WASMaker
WASMaker, a novel differential testing framework that can generate complicated Wasm test cases by disassembling and assembling real-world Wasm binaries, which can trigger hidden inconsistencies among Wasm runtimes.
Install / Use
/learn @security-pride/WASMakerREADME
WASMaker
WASMaker, a novel differential testing framework that can generate complicated Wasm test cases by disassembling and assembling real-world Wasm binaries, which can trigger hidden inconsistencies among Wasm runtimes.
Getting Started
In order to generate and store AST, you need to first install MongoDB and get Wasm binaries from WasmBench.
The script corpus_preprocess.py parses WasmBench binaries and stores ASTs in MongoDB. For convenience, I have pre-imported the ASTs generated from parsing WasmBench into the Docker container. And the fuzz.py will generate Wasm binaries and feed them to each Wasm runtime for fuzzing.
Finally, the output of the runtime is stored in runtime_outputs.txt.
- set environment
WASMaker should run well on a server with Ubuntu 22.04. Please download Docker first.
sudo docker build -t wasmaker .
sudo docker run -it wasmaker # run a docker container
- Start fuzzing the Wasm runtimes(Wasmtime,Wasmer,WAMR,WasmEdge)
# in the docker container
cd home/ubuntu/WASMaker/
python3 fuzz.py
The outputs of the runtimes are stored in runtime_outputs.txt, and the generated binaries are stored in /home/ubuntu/binaries.
The outputs are formatted as follows:
==================================================
../binaries/file1.wasm
-----------------wasmtime-----------------
warning: using `--invoke` with a function that returns values is experimental and may break in the future
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
-----------------wasmer-----------------
timeout 5s
-----------------wamr-----------------
fast jit compilation failed: Error: unsupported opcode
failed to compile fast jit function 0
fast jit compilation failed: Error: unsupported opcode
Exception: failed to compile fast jit function
-----------------wasmedge-----------------
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
29419985997212769685300370766333065493
Detailed Description
Confirmed Issues
The all binaries of the confirmed issues are stored in home/ubuntu/binaries/confirmed binaries/.
