diff options
| author | Alon Zakai <azakai@google.com> | 2022-05-18 12:21:06 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-18 12:21:06 -0700 |
| commit | 12f59507ee65b29ce08f37089594f752f846af9d (patch) | |
| tree | 6910c1f7be5ef431d943e3e9eb085e3fc06abf29 /src/tools/fuzzing/fuzzing.cpp | |
| parent | 6926544f8de43d12079e1b384c20b4b449b2901f (diff) | |
| download | binaryen-12f59507ee65b29ce08f37089594f752f846af9d.tar.gz binaryen-12f59507ee65b29ce08f37089594f752f846af9d.tar.bz2 binaryen-12f59507ee65b29ce08f37089594f752f846af9d.zip | |
[GC Fuzzing] Avoid non-nullable eqref without GC (#4675)
With only reference types but not GC, we cannot easily create a constant
for eqref for example. Only GC adds i31.new etc. To avoid assertions in
the fuzzer, avoid randomly picking (ref eq) etc., that is, keep it nullable
so that we can emit a (ref.null eq) if we need a constant value of that type.
Diffstat (limited to 'src/tools/fuzzing/fuzzing.cpp')
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 5b75d859c..22006a6a1 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -1936,6 +1936,14 @@ Expression* TranslateToFuzzReader::makeConst(Type type) { return makeConst(Type(subtype, nullability)); } case HeapType::eq: { + assert(wasm.features.hasReferenceTypes()); + if (!wasm.features.hasGC()) { + // Without wasm GC all we have is an "abstract" eqref type, which is + // a subtype of anyref, but we cannot create constants of it, except + // for null. + assert(type.isNullable()); + return builder.makeRefNull(type); + } auto nullability = getSubType(type.getNullability()); // i31.new is not allowed in initializer expressions. HeapType subtype; @@ -1947,6 +1955,7 @@ Expression* TranslateToFuzzReader::makeConst(Type type) { return makeConst(Type(subtype, nullability)); } case HeapType::i31: + assert(wasm.features.hasReferenceTypes() && wasm.features.hasGC()); // i31.new is not allowed in initializer expressions. if (funcContext) { return builder.makeI31New(makeConst(Type::i32)); @@ -3002,8 +3011,19 @@ bool TranslateToFuzzReader::isLoggableType(Type type) { } Nullability TranslateToFuzzReader::getSubType(Nullability nullability) { - return nullability == NonNullable ? NonNullable - : oneIn(2) ? Nullable : NonNullable; + if (nullability == NonNullable) { + return NonNullable; + } + // Without wasm GC, avoid non-nullable types as we cannot create any values + // of such types. For example, reference types adds eqref, but there is no + // way to create such a value, only to receive it from the outside, while GC + // adds i31/struct/array creation. Without GC, we will likely need to create a + // null of this type (unless we are lucky enough to have a non-null value + // arriving from an import), so avoid a non-null type if possible. + if (wasm.features.hasGC() && oneIn(2)) { + return NonNullable; + } + return Nullable; } HeapType TranslateToFuzzReader::getSubType(HeapType type) { |