WebAssembly Runtimes Fuzzing #9
Conversation
|
|
|
I just had one point of clarification, this is work that will go into Octopus right? So Octopus will be the tool to test all these wasm execution engines (we tend to call it that to not confuse it with the runtime term used in Polkadot/Substrate which is a wasm blob). I think this would be very valuable, particular for new development.
This would also be quite valuable for us in testing the polkadot runtime (the wasm blob) essentially running a given blob through all possible execution engines and ensuring the result is the same for all. |
|
This tool (WebAssembly Runtimes Fuzzing i.e WARF in short) will be focused on testing/fuzzing wasm execution VM implementation. Octopus is more focused on analysis of wasm module/blob. This project will be independent of Octopus even if personally I'm planning to use WARF inside octopus to dynamically detect security issues inside wasm module and make in-process fuzzing of wasm module using the CLI tool. Thx @folsen for the precision regarding polkadot runtime naming. |
|
Hi Patrick. Sorry for the late reply here. As I previously said, I think the tool sounds useful to me and the pricing seems fair. From looking at the milestone again, I have just one additional request. Could you add docker images, delivery reports (e.g. how to install, compile, run, and/or test the deliverable) as well as unit tests if appropriate to the milestones? Just to make it easier for us to test the deliveries ;-). Also which programming language are you planning to use (python)? |
|
Hi David, Regarding the programming language used in the project, I think mainly Rust for fuzzing development and Python for scripting. |
Grant Application Checklist