1 //! Define the interface for differential evaluation of Wasm functions. 2 3 use crate::generators::{CompilerStrategy, Config, DiffValue, DiffValueType}; 4 use crate::oracles::{diff_wasmi::WasmiEngine, diff_wasmtime::WasmtimeEngine}; 5 use anyhow::Error; 6 use arbitrary::Unstructured; 7 use wasmtime::Trap; 8 9 /// Returns a function which can be used to build the engine name specified. 10 /// 11 /// `None` is returned if the named engine does not have support compiled into 12 /// this crate. 13 pub fn build( 14 u: &mut Unstructured<'_>, 15 name: &str, 16 config: &mut Config, 17 ) -> arbitrary::Result<Option<Box<dyn DiffEngine>>> { 18 let engine: Box<dyn DiffEngine> = match name { 19 "wasmtime" => Box::new(WasmtimeEngine::new(u, config, CompilerStrategy::Cranelift)?), 20 "wasmi" => Box::new(WasmiEngine::new(config)), 21 22 #[cfg(target_arch = "x86_64")] 23 "winch" => Box::new(WasmtimeEngine::new(u, config, CompilerStrategy::Winch)?), 24 #[cfg(not(target_arch = "x86_64"))] 25 "winch" => return Ok(None), 26 27 #[cfg(feature = "fuzz-spec-interpreter")] 28 "spec" => Box::new(crate::oracles::diff_spec::SpecInterpreter::new(config)), 29 #[cfg(not(feature = "fuzz-spec-interpreter"))] 30 "spec" => return Ok(None), 31 32 #[cfg(not(any(windows, target_arch = "s390x", target_arch = "riscv64")))] 33 "v8" => Box::new(crate::oracles::diff_v8::V8Engine::new(config)), 34 #[cfg(any(windows, target_arch = "s390x", target_arch = "riscv64"))] 35 "v8" => return Ok(None), 36 37 _ => panic!("unknown engine {name}"), 38 }; 39 40 Ok(Some(engine)) 41 } 42 43 /// Provide a way to instantiate Wasm modules. 44 pub trait DiffEngine { 45 /// Return the name of the engine. 46 fn name(&self) -> &'static str; 47 48 /// Create a new instance with the given engine. 49 fn instantiate(&mut self, wasm: &[u8]) -> anyhow::Result<Box<dyn DiffInstance>>; 50 51 /// Tests that the wasmtime-originating `trap` matches the error this engine 52 /// generated. 53 fn assert_error_match(&self, trap: &Trap, err: &Error); 54 55 /// Returns whether the error specified from this engine might be stack 56 /// overflow. 57 fn is_stack_overflow(&self, err: &Error) -> bool; 58 } 59 60 /// Provide a way to evaluate Wasm functions--a Wasm instance implemented by a 61 /// specific engine (i.e., compiler or interpreter). 62 pub trait DiffInstance { 63 /// Return the name of the engine behind this instance. 64 fn name(&self) -> &'static str; 65 66 /// Evaluate an exported function with the given values. 67 /// 68 /// Any error, such as a trap, should be returned through an `Err`. If this 69 /// engine cannot invoke the function signature then `None` should be 70 /// returned and this invocation will be skipped. 71 fn evaluate( 72 &mut self, 73 function_name: &str, 74 arguments: &[DiffValue], 75 results: &[DiffValueType], 76 ) -> anyhow::Result<Option<Vec<DiffValue>>>; 77 78 /// Attempts to return the value of the specified global, returning `None` 79 /// if this engine doesn't support retrieving globals at this time. 80 fn get_global(&mut self, name: &str, ty: DiffValueType) -> Option<DiffValue>; 81 82 /// Same as `get_global` but for memory. 83 fn get_memory(&mut self, name: &str, shared: bool) -> Option<Vec<u8>>; 84 } 85 86 /// Initialize any global state associated with runtimes that may be 87 /// differentially executed against. 88 pub fn setup_engine_runtimes() { 89 #[cfg(feature = "fuzz-spec-interpreter")] 90 crate::oracles::diff_spec::setup_ocaml_runtime(); 91 } 92 93 /// Build a list of allowed values from the given `defaults` using the 94 /// `env_list`. 95 /// 96 /// The entries in `defaults` are preserved, in order, and are replaced with 97 /// `None` in the returned list if they are disabled. 98 /// 99 /// ``` 100 /// # use wasmtime_fuzzing::oracles::engine::build_allowed_env_list; 101 /// // Passing no `env_list` returns the defaults: 102 /// assert_eq!(build_allowed_env_list(None, &["a"]), vec![Some("a")]); 103 /// // We can build up a subset of the defaults: 104 /// assert_eq!(build_allowed_env_list(Some(vec!["b".to_string()]), &["a","b"]), vec![None, Some("b")]); 105 /// // Alternately we can subtract from the defaults: 106 /// assert_eq!(build_allowed_env_list(Some(vec!["-a".to_string()]), &["a","b"]), vec![None, Some("b")]); 107 /// ``` 108 /// ```should_panic 109 /// # use wasmtime_fuzzing::oracles::engine::build_allowed_env_list; 110 /// // We are not allowed to mix set "addition" and "subtraction"; the following 111 /// // will panic: 112 /// build_allowed_env_list(Some(vec!["-a".to_string(), "b".to_string()]), &["a", "b"]); 113 /// ``` 114 /// ```should_panic 115 /// # use wasmtime_fuzzing::oracles::engine::build_allowed_env_list; 116 /// // This will also panic if invalid values are used: 117 /// build_allowed_env_list(Some(vec!["c".to_string()]), &["a", "b"]); 118 /// ``` 119 pub fn build_allowed_env_list<'a>( 120 env_list: Option<Vec<String>>, 121 defaults: &[&'a str], 122 ) -> Vec<Option<&'a str>> { 123 if let Some(configured) = &env_list { 124 // Check that the names are either all additions or all subtractions. 125 let subtract_from_defaults = configured.iter().all(|c| c.starts_with("-")); 126 let add_from_defaults = configured.iter().all(|c| !c.starts_with("-")); 127 let start = if subtract_from_defaults { 1 } else { 0 }; 128 if !subtract_from_defaults && !add_from_defaults { 129 panic!( 130 "all configured values must either subtract or add from defaults; found mixed values: {:?}", 131 &env_list 132 ); 133 } 134 135 // Check that the configured names are valid ones. 136 for c in configured { 137 if !defaults.contains(&&c[start..]) { 138 panic!("invalid environment configuration `{c}`; must be one of: {defaults:?}"); 139 } 140 } 141 142 // Select only the allowed names. 143 let mut allowed = Vec::with_capacity(defaults.len()); 144 for &d in defaults { 145 let mentioned = configured.iter().any(|c| &c[start..] == d); 146 if (add_from_defaults && mentioned) || (subtract_from_defaults && !mentioned) { 147 allowed.push(Some(d)); 148 } else { 149 allowed.push(None); 150 } 151 } 152 allowed 153 } else { 154 defaults.iter().copied().map(Some).collect() 155 } 156 } 157 158 /// Retrieve a comma-delimited list of values from an environment variable. 159 pub fn parse_env_list(env_variable: &str) -> Option<Vec<String>> { 160 std::env::var(env_variable) 161 .ok() 162 .map(|l| l.split(",").map(|s| s.to_owned()).collect()) 163 } 164 165 /// Smoke test an engine with a given config. 166 #[cfg(test)] 167 pub fn smoke_test_engine<T>( 168 mk_engine: impl Fn(&mut arbitrary::Unstructured<'_>, &mut Config) -> arbitrary::Result<T>, 169 ) where 170 T: DiffEngine, 171 { 172 use rand::prelude::*; 173 174 let mut rng = SmallRng::seed_from_u64(0); 175 let mut buf = vec![0; 2048]; 176 let n = 100; 177 for _ in 0..n { 178 rng.fill_bytes(&mut buf); 179 let mut u = Unstructured::new(&buf); 180 let mut config = match u.arbitrary::<Config>() { 181 Ok(config) => config, 182 Err(_) => continue, 183 }; 184 // This will ensure that wasmtime, which uses this configuration 185 // settings, can guaranteed instantiate a module. 186 config.set_differential_config(); 187 188 let mut engine = match mk_engine(&mut u, &mut config) { 189 Ok(engine) => engine, 190 Err(e) => { 191 println!("skip {e:?}"); 192 continue; 193 } 194 }; 195 196 let wasm = wat::parse_str( 197 r#" 198 (module 199 (func (export "add") (param i32 i32) (result i32) 200 local.get 0 201 local.get 1 202 i32.add) 203 204 (global (export "global") i32 i32.const 1) 205 (memory (export "memory") 1) 206 ) 207 "#, 208 ) 209 .unwrap(); 210 let mut instance = engine.instantiate(&wasm).unwrap(); 211 let results = instance 212 .evaluate( 213 "add", 214 &[DiffValue::I32(1), DiffValue::I32(2)], 215 &[DiffValueType::I32], 216 ) 217 .unwrap(); 218 assert_eq!(results, Some(vec![DiffValue::I32(3)])); 219 220 if let Some(val) = instance.get_global("global", DiffValueType::I32) { 221 assert_eq!(val, DiffValue::I32(1)); 222 } 223 224 if let Some(val) = instance.get_memory("memory", false) { 225 assert_eq!(val.len(), 65536); 226 for i in val.iter() { 227 assert_eq!(*i, 0); 228 } 229 } 230 231 return; 232 } 233 234 panic!("after {n} runs nothing ever ran, something is probably wrong"); 235 } 236