diff options
| author | Alon Zakai <azakai@google.com> | 2023-05-22 12:35:23 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-22 12:35:23 -0700 |
| commit | 5beebc6b249c6393e0dbf69f0ec2374eca5d387b (patch) | |
| tree | 0f4d6ff3311f031032036e86728f1bff642f7b6d /src/tools | |
| parent | 97178d08d4a20d2a5e3a6be813fc6a7079ef86e1 (diff) | |
| download | binaryen-5beebc6b249c6393e0dbf69f0ec2374eca5d387b.tar.gz binaryen-5beebc6b249c6393e0dbf69f0ec2374eca5d387b.tar.bz2 binaryen-5beebc6b249c6393e0dbf69f0ec2374eca5d387b.zip | |
Fuzzer: Limit ArrayNew sizes most of the time (#5738)
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index cfc0d9ed8..54ff3533b 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -703,14 +703,23 @@ Function* TranslateToFuzzReader::addFunction() { void TranslateToFuzzReader::addHangLimitChecks(Function* func) { // loop limit - FindAll<Loop> loops(func->body); - for (auto* loop : loops.list) { + for (auto* loop : FindAll<Loop>(func->body).list) { loop->body = builder.makeSequence(makeHangLimitCheck(), loop->body, loop->type); } // recursion limit func->body = builder.makeSequence(makeHangLimitCheck(), func->body, func->getResults()); + // ArrayNew can hang the fuzzer if the array size is massive. This doesn't + // cause an OOM (which the fuzzer knows how to ignore) but it just works for + // many seconds on building the array. To avoid that, limit the size with high + // probability. + for (auto* arrayNew : FindAll<ArrayNew>(func->body).list) { + if (!oneIn(100)) { + arrayNew->size = builder.makeBinary( + AndInt32, arrayNew->size, builder.makeConst(int32_t(1024 - 1))); + } + } } void TranslateToFuzzReader::recombine(Function* func) { |