summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAlon Zakai <azakai@google.com>2023-03-01 14:23:57 -0800
committerGitHub <noreply@github.com>2023-03-01 14:23:57 -0800
commit50279271a0561614b41e73ed0b463181ce7c4ba2 (patch)
treebbd64799cf038eff0e449989ebfd9b88181fc8e0 /src
parent4eb39ce8e3702da04a0ebfda7742486f34db5752 (diff)
downloadbinaryen-50279271a0561614b41e73ed0b463181ce7c4ba2.tar.gz
binaryen-50279271a0561614b41e73ed0b463181ce7c4ba2.tar.bz2
binaryen-50279271a0561614b41e73ed0b463181ce7c4ba2.zip
Fuzzer: Be careful with ArrayNew sizes (#5537)
Only very rarely ask to create a huge array, as that can easily hit a host size limit and cause a run to be ignored.
Diffstat (limited to 'src')
-rw-r--r--src/tools/fuzzing/fuzzing.cpp12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
index d3539a51b..1159dcb0c 100644
--- a/src/tools/fuzzing/fuzzing.cpp
+++ b/src/tools/fuzzing/fuzzing.cpp
@@ -2168,7 +2168,17 @@ Expression* TranslateToFuzzReader::makeConstCompoundRef(Type type) {
// TODO: when in a function context, we don't need to be trivial.
init = makeTrivial(element.type);
}
- return builder.makeArrayNew(type.getHeapType(), makeConst(Type::i32), init);
+ Expression* count;
+ if (oneIn(100)) {
+ // With low probability pick a totally random count. This can easily be a
+ // super-high number that immediately causes a host limit error on running
+ // out of memory.
+ count = makeConst(Type::i32);
+ } else {
+ // Otherwise, most of the time pick a reasonable/realistic number.
+ count = builder.makeConst(int32_t(upTo(100)));
+ }
+ return builder.makeArrayNew(type.getHeapType(), count, init);
} else {
WASM_UNREACHABLE("bad user-defined ref type");
}