Skip to content
/ bigwasm Public

bigwasm instruments WASM modules using host functions to escape sandboxing for coverage and fuzzing purposes

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kevin-valerio/bigwasm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
fixtures
fixtures
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

bigwasm

Overview

bigwasm is a proof-of-concept tool for instrumenting WebAssembly blobs with runtime code coverage capabilities. It targets hosts that implement a seal0.debug_message function with the signature [I32, I32] -> [I32].

The instrumentation is achieved by inserting a callback to debug_message after each control flow instruction, allowing the host to capture coverage data outside the typical sandbox constraints. This works well on ink! contract, since the WASM host propose this function.

Why should I pay attention to this PoC?

  1. If you control the host functions or have a function that allows passing data.
  2. If you need to collect coverage data from a WASM blob.
  3. If you want to do blackbox WASM fuzzing.

Usage

cargo run -- fixtures/dummy.wasm instrumented_dummy.wasm --offset 100000

About

bigwasm instruments WASM modules using host functions to escape sandboxing for coverage and fuzzing purposes

Topics

coverage wasm fuzzing blackbox

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages