This document describes how to fuzz cranelift with cargo-fuzz. The fuzz targets use wasm-opt from binaryen-rs to generate valid WebAssembly modules from the fuzzed input supplied by cargo-fuzz (via libfuzzer). In this scheme coverage feedback from both cranelift and the wasm-opt input generation code is used to inform the fuzzer.
- Install all dependencies required to build
binaryen-rsandcargo-fuzz(includingcmake) - Use the rust nightly toolchain (required by
cargo-fuzz):rustup override set nightly - Execute the fuzz target:
cargo fuzz run fuzz_translate_module