diff options
| author | Thomas Lively <tlively@google.com> | 2024-03-26 13:38:15 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-26 13:38:15 -0700 |
| commit | 165953e3267997e606598a91d0c79f92e39ee2cc (patch) | |
| tree | 7f8dbc5477ed800de2927d1ae57ad99c0cf2683a /src/tools/fuzzing | |
| parent | 19f8cc706e823f97554f5e4e9167060061d32a41 (diff) | |
| download | binaryen-165953e3267997e606598a91d0c79f92e39ee2cc.tar.gz binaryen-165953e3267997e606598a91d0c79f92e39ee2cc.tar.bz2 binaryen-165953e3267997e606598a91d0c79f92e39ee2cc.zip | |
Fix stringview subtyping (#6440)
The stringview types (`stringview_wtf8`, `stringview_wtf16`, and
`stringview_iter`) are not subtypes of `any` even though they are supertypes of
`none`. This breaks the type system invariant that types share a bottom type iff
they share a top type, but we can work around that.
Diffstat (limited to 'src/tools/fuzzing')
| -rw-r--r-- | src/tools/fuzzing/heap-types.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/tools/fuzzing/heap-types.cpp b/src/tools/fuzzing/heap-types.cpp index 13ad01474..5c948e44d 100644 --- a/src/tools/fuzzing/heap-types.cpp +++ b/src/tools/fuzzing/heap-types.cpp @@ -454,12 +454,19 @@ struct HeapTypeGeneratorImpl { candidates.push_back(HeapType::any); break; case HeapType::string: + candidates.push_back(HeapType::any); + break; case HeapType::stringview_wtf8: case HeapType::stringview_wtf16: case HeapType::stringview_iter: - candidates.push_back(HeapType::any); break; case HeapType::none: + if (rand.oneIn(10)) { + candidates.push_back(HeapType::stringview_wtf8); + candidates.push_back(HeapType::stringview_wtf16); + candidates.push_back(HeapType::stringview_iter); + break; + } return pickSubAny(); case HeapType::nofunc: return pickSubFunc(); |