no notes for fuzz-in/ directory

[djn3m0]

Hi,

Im interested to know more about 'fuzz-in' directory and how to use those content to fuzz webassembly, but the readme file doesnt have any information about them! Can you please explain how I can use those files and what is the idea of the fuzzer?

Thanks

[binji]

Wabt uses the fuzz-in directory via the afl-fuzzer builds. See more about AFL here: http://lcamtuf.coredump.cx/afl/.

It takes a bit of setup, but if you create a symbol link in the source directory called afl-fuzz and point it to AFL's bin dir (after compiling), you can build the wabt tools with fuzzing by running make gcc-fuzz-debug. Then you can use the scripts/fuzz-wasm2wast and scripts/fuzz-wast2wasm scripts to run the fuzzer.

You're right that it would be good to add documentation about this. :-)

[djn3m0]

So it is something to fuzz webassembly tools or the javascript engine that gonna load and parse them?

And you are right, I think it would be great to have more detailed documentation about it.

[binji]

Yes, this is just used to fuzz wabt's wast2wasm and wasm2wast tools. I don't know much about other WebAssembly implementations, but I assume most of them fuzz inputs as well. See, for example, v8's wasm fuzzer: https://chromium.googlesource.com/v8/v8/+/refs/heads/lkgr/test/fuzzer/wasm.cc