In this example, we will learn how to integrate wasmer to warf and fuzz the wasmer_runtime::validate method.
First, we need to:
- Open the file
warf/targets/Cargo.toml. - Add
wasmer-runtime = "0.16.2"todependenciessection.
Example:
[dependencies]
wasmer-runtime = "0.16.2"Secondly, we need to create our fuzzing function:
- Create a new file inside
warf/targets/src/(e.gwasmer.rs) - Create a new public function.
- You can add
extern crateinside the function but it's not always mandatory. - Call the targetted function and provide
datato it.
Example:
pub fn wasmer_validate(data: &[u8]) {
extern crate wasmer_runtime;
let _ = wasmer_runtime::validate(&data);
}Make this function public for fuzzers:
- Open the file
warf/targets/src/lib.rs. - add
modfollowed by the name of your previous file. - add a public function starting with the name
fuzz_followed by target name. - Inside this function, call the function you want to fuzz inside
wasmer.rs
Example:
mod wasmer;
pub fn fuzz_wasmer_validate(data: &[u8]) {
wasmer::wasmer_validate(data);
}-
Open
warf/src/targets.rs: -
add a new line into the
Targetsenum (e.gWasmerValidate) -
add the fuzzing function name (without the
fuzz_) insidefn name(&self)(e.gTargets::WasmerValidate => "wasmer_validate",) -
associate the name of the corpora folder to your targer (e.g
Targets::DiffInstantiate => "wasm") -
add your target to
fn templateandfn language. -
build
warfusingmake build.
Additionnaly, you can verify this new target is listed when using warf list subcommand.
$ ./warf list
parity_wasm_deserialize
[...]
wasmer_validateVerify that your target is working properly using the warf debug subcommand.
$ ./warf debug wasmer_validate
[...]
Finished dev [unoptimized + debuginfo] target(s) in 2.47s
$ ./workspace/debug/target/debug/debug_wasmer_validate ./workspace/corpora/wasm/fib.wasm
Start wasmer_validate debug
file_path: "./workspace/corpora/wasm/fib.wasm"
Everything is OK$ ./warf target wasmer_validate