Test Suggestion: Add Fuzzing Tests

[Mossaka]

Fuzz testing is testing mechanism that involves providing pseudo-random data as input into the generators to find correctness issues. There are multiple Bytecode Alliance projects that heavily leverage fuzz testing to improve code quality and find security and correctness issues (e.g. wasmtime and wasm-tools). So far, there is no fuzz testing existing in this repo. Part of the reasons applying fuzz testing against wit-bindgen repo is to raise the bar for generator code quality across multiple languages.

The goal of this issue is to suggest a fuzz framework adding to this repo. It could be as simply as feeding generated valid WIT packages to each wit-bindgen generator and check if the generated code are buildable. As the wit-bindgen-go maintainer, I hope there is a continuous fuzzing running in the background and invokes TinyGo compiler to compile generated WIT bindings. It could go as difficult as making sure the generated code is "correct" - the compiled Wasm modules / components are correct to our expectations.

To get started, I propose to use wit-smith and libfuzzer-sys crate and cargo-fuzz tool for fuzz testing.

[alexcrichton]

I think this is a great idea myself. There's two main caveats I'd caution for anyone interested in picking up this work:

• Fuzzing throughput is likely to be relatively low since all validation of generated code currently goes through spawned processes (e.g. execute clang for C or rustc for Rust code)
• Fuzzing is likely to turn up a lot of little edge cases the current generators don't handle, so it'd be good to be prepared for some work on the generators themselves too