diff options
| author | Alon Zakai <azakai@google.com> | 2023-02-16 09:31:24 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-16 17:31:24 +0000 |
| commit | cd90ef436e9038331ce52e24db3ead6312426e8b (patch) | |
| tree | b3f771036b55e4723ab4c43f63a86dc25905ea54 /src/tools/fuzzing.h | |
| parent | 0cffeb58f88b086ff7b195fc7d2440add92803fc (diff) | |
| download | binaryen-cd90ef436e9038331ce52e24db3ead6312426e8b.tar.gz binaryen-cd90ef436e9038331ce52e24db3ead6312426e8b.tar.bz2 binaryen-cd90ef436e9038331ce52e24db3ead6312426e8b.zip | |
Fuzzer: Replace with unreachable sometimes (#5496)
This makes the fuzzer replace things with an unreachable instruction in
rare situations. The hope was to find bugs like #5487, but instead it's
mostly found bugs in the inliner actually (#5492, #5493).
This also fixes an uncovered bug in the fuzzer, where we refinalized in
more than one place. It is unsafe to do so before labels are fixed up
(as duplicate labels can confuse us as to which types are needed; this
is actually the same issue as in #5492). To fix that, remove the extra
refinalize that was too early, and also rename the fixup function since
it does a general fixup for all the things.
Diffstat (limited to 'src/tools/fuzzing.h')
| -rw-r--r-- | src/tools/fuzzing.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index aff2a0aa3..bdadaba5a 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -193,9 +193,8 @@ private: } void recombine(Function* func); void mutate(Function* func); - // Fix up changes that may have broken validation - types are correct in our - // modding, but not necessarily labels. - void fixLabels(Function* func); + // Fix up the IR after recombination and mutation. + void fixAfterChanges(Function* func); void modifyInitialFunctions(); // Initial wasm contents may have come from a test that uses the drop pattern: |