feat(fuzz): add a new fuzzing target about aot compiler (#4121)

support llvm-jit running mode as another fuzzing target

build-scripts/version.cmake

@@ -3,7 +3,7 @@
 
 if(NOT WAMR_ROOT_DIR)
   # if from wamr-compiler
-  set(WAMR_ROOT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..)
+  set(WAMR_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/..)
 endif()
 
 set(WAMR_VERSION_MAJOR 2)

core/iwasm/compilation/aot_llvm.c

@@ -2520,7 +2520,8 @@ aot_compiler_init(void)
     LLVMInitializeCore(LLVMGetGlobalPassRegistry());
 #endif
 
-#if WASM_ENABLE_WAMR_COMPILER != 0
+/* fuzzing only use host targets for simple */
+#if WASM_ENABLE_WAMR_COMPILER != 0 && WASM_ENABLE_FUZZ_TEST == 0
     /* Init environment of all targets for AOT compiler */
     LLVMInitializeAllTargetInfos();
     LLVMInitializeAllTargets();

tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt

@@ -1,170 +1,101 @@
 # Copyright (C) 2019 Intel Corporation. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
-cmake_minimum_required (VERSION 3.14)
+cmake_minimum_required(VERSION 3.14)
 
-if (NOT DEFINED CMAKE_C_COMPILER)
-set (CMAKE_C_COMPILER "clang")
-endif ()
-if (NOT DEFINED CMAKE_CXX_COMPILER)
-set (CMAKE_CXX_COMPILER "clang++")
-endif ()
+project(wamr_fuzzing LANGUAGES ASM C CXX)
 
-project(wasm_mutator)
+include(CMakePrintHelpers)
 
-set (CMAKE_BUILD_TYPE Debug)
+# Ensure Clang is used as the compiler
+if(NOT CMAKE_C_COMPILER_ID STREQUAL "Clang"
+    OR NOT CMAKE_ASM_COMPILER_ID STREQUAL "Clang")
+  message(FATAL_ERROR "Please use Clang as the C compiler for libFuzzer compatibility.")
+endif()
+
+#
+# Global settings
+#
+set(CMAKE_BUILD_TYPE Debug)
+set(CMAKE_C_STANDARD 11)
+set(CMAKE_CXX_STANDARD 17)
 
-string (TOLOWER ${CMAKE_HOST_SYSTEM_NAME} WAMR_BUILD_PLATFORM)
+string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} WAMR_BUILD_PLATFORM)
 
 # Reset default linker flags
-set (CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
-set (CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS "")
-
-set (CMAKE_C_STANDARD 11)
-set (CMAKE_CXX_STANDARD 17)
-
-# Set WAMR_BUILD_TARGET, currently values supported:
-# "X86_64", "AMD_64", "X86_32", "AARCH64[sub]", "ARM[sub]", "THUMB[sub]",
-# "MIPS", "XTENSA", "RISCV64[sub]", "RISCV32[sub]"
-if (NOT DEFINED WAMR_BUILD_TARGET)
-  if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm64|aarch64)")
-    set (WAMR_BUILD_TARGET "AARCH64")
-  elseif (CMAKE_SYSTEM_PROCESSOR STREQUAL "riscv64")
-    set (WAMR_BUILD_TARGET "RISCV64")
-  elseif (CMAKE_SIZEOF_VOID_P EQUAL 8)
-    # Build as X86_64 by default in 64-bit platform
-    set (WAMR_BUILD_TARGET "X86_64")
-  elseif (CMAKE_SIZEOF_VOID_P EQUAL 4)
-    # Build as X86_32 by default in 32-bit platform
-    set (WAMR_BUILD_TARGET "X86_32")
-  else ()
+set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+set(CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS "")
+
+# Check if the compiler supports the sanitizer flags
+include(CheckCXXCompilerFlag)
+check_cxx_compiler_flag("-fsanitize=address"   HAS_ADDRESS_SANITIZER)
+check_cxx_compiler_flag("-fsanitize=memory"    HAS_MEMORY_SANITIZER)
+check_cxx_compiler_flag("-fsanitize=undefined" HAS_UNDEFINED_SANITIZER)
+
+# Determine WAMR_BUILD_TARGET based on system properties
+if(NOT DEFINED WAMR_BUILD_TARGET)
+  if(CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm64|aarch64)")
+    set(WAMR_BUILD_TARGET "AARCH64")
+  elseif(CMAKE_SYSTEM_PROCESSOR STREQUAL "riscv64")
+    set(WAMR_BUILD_TARGET "RISCV64")
+  elseif(CMAKE_SIZEOF_VOID_P EQUAL 8)
+    set(WAMR_BUILD_TARGET "X86_64")
+  elseif(CMAKE_SIZEOF_VOID_P EQUAL 4)
+    set(WAMR_BUILD_TARGET "X86_32")
+  else()
     message(SEND_ERROR "Unsupported build target platform!")
-  endif ()
-endif ()
+  endif()
+endif()
 
-if (APPLE)
+if(APPLE)
   add_definitions(-DBH_PLATFORM_DARWIN)
-endif ()
+endif()
+
+# Disable hardware bound check and enable AOT validator
+set(WAMR_DISABLE_HW_BOUND_CHECK 1)
+set(WAMR_BUILD_AOT_VALIDATOR 1)
+
+set(REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..)
+message(STATUS "REPO_ROOT_DIR: ${REPO_ROOT_DIR}")
+
+# Use LLVM_DIR from command line if defined
+# LLVM_DIR should be something like /path/to/llvm/build/lib/cmake/llvm
+if(DEFINED LLVM_DIR)
+  set(LLVM_DIR $ENV{LLVM_DIR})
+else()
+  set(LLVM_SRC_ROOT ${REPO_ROOT_DIR}/core/deps/llvm)
+  set(LLVM_BUILD_ROOT ${LLVM_SRC_ROOT}/build)
+  set(LLVM_DIR ${LLVM_BUILD_ROOT}/lib/cmake/llvm)
+endif()
 
-if(CUSTOM_MUTATOR EQUAL 1)
-  add_compile_definitions(CUSTOM_MUTATOR)
+# if LLVM_DIR is an existing directory, use it
+if(NOT EXISTS ${LLVM_DIR})
+  message(FATAL_ERROR "LLVM_DIR not found: ${LLVM_DIR}")
 endif()
 
-if (NOT DEFINED WAMR_BUILD_INTERP)
-  # Enable Interpreter by default
-  set (WAMR_BUILD_INTERP 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_AOT)
-  # Enable AOT by default.
-  set (WAMR_BUILD_AOT 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_JIT)
-  # Disable JIT by default.
-  set (WAMR_BUILD_JIT 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_LIBC_BUILTIN)
-  # Disable libc builtin support by default
-  set (WAMR_BUILD_LIBC_BUILTIN 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_LIBC_WASI)
-  # Enable libc wasi support by default
-  set (WAMR_BUILD_LIBC_WASI 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_FAST_INTERP)
-  # Enable fast interpreter
-  set (WAMR_BUILD_FAST_INTERP 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_MULTI_MODULE)
-  # Disable multiple modules
-  set (WAMR_BUILD_MULTI_MODULE 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_LIB_PTHREAD)
-  # Disable pthread library by default
-  set (WAMR_BUILD_LIB_PTHREAD 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_MINI_LOADER)
-  # Disable wasm mini loader by default
-  set (WAMR_BUILD_MINI_LOADER 0)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_SIMD)
-  # Enable SIMD by default
-  set (WAMR_BUILD_SIMD 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_REF_TYPES)
-  # Enable reference type by default
-  set (WAMR_BUILD_REF_TYPES 1)
-endif ()
-
-if (NOT DEFINED WAMR_BUILD_DEBUG_INTERP)
-  # Disable Debug feature by default
-  set (WAMR_BUILD_DEBUG_INTERP 0)
-endif ()
-
-if (WAMR_BUILD_DEBUG_INTERP EQUAL 1)
-  set (WAMR_BUILD_FAST_INTERP 0)
-  set (WAMR_BUILD_MINI_LOADER 0)
-  set (WAMR_BUILD_SIMD 0)
-endif ()
-
-# sanitizer may use kHandleSignalExclusive to handle SIGSEGV
-# like `UBSAN_OPTIONS=handle_segv=2:...`
-set (WAMR_DISABLE_HW_BOUND_CHECK 1)
-# Enable aot validator
-set (WAMR_BUILD_AOT_VALIDATOR 1)
-
-set (REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..)
-message([ceith]:REPO_ROOT_DIR, ${REPO_ROOT_DIR})
-
-set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
-set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
-
-add_definitions(-DWAMR_USE_MEM_POOL=0 -DWASM_ENABLE_FUZZ_TEST=1)
+find_package(LLVM REQUIRED CONFIG)
+
+message(STATUS "Found LLVM ${LLVM_PACKAGE_VERSION}")
+message(STATUS "Using LLVMConfig.cmake in: ${LLVM_DIR}")
+
+include_directories(${LLVM_INCLUDE_DIRS})
+separate_arguments(LLVM_DEFINITIONS_LIST NATIVE_COMMAND ${LLVM_DEFINITIONS})
+add_definitions(${LLVM_DEFINITIONS_LIST})
+
+set(SHARED_DIR ${REPO_ROOT_DIR}/core/shared)
+set(IWASM_DIR ${REPO_ROOT_DIR}/core/iwasm)
+
+# Global setting
+add_compile_options(-Wno-unused-command-line-argument)
 
 # Enable fuzzer
+add_definitions(-DWASM_ENABLE_FUZZ_TEST=1)
 add_compile_options(-fsanitize=fuzzer)
 add_link_options(-fsanitize=fuzzer)
 
-# if not calling from oss-fuzz helper, enable all support sanitizers
-# oss-fuzz will define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION in CFLAGS and CXXFLAGS
+# Enable sanitizers if not in oss-fuzz environment
 set(CFLAGS_ENV $ENV{CFLAGS})
 string(FIND "${CFLAGS_ENV}" "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" IN_OSS_FUZZ)
-if (IN_OSS_FUZZ EQUAL -1)
-  message("[ceith]:Enable ASan and UBSan in non-oss-fuzz environment")
-  add_compile_options(
-    -fprofile-instr-generate -fcoverage-mapping
-    -fno-sanitize-recover=all
-    -fsanitize=address,undefined
-    # reference: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
-    # -fsanitize=undefined: All of the checks listed above other than float-divide-by-zero,
-    #     unsigned-integer-overflow, implicit-conversion, local-bounds and
-    #     the nullability-* group of checks.
-    #
-    # for now, we disable below from UBSan
-    # -alignment
-    # -implicit-conversion
-    #
-    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
-    -fno-sanitize=alignment
-  )
-  add_link_options(-fsanitize=address -fprofile-instr-generate)
-endif ()
-
-include(${REPO_ROOT_DIR}/core/shared/utils/uncommon/shared_uncommon.cmake)
-include(${REPO_ROOT_DIR}/build-scripts/runtime_lib.cmake)
-
-add_library(vmlib
-    ${WAMR_RUNTIME_LIB_SOURCE}
-)
-
-add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc)
-target_link_libraries(wasm_mutator_fuzz vmlib -lm)
+
+add_subdirectory(aot-compiler)
+add_subdirectory(wasm-mutator)

tests/fuzz/wasm-mutator-fuzz/README.md

@@ -1,44 +1,53 @@
 # WAMR fuzz test framework
 
-## install wasm-tools
+## Install wasm-tools
+
+Download the release suitable for your specific platform from https://github.com/bytecodealliance/wasm-tools/releases/latest, unpack it, and add the executable wasm-tools to the `PATH`. Then, you should be able to verify that the installation was successful by using the following command:
 
 ```bash
-1.git clone https://github.com/bytecodealliance/wasm-tools
-$ cd wasm-tools
-2.This project can be installed and compiled from source with this Cargo command:
-$ cargo install wasm-tools
-3.Installation can be confirmed with:
 $ wasm-tools --version
-4.Subcommands can be explored with:
+# Or learn subcommands with
 $ wasm-tools help
 ```
 
+## Install clang Toolchain
+
+Refer to: https://apt.llvm.org/ and ensure that you have clang installed.
+
+```bash
+$ clang --version
+
+$ clang++ --version
+```
+
 ## Build
 
 ```bash
-mkdir build && cd build
 # Without custom mutator (libfuzzer modify the buffer randomly)
-cmake ..
-# TODO: TBC. `wasm-tools mutate` is not supported yet
-# With custom mutator (wasm-tools mutate)
-cmake .. -DCUSTOM_MUTATOR=1
-make -j$(nproc)
+$ cmake -S . -B build -DCMAKE_TOOLCHAIN_FILE=./clang_toolchain.cmake -DLLVM_DIR=<llvm_install_dir>/lib/cmake/llvm
+
+# TBC: if `wasm-tools mutate` is supported or not
+# Or With custom mutator (wasm-tools mutate)
+$ cmake -S . -B build -DCMAKE_TOOLCHAIN_FILE=./clang_toolchain.cmake -DLLVM_DIR=<llvm_install_dir>/lib/cmake/llvm -DCUSTOM_MUTATOR=1
+
+# Then
+$ cmake --build build
 ```
 
 ## Manually generate wasm file in build
 
-```bash
+````bash
 # wasm-tools smith generate some valid wasm file
 # The generated wasm file is in corpus_dir under build
 # N - Number of files to be generated
-./smith_wasm.sh N 
+$ ./smith_wasm.sh N
 
 # running
 ``` bash
-cd build
-./wasm-mutate-fuzz CORPUS_DIR
- 
-```
+$ ./build/wasm-mutator/wasm_mutator_fuzz ./build/CORPUS_DIR
+
+$ ./build/aot-compiler/aot_compiler_fuzz ./build/CORPUS_DIR
+````
 
 ## Fuzzing Server
 
@@ -49,20 +58,20 @@ $ pip install -r requirements.txt
 
 2. Database Migration
 $ python3 app/manager.py db init
-$ python3 app/manager.py db migrate  
-$ python3 app/manager.py db upgrade  
+$ python3 app/manager.py db migrate
+$ python3 app/manager.py db upgrade
 
 3. Change localhost to your machine's IP address
-$ cd ../portal 
+$ cd ../portal
 $ vim .env   # Change localhost to your machine's IP address  # http://<ip>:16667
 
 4. Run Server and Portal
 $ cd ..   # Switch to the original directory
 If you want to customize the front-end deployment port:  # defaut 9999
-    $ vim .env # Please change the portal_port to the port you want to use 
+    $ vim .env # Please change the portal_port to the port you want to use
 
 The server is deployed on port 16667 by default, If you want to change the server deployment port:
-    $ vim .env # Please change the server_port to the port you want to use 
+    $ vim .env # Please change the server_port to the port you want to use
     $ vim portal/.env # Please change the VITE_SERVER_URL to the port you want to use  # http://ip:<port>
 
 

tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt

@@ -0,0 +1,164 @@
+# Copyright (C) 2025 Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+# Set default build options with the ability to override from the command line
+if(NOT WAMR_BUILD_INTERP)
+  set(WAMR_BUILD_INTERP 1)
+endif()
+
+set(WAMR_BUILD_WAMR_COMPILER 1)
+set(WAMR_BUILD_AOT 1)
+set(WAMR_BUILD_INTERP 1)
+set(WAMR_BUILD_JIT 0)
+
+include(${SHARED_DIR}/platform/${WAMR_BUILD_PLATFORM}/shared_platform.cmake)
+include(${SHARED_DIR}/mem-alloc/mem_alloc.cmake)
+include(${SHARED_DIR}/utils/shared_utils.cmake)
+include(${SHARED_DIR}/utils/uncommon/shared_uncommon.cmake)
+include(${IWASM_DIR}/compilation/iwasm_compl.cmake)
+include(${IWASM_DIR}/libraries/thread-mgr/thread_mgr.cmake)
+include(${IWASM_DIR}/common/iwasm_common.cmake)
+include(${IWASM_DIR}/common/gc/iwasm_gc.cmake)
+include(${IWASM_DIR}/interpreter/iwasm_interp.cmake)
+include(${IWASM_DIR}/aot/iwasm_aot.cmake)
+include(${IWASM_DIR}/compilation/iwasm_compl.cmake)
+include(${REPO_ROOT_DIR}/build-scripts/version.cmake)
+
+add_library(aotclib
+  ${PLATFORM_SHARED_SOURCE}
+  ${MEM_ALLOC_SHARED_SOURCE}
+  ${UTILS_SHARED_SOURCE}
+  ${UNCOMMON_SHARED_SOURCE}
+  ${THREAD_MGR_SOURCE}
+  ${IWASM_COMMON_SOURCE}
+  ${IWASM_INTERP_SOURCE}
+  ${IWASM_AOT_SOURCE}
+  ${IWASM_GC_SOURCE}
+  ${IWASM_COMPL_SOURCE}
+)
+
+target_compile_definitions(aotclib
+  PUBLIC
+    -DWASM_ENABLE_WAMR_COMPILER=1
+    -DWASM_ENABLE_FAST_INTERP=0
+    -DWASM_ENABLE_INTERP=1
+    -DWASM_ENABLE_BULK_MEMORY=1
+    -DWASM_ENABLE_SHARED_MEMORY=1
+    -DWASM_ENABLE_TAIL_CALL=1
+    -DWASM_ENABLE_SIMD=1
+    -DWASM_ENABLE_REF_TYPES=1
+    -DWASM_ENABLE_MEMORY64=1
+    -DWASM_ENABLE_GC=1
+    -DWASM_ENABLE_CUSTOM_NAME_SECTION=1
+    -DWASM_ENABLE_AOT_STACK_FRAME=1
+    -DWASM_ENABLE_DUMP_CALL_STACK=1
+    -DWASM_ENABLE_PERF_PROFILING=1
+    -DWASM_ENABLE_LOAD_CUSTOM_SECTION=1
+    -DWASM_ENABLE_THREAD_MGR=1
+    ${LLVM_DEFINITIONS}
+)
+
+target_include_directories(aotclib PUBLIC
+  ${IWASM_DIR}/include
+  ${SHARED_DIR}/include
+)
+
+target_link_directories(aotclib PUBLIC ${LLVM_LIBRARY_DIR})
+
+target_link_libraries(aotclib
+  PUBLIC
+    LLVMDemangle
+    LLVMSupport
+    LLVMTableGen
+    LLVMTableGenGlobalISel
+    LLVMCore
+    LLVMFuzzerCLI
+    LLVMFuzzMutate
+    LLVMFileCheck
+    LLVMInterfaceStub
+    LLVMIRReader
+    LLVMCodeGen
+    LLVMSelectionDAG
+    LLVMAsmPrinter
+    LLVMMIRParser
+    LLVMGlobalISel
+    LLVMBinaryFormat
+    LLVMBitReader
+    LLVMBitWriter
+    LLVMBitstreamReader
+    LLVMDWARFLinker
+    LLVMExtensions
+    LLVMFrontendOpenACC
+    LLVMFrontendOpenMP
+    LLVMTransformUtils
+    LLVMInstrumentation
+    LLVMAggressiveInstCombine
+    LLVMInstCombine
+    LLVMScalarOpts
+    LLVMipo
+    LLVMVectorize
+    LLVMObjCARCOpts
+    LLVMCoroutines
+    LLVMCFGuard
+    LLVMLinker
+    LLVMAnalysis
+    LLVMLTO
+    LLVMMC
+    LLVMMCParser
+    LLVMMCDisassembler
+    LLVMMCA
+    LLVMObjCopy
+    LLVMObject
+    LLVMObjectYAML
+    LLVMOption
+    LLVMRemarks
+    LLVMDebuginfod
+    LLVMDebugInfoDWARF
+    LLVMDebugInfoGSYM
+    LLVMDebugInfoMSF
+    LLVMDebugInfoCodeView
+    LLVMDebugInfoPDB
+    LLVMSymbolize
+    LLVMDWP
+    LLVMExecutionEngine
+    LLVMInterpreter
+    LLVMJITLink
+    LLVMMCJIT
+    LLVMOrcJIT
+    LLVMOrcShared
+    LLVMOrcTargetProcess
+    LLVMRuntimeDyld
+    LLVMTarget
+    LLVMX86CodeGen
+    LLVMX86AsmParser
+    LLVMX86Disassembler
+    LLVMX86TargetMCA
+    LLVMX86Desc
+    LLVMX86Info
+    LLVMAsmParser
+    LLVMLineEditor
+    LLVMProfileData
+    LLVMCoverage
+    LLVMPasses
+    LLVMTextAPI
+    LLVMDlltoolDriver
+    LLVMLibDriver
+    LLVMXRay
+    LLVMWindowsDriver
+    LLVMWindowsManifest
+)
+
+if(NOT IN_OSS_FUZZ)
+  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment")
+  target_compile_options(aotclib PUBLIC 
+    -fprofile-instr-generate -fcoverage-mapping
+    -fno-sanitize-recover=all
+    -fsanitize=address,undefined
+    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
+    -fno-sanitize=alignment
+  )
+  target_link_options(aotclib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
+endif()
+
+add_executable(aot_compiler_fuzz aot_compiler_fuzz.cc)
+target_link_libraries(aot_compiler_fuzz PRIVATE stdc++ aotclib)

tests/fuzz/wasm-mutator-fuzz/aot-compiler/aot_compiler_fuzz.cc

@@ -0,0 +1,85 @@
+// Copyright (C) 2025 Intel Corporation. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <iostream>
+#include <vector>
+
+#include "aot_export.h"
+#include "wasm_export.h"
+#include "bh_read_file.h"
+
+static void
+handle_aot_recent_error(const char *tag)
+{
+    const char *error = aot_get_last_error();
+    if (strlen(error) == 0) {
+        error = "UNKNOWN ERROR";
+    }
+
+    std::cout << tag << " " << error << std::endl;
+}
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+    wasm_module_t module = NULL;
+    char error_buf[128] = { 0 };
+    AOTCompOption option = { 0 };
+    aot_comp_data_t comp_data = NULL;
+    aot_comp_context_t comp_ctx = NULL;
+
+    /* libfuzzer don't allow to modify the given Data, so make a copy here */
+    std::vector<uint8_t> myData(Data, Data + Size);
+
+    wasm_runtime_init();
+
+    module = wasm_runtime_load((uint8_t *)myData.data(), Size, error_buf, 120);
+    if (!module) {
+        std::cout << "[LOADING] " << error_buf << std::endl;
+        goto DESTROY_RUNTIME;
+    }
+
+    // TODO: target_arch and other fields
+    option.target_arch = "x86_64";
+    option.target_abi = "gnu";
+    option.enable_bulk_memory = true;
+    option.enable_thread_mgr = true;
+    option.enable_tail_call = true;
+    option.enable_simd = true;
+    option.enable_ref_types = true;
+    option.enable_gc = true;
+
+    comp_data =
+        aot_create_comp_data(module, option.target_arch, option.enable_gc);
+    if (!comp_data) {
+        handle_aot_recent_error("[CREATING comp_data]");
+        goto UNLOAD_MODULE;
+    }
+
+    comp_ctx = aot_create_comp_context(comp_data, &option);
+    if (!comp_ctx) {
+        handle_aot_recent_error("[CREATING comp_context]");
+        goto DESTROY_COMP_DATA;
+    }
+
+    if (!aot_compile_wasm(comp_ctx)) {
+        handle_aot_recent_error("[COMPILING]");
+        goto DESTROY_COMP_CTX;
+    }
+
+DESTROY_COMP_CTX:
+    aot_destroy_comp_context(comp_ctx);
+DESTROY_COMP_DATA:
+    aot_destroy_comp_data(comp_data);
+UNLOAD_MODULE:
+    wasm_runtime_unload(module);
+DESTROY_RUNTIME:
+    wasm_runtime_destroy();
+
+    /* Values other than 0 and -1 are reserved for future use. */
+    return 0;
+}

tests/fuzz/wasm-mutator-fuzz/clang_toolchain.cmake

@@ -0,0 +1,29 @@
+# Copyright (C) 2025 Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+# Check for Clang C compiler
+find_program(CLANG_C_COMPILER NAMES clang)
+if(NOT CLANG_C_COMPILER)
+    message(FATAL_ERROR "Clang C compiler not found. Please install Clang.")
+else()
+    message(STATUS "Clang C compiler found: ${CLANG_C_COMPILER}")
+    set(CMAKE_C_COMPILER ${CLANG_C_COMPILER})
+endif()
+
+# Check for Clang C++ compiler
+find_program(CLANG_CXX_COMPILER NAMES clang++)
+if(NOT CLANG_CXX_COMPILER)
+    message(FATAL_ERROR "Clang C++ compiler not found. Please install Clang.")
+else()
+    message(STATUS "Clang C++ compiler found: ${CLANG_CXX_COMPILER}")
+    set(CMAKE_CXX_COMPILER ${CLANG_CXX_COMPILER})
+endif()
+
+# Check for Clang assembler
+find_program(CLANG_ASM_COMPILER NAMES clang)
+if(NOT CLANG_ASM_COMPILER)
+    message(FATAL_ERROR "Clang assembler not found. Please install Clang.")
+else()
+    message(STATUS "Clang assembler found: ${CLANG_ASM_COMPILER}")
+    set(CMAKE_ASM_COMPILER ${CLANG_ASM_COMPILER})
+endif()

tests/fuzz/wasm-mutator-fuzz/wasm-mutator/CMakeLists.txt

@@ -0,0 +1,70 @@
+# Copyright (C) 2025 Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+if(CUSTOM_MUTATOR EQUAL 1)
+  add_compile_definitions(CUSTOM_MUTATOR)
+endif()
+
+# Set default build options with the ability to override from the command line
+if(NOT WAMR_BUILD_INTERP)
+  set(WAMR_BUILD_INTERP 1)
+endif()
+
+if(NOT WAMR_BUILD_AOT)
+  set(WAMR_BUILD_AOT 1)
+endif()
+
+if(NOT WAMR_BUILD_JIT)
+  set(WAMR_BUILD_JIT 0)
+endif()
+
+if(NOT WAMR_BUILD_LIBC_BUILTIN)
+  set(WAMR_BUILD_LIBC_BUILTIN 0)
+endif()
+
+if(NOT WAMR_BUILD_LIBC_WASI)
+  set(WAMR_BUILD_LIBC_WASI 1)
+endif()
+
+if(NOT WAMR_BUILD_FAST_INTERP)
+  set(WAMR_BUILD_FAST_INTERP 1)
+endif()
+
+if(NOT WAMR_BUILD_MULTI_MODULE)
+  set(WAMR_BUILD_MULTI_MODULE 0)
+endif()
+
+if(NOT WAMR_BUILD_LIB_PTHREAD)
+  set(WAMR_BUILD_LIB_PTHREAD 0)
+endif()
+
+if(NOT WAMR_BUILD_MINI_LOADER)
+  set(WAMR_BUILD_MINI_LOADER 0)
+endif()
+
+set(WAMR_BUILD_SIMD 1)
+set(WAMR_BUILD_REF_TYPES 1)
+set(WAMR_BUILD_GC 1)
+
+include(${REPO_ROOT_DIR}/build-scripts/runtime_lib.cmake)
+include(${REPO_ROOT_DIR}/core/shared/utils/uncommon/shared_uncommon.cmake)
+
+add_library(vmlib ${WAMR_RUNTIME_LIB_SOURCE})
+target_include_directories(vmlib PUBLIC ${RUNTIME_LIB_HEADER_LIST})
+target_link_directories(vmlib PUBLIC ${RUNTIME_LIB_LINK_LIST})
+target_link_libraries(vmlib PUBLIC ${LLVM_AVAILABLE_LIBS})
+
+add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc)
+target_link_libraries(wasm_mutator_fuzz PRIVATE vmlib m)
+
+if(NOT IN_OSS_FUZZ)
+  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment")
+  target_compile_options(vmlib PUBLIC
+    -fprofile-instr-generate -fcoverage-mapping
+    -fno-sanitize-recover=all
+    -fsanitize=address,undefined
+    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
+    -fno-sanitize=alignment
+  )
+  target_link_options(vmlib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
+endif()