Add wasm-mutator-fuzz test (#3420)

Author: yzha107

tests/fuzz/wasm-mutator-fuzz/.env

@@ -0,0 +1,3 @@
+portal_port=9999
+server_port=16667
+proxy=""

tests/fuzz/wasm-mutator-fuzz/.gitignore

@@ -0,0 +1,3 @@
+build/
+workspace/build_*
+error_restart_build_*

tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt

@@ -0,0 +1,138 @@
+# Copyright (C) 2019 Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+cmake_minimum_required (VERSION 2.8)
+
+project(wasm_mutator)
+
+add_definitions(-DUNIT_TEST)
+
+set (CMAKE_BUILD_TYPE Debug)
+
+set (CMAKE_C_COMPILER "clang")
+set (CMAKE_CXX_COMPILER "clang++")
+
+set (WAMR_BUILD_PLATFORM "linux")
+
+# Reset default linker flags
+set (CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+set (CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS "")
+
+set (CMAKE_C_STANDARD 99)
+
+# Set WAMR_BUILD_TARGET, currently values supported:
+# "X86_64", "AMD_64", "X86_32", "AARCH64[sub]", "ARM[sub]", "THUMB[sub]",
+# "MIPS", "XTENSA", "RISCV64[sub]", "RISCV32[sub]"
+if (NOT DEFINED WAMR_BUILD_TARGET)
+  if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm64|aarch64)")
+    set (WAMR_BUILD_TARGET "AARCH64")
+  elseif (CMAKE_SYSTEM_PROCESSOR STREQUAL "riscv64")
+    set (WAMR_BUILD_TARGET "RISCV64")
+  elseif (CMAKE_SIZEOF_VOID_P EQUAL 8)
+    # Build as X86_64 by default in 64-bit platform
+    set (WAMR_BUILD_TARGET "X86_64")
+  elseif (CMAKE_SIZEOF_VOID_P EQUAL 4)
+    # Build as X86_32 by default in 32-bit platform
+    set (WAMR_BUILD_TARGET "X86_32")
+  else ()
+    message(SEND_ERROR "Unsupported build target platform!")
+  endif ()
+endif ()
+
+if(CUSTOM_MUTATOR EQUAL 1)
+  add_compile_definitions(CUSTOM_MUTATOR)
+endif()
+
+if (NOT CMAKE_BUILD_TYPE)
+  set(CMAKE_BUILD_TYPE Release)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_INTERP)
+  # Enable Interpreter by default
+  set (WAMR_BUILD_INTERP 1)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_AOT)
+  # Enable AOT by default.
+  set (WAMR_BUILD_AOT 1)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_JIT)
+  # Disable JIT by default.
+  set (WAMR_BUILD_JIT 0)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_LIBC_BUILTIN)
+  # Enable libc builtin support by default
+  set (WAMR_BUILD_LIBC_BUILTIN 1)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_LIBC_WASI)
+  # Enable libc wasi support by default
+  set (WAMR_BUILD_LIBC_WASI 1)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_FAST_INTERP)
+  # Enable fast interpreter
+  set (WAMR_BUILD_FAST_INTERP 1)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_MULTI_MODULE)
+  # Enable multiple modules
+  set (WAMR_BUILD_MULTI_MODULE 0)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_LIB_PTHREAD)
+  # Disable pthread library by default
+  set (WAMR_BUILD_LIB_PTHREAD 0)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_MINI_LOADER)
+  # Disable wasm mini loader by default
+  set (WAMR_BUILD_MINI_LOADER 0)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_SIMD)
+  # Enable SIMD by default
+  set (WAMR_BUILD_SIMD 1)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_REF_TYPES)
+  # Disable reference types by default
+  set (WAMR_BUILD_REF_TYPES 0)
+endif ()
+
+if (NOT DEFINED WAMR_BUILD_DEBUG_INTERP)
+  # Disable Debug feature by default
+  set (WAMR_BUILD_DEBUG_INTERP 0)
+endif ()
+
+if (WAMR_BUILD_DEBUG_INTERP EQUAL 1)
+  set (WAMR_BUILD_FAST_INTERP 0)
+  set (WAMR_BUILD_MINI_LOADER 0)
+  set (WAMR_BUILD_SIMD 0)
+endif ()
+
+set (REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..)
+message([ceith]:REPO_ROOT_DIR, ${REPO_ROOT_DIR})
+
+set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
+
+add_definitions(-DWAMR_USE_MEM_POOL=0)
+set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -fsanitize=signed-integer-overflow  \
+                    -fprofile-instr-generate -fcoverage-mapping \
+                    -fsanitize=address,undefined,fuzzer")
+set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -fsanitize=signed-integer-overflow  \
+                    -fprofile-instr-generate -fcoverage-mapping \
+                    -fsanitize=address,undefined,fuzzer")
+                    
+include(${REPO_ROOT_DIR}/core/shared/utils/uncommon/shared_uncommon.cmake)
+include(${REPO_ROOT_DIR}/build-scripts/runtime_lib.cmake)
+
+add_library(vmlib
+    ${WAMR_RUNTIME_LIB_SOURCE}
+)
+
+add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc)
+target_link_libraries(wasm_mutator_fuzz vmlib -lm)

tests/fuzz/wasm-mutator-fuzz/README.md

@@ -0,0 +1,73 @@
+# WAMR fuzz test framework
+
+## install wasm-tools
+
+```bash
+1.git clone https://github.com/bytecodealliance/wasm-tools
+$ cd wasm-tools
+2.This project can be installed and compiled from source with this Cargo command:
+$ cargo install wasm-tools
+3.Installation can be confirmed with:
+$ wasm-tools --version
+4.Subcommands can be explored with:
+$ wasm-tools help
+```
+
+## Build
+
+```bash
+mkdir build && cd build
+# Without custom mutator (libfuzzer modify the buffer randomly)
+cmake ..
+# With custom mutator (wasm-tools mutate)
+cmake .. -DCUSTOM_MUTATOR=1
+make -j$(nproc)
+```
+
+## Manually generate wasm file in build
+
+```bash
+# wasm-tools smith generate some valid wasm file
+# The generated wasm file is in corpus_dir under build
+# N - Number of files to be generated
+./smith_wasm.sh N 
+
+# running
+``` bash
+cd build
+./wasm-mutate-fuzz CORPUS_DIR
+ 
+```
+
+## Fuzzing Server
+
+```shell
+1. Installation Dependent Environment
+$ cd server
+$ pip install -r requirements.txt
+
+2. Database Migration
+$ python3 app/manager.py db init
+$ python3 app/manager.py db migrate  
+$ python3 app/manager.py db upgrade  
+
+3. Change localhost to your machine's IP address
+$ cd ../portal 
+$ vim .env   # Change localhost to your machine's IP address  # http://<ip>:16667
+
+4. Run Server and Portal
+$ cd ..   # Switch to the original directory
+If you want to customize the front-end deployment port:  # defaut 9999
+    $ vim .env # Please change the portal_port to the port you want to use 
+
+The server is deployed on port 16667 by default, If you want to change the server deployment port:
+    $ vim .env # Please change the server_port to the port you want to use 
+    $ vim portal/.env # Please change the VITE_SERVER_URL to the port you want to use  # http://ip:<port>
+
+
+If your network needs to set up a proxy
+    $ vim .env # Change proxy to your proxy address
+
+$ docker-compose up --build -d
+Wait for completion, Access the port set by env
+```

tests/fuzz/wasm-mutator-fuzz/docker-compose.yml

@@ -0,0 +1,29 @@
+# yaml configuration
+services:
+  web:
+    platform: linux/amd64
+    container_name: fuzz_web
+    build:
+      context: ./portal
+      dockerfile: Dockerfile
+      args:
+        - proxy=${proxy}
+    volumes:
+      - "./portal:/portal"
+    ports:
+      - "${portal_port}:80"
+  server:
+    build:
+      context: ../../..
+      dockerfile: ./tests/fuzz/wasm-mutator-fuzz/server/Dockerfile
+      args:
+        - proxy=${proxy}
+    ports:
+      - "${server_port}:16667"
+    container_name: fuzz_server
+    volumes:
+      - "./server/app/data.db:/wamr-test/tests/fuzz/wasm-mutator-fuzz/server/app/data.db"
+      - "./workspace:/wamr-test/tests/fuzz/wasm-mutator-fuzz/workspace"
+    environment:
+      - "TZ=Asia/Shanghai"
+    restart: on-failure

tests/fuzz/wasm-mutator-fuzz/portal/.env

@@ -0,0 +1 @@
+VITE_SERVER_URL=http://localhost:16667

tests/fuzz/wasm-mutator-fuzz/portal/.gitignore

@@ -0,0 +1,24 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

tests/fuzz/wasm-mutator-fuzz/portal/Dockerfile

@@ -0,0 +1,24 @@
+FROM node:16 as builder
+
+WORKDIR /portal
+COPY . .
+
+ARG proxy=""
+
+RUN if [ "$proxy" != "" ]; \
+    then npm config set proxy "$proxy" && npm config set https-proxy "$proxy"; \
+    else echo Do not set proxy; \
+    fi
+RUN npm install && chmod +x node_modules/.bin/tsc \
+    && chmod +x node_modules/.bin/vite \
+    && npm run build
+
+FROM nginx:alpine
+WORKDIR /portal
+COPY --from=builder /portal/dist/ /usr/share/nginx/html/
+RUN rm /etc/nginx/conf.d/default.conf
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY default.conf.template /etc/nginx/conf.d
+
+# hadolint ignore=DL3025
+CMD /bin/sh -c "envsubst '80' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf" && nginx -g 'daemon off;'

tests/fuzz/wasm-mutator-fuzz/portal/default.conf.template

@@ -0,0 +1,53 @@
+server {
+
+  listen 80 default_server;
+
+  location ^~ / {
+    root   /usr/share/nginx/html;
+    index  index.html index.htm;
+    try_files $uri $uri/ /index.html;
+  }
+
+  location @router {
+    rewrite ^.*$ /index.html last; # important!
+  }
+
+
+  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
+
+    root   /usr/share/nginx/html;
+
+    if ($request_uri ~* .*[.](manifest|appcache|xml|json)$) {
+      add_header Cache-Control "public, max-age=2592000";
+    }
+
+    if ($request_filename ~* ^.*[.](html|htm)$) {
+      add_header Cache-Control "public, no-cache";
+    }
+
+    expires -1;
+  }
+
+  location ~* \.(?:js|css|map|jpg|png|svg|ico)$ {
+    root   /usr/share/nginx/html;
+    try_files $uri =404;
+
+    expires 1y;
+    access_log off;
+
+    add_header Cache-Control "public";
+  }
+
+  location ~ ^.+\..+$ {
+    root   /usr/share/nginx/html;
+    try_files $uri =404;
+
+    include /etc/nginx/mime.types;
+  }
+
+  error_page 500 502 503 504 /50x.html;
+
+  location = /50x.html {
+    root  /usr/share/nginx/html;
+  }
+}

tests/fuzz/wasm-mutator-fuzz/portal/index.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>WAMR fuzzing test system</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>