
LLVMBitReader
|
||||
LLVMBitWriter
|
||||
LLVMBitstreamReader
|
||||
LLVMDWARFLinker
|
||||
LLVMExtensions
|
||||
LLVMFrontendOpenACC
|
||||
LLVMFrontendOpenMP
|
||||
LLVMTransformUtils
|
||||
LLVMInstrumentation
|
||||
LLVMAggressiveInstCombine
|
||||
LLVMInstCombine
|
||||
LLVMScalarOpts
|
||||
LLVMipo
|
||||
LLVMVectorize
|
||||
LLVMObjCARCOpts
|
||||
LLVMCoroutines
|
||||
LLVMCFGuard
|
||||
LLVMLinker
|
||||
LLVMAnalysis
|
||||
LLVMLTO
|
||||
LLVMMC
|
||||
LLVMMCParser
|
||||
LLVMMCDisassembler
|
||||
LLVMMCA
|
||||
LLVMObjCopy
|
||||
LLVMObject
|
||||
LLVMObjectYAML
|
||||
LLVMOption
|
||||
LLVMRemarks
|
||||
LLVMDebuginfod
|
||||
LLVMDebugInfoDWARF
|
||||
LLVMDebugInfoGSYM
|
||||
LLVMDebugInfoMSF
|
||||
LLVMDebugInfoCodeView
|
||||
LLVMDebugInfoPDB
|
||||
LLVMSymbolize
|
||||
LLVMDWP
|
||||
LLVMExecutionEngine
|
||||
LLVMInterpreter
|
||||
LLVMJITLink
|
||||
LLVMMCJIT
|
||||
LLVMOrcJIT
|
||||
LLVMOrcShared
|
||||
LLVMOrcTargetProcess
|
||||
LLVMRuntimeDyld
|
||||
LLVMTarget
|
||||
LLVMX86CodeGen
|
||||
LLVMX86AsmParser
|
||||
LLVMX86Disassembler
|
||||
LLVMX86TargetMCA
|
||||
LLVMX86Desc
|
||||
LLVMX86Info
|
||||
LLVMAsmParser
|
||||
LLVMLineEditor
|
||||
LLVMProfileData
|
||||
LLVMCoverage
|
||||
LLVMPasses
|
||||
LLVMTextAPI
|
||||
LLVMDlltoolDriver
|
||||
LLVMLibDriver
|
||||
LLVMXRay
|
||||
LLVMWindowsDriver
|
||||
LLVMWindowsManifest
|
||||
)
|
||||
|
||||
if(NOT IN_OSS_FUZZ)
|
||||
message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment")
|
||||
target_compile_options(aotclib PUBLIC
|
||||
-fprofile-instr-generate -fcoverage-mapping
|
||||
-fno-sanitize-recover=all
|
||||
-fsanitize=address,undefined
|
||||
-fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
|
||||
-fno-sanitize=alignment
|
||||
)
|
||||
target_link_options(aotclib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
|
||||
endif()
|
||||
|
||||
add_executable(aot_compiler_fuzz aot_compiler_fuzz.cc)
|
||||
target_link_libraries(aot_compiler_fuzz PRIVATE stdc++ aotclib)
|
||||
@ -0,0 +1,85 @@
|
||||
// Copyright (C) 2025 Intel Corporation. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <iostream>
|
||||
#include <vector>
|
||||
|
||||
#include "aot_export.h"
|
||||
#include "wasm_export.h"
|
||||
#include "bh_read_file.h"
|
||||
|
||||
static void
|
||||
handle_aot_recent_error(const char *tag)
|
||||
{
|
||||
const char *error = aot_get_last_error();
|
||||
if (strlen(error) == 0) {
|
||||
error = "UNKNOWN ERROR";
|
||||
}
|
||||
|
||||
std::cout << tag << " " << error << std::endl;
|
||||
}
|
||||
|
||||
extern "C" int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
{
|
||||
wasm_module_t module = NULL;
|
||||
char error_buf[128] = { 0 };
|
||||
AOTCompOption option = { 0 };
|
||||
aot_comp_data_t comp_data = NULL;
|
||||
aot_comp_context_t comp_ctx = NULL;
|
||||
|
||||
/* libfuzzer don't allow to modify the given Data, so make a copy here */
|
||||
std::vector<uint8_t> myData(Data, Data + Size);
|
||||
|
||||
wasm_runtime_init();
|
||||
|
||||
module = wasm_runtime_load((uint8_t *)myData.data(), Size, error_buf, 120);
|
||||
if (!module) {
|
||||
std::cout << "[LOADING] " << error_buf << std::endl;
|
||||
goto DESTROY_RUNTIME;
|
||||
}
|
||||
|
||||
// TODO: target_arch and other fields
|
||||
option.target_arch = "x86_64";
|
||||
option.target_abi = "gnu";
|
||||
option.enable_bulk_memory = true;
|
||||
option.enable_thread_mgr = true;
|
||||
option.enable_tail_call = true;
|
||||
option.enable_simd = true;
|
||||
option.enable_ref_types = true;
|
||||
option.enable_gc = true;
|
||||
|
||||
comp_data =
|
||||
aot_create_comp_data(module, option.target_arch, option.enable_gc);
|
||||
if (!comp_data) {
|
||||
handle_aot_recent_error("[CREATING comp_data]");
|
||||
goto UNLOAD_MODULE;
|
||||
}
|
||||
|
||||
comp_ctx = aot_create_comp_context(comp_data, &option);
|
||||
if (!comp_ctx) {
|
||||
handle_aot_recent_error("[CREATING comp_context]");
|
||||
goto DESTROY_COMP_DATA;
|
||||
}
|
||||
|
||||
if (!aot_compile_wasm(comp_ctx)) {
|
||||
handle_aot_recent_error("[COMPILING]");
|
||||
goto DESTROY_COMP_CTX;
|
||||
}
|
||||
|
||||
DESTROY_COMP_CTX:
|
||||
aot_destroy_comp_context(comp_ctx);
|
||||
DESTROY_COMP_DATA:
|
||||
aot_destroy_comp_data(comp_data);
|
||||
UNLOAD_MODULE:
|
||||
wasm_runtime_unload(module);
|
||||
DESTROY_RUNTIME:
|
||||
wasm_runtime_destroy();
|
||||
|
||||
/* Values other than 0 and -1 are reserved for future use. */
|
||||
return 0;
|
||||
}
|
||||
Reference in New Issue
Block a user