Fuzz with negative zero more often (#3133)

We did so earlier sometimes, as we would pick 0 and then tweak it with a negation. But that favored positive 0. This makes coverage symmetric.
author: Alon Zakai <azakai@google.com> 2020-09-21 17:23:03 -0700
committer: GitHub <noreply@github.com> 2020-09-21 17:23:03 -0700
commit: 4b3c35b34c62dc619b1c706e5562e90c089f2419 (patch)
tree: 904ccadc6e8b7a05a05a7ebba01a65b87eb7ff94
parent: 85e0e50e86797d63912742c1c2aac0332dd2cf40 (diff)
download: binaryen-4b3c35b34c62dc619b1c706e5562e90c089f2419.tar.gz
binaryen-4b3c35b34c62dc619b1c706e5562e90c089f2419.tar.bz2
binaryen-4b3c35b34c62dc619b1c706e5562e90c089f2419.zip
3 files changed, 51 insertions, 139 deletions
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h
index 7ef24bbac..cab33e3b5 100644
--- a/src/tools/fuzzing.h
+++ b/src/tools/fuzzing.h
@@ -1699,7 +1699,8 @@ private:
                                     std::numeric_limits<uint64_t>::max()));
             break;
           case Type::f32:
-            value = Literal(pick<float>(0,
+            value = Literal(pick<float>(0.0f,
+                                        -0.0f,
                                         std::numeric_limits<float>::min(),
                                         std::numeric_limits<float>::max(),
                                         std::numeric_limits<int32_t>::min(),
@@ -1710,7 +1711,8 @@ private:
                                         std::numeric_limits<uint64_t>::max()));
             break;
           case Type::f64:
-            value = Literal(pick<double>(0,
+            value = Literal(pick<double>(0.0,
+                                         -0.0,
                                          std::numeric_limits<float>::min(),
                                          std::numeric_limits<float>::max(),
                                          std::numeric_limits<double>::min(),
diff --git a/test/passes/fuzz_metrics_noprint.bin.txt b/test/passes/fuzz_metrics_noprint.bin.txt
index 874a4e82b..efa390f23 100644
--- a/test/passes/fuzz_metrics_noprint.bin.txt
+++ b/test/passes/fuzz_metrics_noprint.bin.txt
@@ -1,29 +1,30 @@
 total
  [events]       : 0       
- [exports]      : 35      
- [funcs]        : 57      
+ [exports]      : 69      
+ [funcs]        : 101     
  [globals]      : 7       
  [imports]      : 4       
  [memory-data]  : 4       
- [table-data]   : 30      
- [total]        : 2111    
- [vars]         : 153     
- binary         : 184     
- block          : 311     
- break          : 56      
- call           : 110     
- call_indirect  : 10      
- const          : 362     
- drop           : 29      
- global.get     : 187     
- global.set     : 80      
- if             : 114     
- load           : 46      
- local.get      : 153     
- local.set      : 112     
- loop           : 36      
- nop            : 46      
- return         : 105     
- select         : 13      
- store          : 11      
- unary          : 146     
+ [table-data]   : 39      
+ [total]        : 7276    
+ [vars]         : 287     
+ binary         : 555     
+ block          : 1075    
+ break          : 250     
+ call           : 433     
+ call_indirect  : 75      
+ const          : 1310    
+ drop           : 111     
+ global.get     : 606     
+ global.set     : 263     
+ if             : 415     
+ load           : 137     
+ local.get      : 465     
+ local.set      : 364     
+ loop           : 166     
+ nop            : 110     
+ return         : 300     
+ select         : 46      
+ store          : 61      
+ unary          : 531     
+ unreachable    : 3       
diff --git a/test/passes/translate-to-fuzz_all-features.txt b/test/passes/translate-to-fuzz_all-features.txt
index 50cc583ac..91c9dffe8 100644
--- a/test/passes/translate-to-fuzz_all-features.txt
+++ b/test/passes/translate-to-fuzz_all-features.txt
@@ -1,14 +1,12 @@
 (module
- (type $none_=>_funcref_anyref_f32_exnref (func (result funcref anyref f32 exnref)))
- (type $none_=>_none (func))
  (type $f32_=>_none (func (param f32)))
+ (type $none_=>_none (func))
  (type $i32_=>_none (func (param i32)))
  (type $i64_=>_none (func (param i64)))
  (type $f64_=>_none (func (param f64)))
  (type $v128_=>_none (func (param v128)))
  (type $exnref_=>_none (func (param exnref)))
  (type $none_=>_i32 (func (result i32)))
- (type $f32_i32_anyref_=>_i64 (func (param f32 i32 anyref) (result i64)))
  (import "fuzzing-support" "log-i32" (func $log-i32 (param i32)))
  (import "fuzzing-support" "log-i64" (func $log-i64 (param i64)))
  (import "fuzzing-support" "log-f32" (func $log-f32 (param f32)))
@@ -33,8 +31,6 @@
  (global $hangLimit (mut i32) (i32.const 10))
  (export "hashMemory" (func $hashMemory))
  (export "memory" (memory $0))
- (export "func_7" (func $func_7))
- (export "func_8_invoker" (func $func_8_invoker))
  (export "hangLimitInitializer" (func $hangLimitInitializer))
  (func $hashMemory (result i32)
   (local $0 i32)
@@ -363,125 +359,38 @@
     )
    )
    (call $log-v128
-    (loop $label$50 (result v128)
-     (block
-      (if
-       (i32.eqz
-        (global.get $hangLimit)
-       )
+    (if (result v128)
+     (local.tee $7
+      (block $label$23
+       (nop)
        (return)
       )
-      (global.set $hangLimit
-       (i32.sub
-        (global.get $hangLimit)
-        (i32.const 1)
-       )
-      )
      )
-     (block $label$51 (result v128)
-      (loop $label$52
-       (block
-        (if
-         (i32.eqz
-          (global.get $hangLimit)
-         )
-         (return)
-        )
-        (global.set $hangLimit
-         (i32.sub
-          (global.get $hangLimit)
-          (i32.const 1)
-         )
+     (loop $label$5
+      (block
+       (if
+        (i32.eqz
+         (global.get $hangLimit)
         )
+        (return)
        )
-       (block $label$53
-        (call $log-i32
-         (call $hashMemory)
+       (global.set $hangLimit
+        (i32.sub
+         (global.get $hangLimit)
+         (i32.const 1)
         )
        )
       )
-      (local.get $5)
-     )
-    )
-   )
-  )
- )
- (func $func_8 (param $0 f32) (param $1 i32) (param $2 anyref) (result i64)
-  (block
-   (if
-    (i32.eqz
-     (global.get $hangLimit)
-    )
-    (return
-     (i64.const -2147483647)
-    )
-   )
-   (global.set $hangLimit
-    (i32.sub
-     (global.get $hangLimit)
-     (i32.const 1)
-    )
-   )
-  )
-  (i64.const 6438275382591167256)
- )
- (func $func_8_invoker
-  (drop
-   (call $func_8
-    (f32.const -nan:0x7fffcb)
-    (i32.const -51)
-    (ref.null any)
-   )
-  )
- )
- (func $func_10 (result funcref anyref f32 exnref)
-  (local $0 f64)
-  (local $1 v128)
-  (local $2 (i32 eqref anyref exnref))
-  (local $3 eqref)
-  (local $4 externref)
-  (local $5 anyref)
-  (local $6 f64)
-  (local $7 funcref)
-  (local $8 (i64 externref v128 f64 f32 exnref))
-  (local $9 anyref)
-  (block
-   (if
-    (i32.eqz
-     (global.get $hangLimit)
-    )
-    (return
-     (tuple.make
-      (ref.null func)
-      (ref.null any)
-      (f32.const -nan:0x7ffffc)
-      (ref.null exn)
+      (block $label$6
+       (drop
+        (ref.null extern)
+       )
+       (br $label$5)
+      )
      )
+     (v128.const i32x4 0x55490b31 0x1b002f01 0x00015c17 0x022a1b01)
     )
    )
-   (global.set $hangLimit
-    (i32.sub
-     (global.get $hangLimit)
-     (i32.const 1)
-    )
-   )
-  )
-  (block (result funcref anyref f32 exnref)
-   (block $label$1
-    (call $log-i32
-     (call $hashMemory)
-    )
-    (call $log-v128
-     (local.get $1)
-    )
-   )
-   (nop)
-   (tuple.make
-    (ref.func $func_10)
-    (ref.null any)
-    (f32.const 7710)
-    (ref.null exn)
-   )
   )
  )
  (func $hangLimitInitializer
author	Alon Zakai <azakai@google.com>	2020-09-21 17:23:03 -0700
committer	GitHub <noreply@github.com>	2020-09-21 17:23:03 -0700
commit	4b3c35b34c62dc619b1c706e5562e90c089f2419 (patch)
tree	904ccadc6e8b7a05a05a7ebba01a65b87eb7ff94
parent	85e0e50e86797d63912742c1c2aac0332dd2cf40 (diff)
download	binaryen-4b3c35b34c62dc619b1c706e5562e90c089f2419.tar.gz binaryen-4b3c35b34c62dc619b1c706e5562e90c089f2419.tar.bz2 binaryen-4b3c35b34c62dc619b1c706e5562e90c089f2419.zip