diff options
| author | Alon Zakai <azakai@google.com> | 2022-08-31 09:53:10 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-31 16:53:10 +0000 |
| commit | 1fa64bf6099e2585ed2be6c4d27479a38c30a6a3 (patch) | |
| tree | 18839145c602baf18449fe936ef214dc72ce1dd0 /src/tools/fuzzing/fuzzing.cpp | |
| parent | 972cc6f39cb903834be6066c33356f77fc41bc26 (diff) | |
| download | binaryen-1fa64bf6099e2585ed2be6c4d27479a38c30a6a3.tar.gz binaryen-1fa64bf6099e2585ed2be6c4d27479a38c30a6a3.tar.bz2 binaryen-1fa64bf6099e2585ed2be6c4d27479a38c30a6a3.zip | |
Update fuzzer to newer GC spec regarding JS interop (#4965)
Do not export functions that have types not allowed in the rules for
JS interop. Only very few GC types can be on the JS boundary atm.
Diffstat (limited to 'src/tools/fuzzing/fuzzing.cpp')
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 0f59bb635..e00c7f4fa 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -507,7 +507,8 @@ Function* TranslateToFuzzReader::addFunction() { params.push_back(type); } auto paramType = Type(params); - func->type = Signature(paramType, getControlFlowType()); + auto resultType = getControlFlowType(); + func->type = Signature(paramType, resultType); Index numVars = upToSquared(MAX_VARS); for (Index i = 0; i < numVars; i++) { auto type = getConcreteType(); @@ -549,13 +550,29 @@ Function* TranslateToFuzzReader::addFunction() { wasm.addFunction(func); // Export some functions, but not all (to allow inlining etc.). Try to export // at least one, though, to keep each testcase interesting. Only functions - // with defaultable params can be exported because the trap fuzzer depends on - // that (TODO: fix this). - bool defaultableParams = - std::all_of(paramType.begin(), paramType.end(), [](Type t) { - return t.isDefaultable(); + // with valid params and returns can be exported because the trap fuzzer + // depends on that (TODO: fix this). + auto validExportType = [](Type t) { + if (!t.isRef()) { + return true; + } + auto heapType = t.getHeapType(); + return heapType == HeapType::ext || heapType == HeapType::func || + heapType == HeapType::string; + }; + bool validExportParams = + std::all_of(paramType.begin(), paramType.end(), [&](Type t) { + return validExportType(t) && t.isDefaultable(); }); - if (defaultableParams && (numAddedFunctions == 0 || oneIn(2)) && + // Note: spec discussions around JS API integration are still ongoing, and it + // is not clear if we should allow nondefaultable types in exports or not + // (in imports, we cannot allow them in the fuzzer anyhow, since it can't + // construct such values in JS to send over to the wasm from the fuzzer + // harness). + bool validExportResults = + std::all_of(resultType.begin(), resultType.end(), validExportType); + if (validExportParams && validExportResults && + (numAddedFunctions == 0 || oneIn(2)) && !wasm.getExportOrNull(func->name)) { auto* export_ = new Export; export_->name = func->name; |