https://github.com/kevin-valerio/bigwasm

bigwasm instruments WASM modules using host functions to escape sandboxing for coverage and fuzzing purposes (just a POC!)
https://github.com/kevin-valerio/bigwasm

blackbox coverage fuzzing wasm

Last synced: 6 days ago
JSON representation

bigwasm instruments WASM modules using host functions to escape sandboxing for coverage and fuzzing purposes (just a POC!)

• Host: GitHub
• URL: https://github.com/kevin-valerio/bigwasm
• Owner: kevin-valerio
• Created: 2025-02-23T19:29:37.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-02-27T16:22:13.000Z (over 1 year ago)
• Last Synced: 2025-09-01T14:42:47.406Z (10 months ago)
• Topics: blackbox, coverage, fuzzing, wasm
• Language: Rust
• Homepage:
• Size: 56.6 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# bigwasm

### Overview

**bigwasm** is a proof-of-concept tool for instrumenting WebAssembly blobs with runtime code coverage capabilities. It

targets hosts that implement a `seal0.debug_message` function with the signature `[I32, I32] -> [I32]`. 

The instrumentation is achieved by inserting a callback to `debug_message` after each control flow instruction, allowing the

host to capture coverage data outside the typical sandbox constraints. This works well on ink! contract, since the WASM host propose this function.

### Why should I pay attention to this PoC?

1. If you control the host functions **or** have a function that allows passing data.

2. If you need to collect coverage data from a WASM blob.

3. If you want to do blackbox WASM fuzzing.

### Usage

```bash

cargo run -- fixtures/dummy.wasm instrumented_dummy.wasm --offset 100000

```