diff options
| author | Alon Zakai <azakai@google.com> | 2021-03-25 19:37:19 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-25 19:37:19 -0700 |
| commit | 9c1d69f6596b76fe83bff17709b92f8cc2054a31 (patch) | |
| tree | ca595fd0a0700250db72b012f1b9481157197da5 | |
| parent | 36d6f22cf71e66847fb06685b0e634fe0c4f770d (diff) | |
| download | binaryen-9c1d69f6596b76fe83bff17709b92f8cc2054a31.tar.gz binaryen-9c1d69f6596b76fe83bff17709b92f8cc2054a31.tar.bz2 binaryen-9c1d69f6596b76fe83bff17709b92f8cc2054a31.zip | |
Fix fuzzer on creating a function with a heaptype of just 'func' (#3738)
Also handle more cases of non-function data types there.
| -rw-r--r-- | src/tools/fuzzing.h | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index 8bfb119da..cab5461f9 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -2077,9 +2077,9 @@ private: if (type.isRef()) { assert(wasm.features.hasReferenceTypes()); // Check if we can use ref.func. - // 'func' is the pointer to the last created function and can be null when - // we set up globals (before we create any functions), in which case we - // can't use ref.func. + // 'funcContext->func' is the pointer to the last created function and can + // be null when we set up globals (before we create any functions), in + // which case we can't use ref.func. if (type == Type::funcref && funcContext && oneIn(2)) { // First set to target to the last created function, and try to select // among other existing function if possible @@ -2096,8 +2096,16 @@ private: if (oneIn(2) && type.isNullable()) { return builder.makeRefNull(type); } - if (type == Type::dataref) { - WASM_UNREACHABLE("TODO: dataref"); + if (!type.isFunction()) { + // We don't know how to create an externref or GC data yet TODO + // For now, create a null, and if it must be non-null, cast it to such + // even though that traps at runtime. + auto nullable = Type(type.getHeapType(), Nullable); + Expression* ret = builder.makeRefNull(nullable); + if (!type.isNullable()) { + ret = builder.makeRefAs(RefAsNonNull, ret); + } + return ret; } // TODO: randomize the order for (auto& func : wasm.functions) { @@ -2110,9 +2118,18 @@ private: return builder.makeRefNull(type); } // Last resort: create a function. + auto heapType = type.getHeapType(); + Signature sig; + if (heapType.isSignature()) { + sig = heapType.getSignature(); + } else { + assert(heapType == HeapType::func); + // The specific signature does not matter. + sig = Signature(Type::none, Type::none); + } auto* func = wasm.addFunction(builder.makeFunction( Names::getValidFunctionName(wasm, "ref_func_target"), - type.getHeapType().getSignature(), + sig, {}, builder.makeUnreachable())); return builder.makeRefFunc(func->name, type); |