diff options
| author | Alon Zakai <azakai@google.com> | 2022-05-05 08:10:24 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-05 15:10:24 +0000 |
| commit | 984a28828f7536a5d39272a1c0bbdd18254bb486 (patch) | |
| tree | 8671a39501e278c3642d8cc81cdd9b4af665babb /src | |
| parent | 996cbd861c0cae4c942cc57b1915af5ea7b4d5f5 (diff) | |
| download | binaryen-984a28828f7536a5d39272a1c0bbdd18254bb486.tar.gz binaryen-984a28828f7536a5d39272a1c0bbdd18254bb486.tar.bz2 binaryen-984a28828f7536a5d39272a1c0bbdd18254bb486.zip | |
Fix fuzzer's choosing of reference types (#4642)
* Don't emit "i31" or "data" if GC is not enabled, as only the GC feature adds those.
* Don't emit "any" without GC either. While it is allowed, fuzzer limitations prevent
this atm (see details in comment - it's fixable).
Diffstat (limited to 'src')
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 8721753a1..36dc5dcb1 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -1919,7 +1919,12 @@ Expression* TranslateToFuzzReader::makeConst(Type type) { Nullability nullability = getSubType(type.getNullability()); HeapType subtype; if (funcContext || nullability == Nullable) { - subtype = pick(HeapType::func, HeapType::i31, HeapType::data); + subtype = pick(FeatureOptions<HeapType>() + .add(FeatureSet::ReferenceTypes, HeapType::func) + .add(FeatureSet::ReferenceTypes | FeatureSet::GC, + HeapType::func, + HeapType::i31, + HeapType::data)); } else { subtype = HeapType::data; } @@ -2914,7 +2919,9 @@ Type TranslateToFuzzReader::getSingleConcreteType() { Type TranslateToFuzzReader::getReferenceType() { return pick(FeatureOptions<Type>() - .add(FeatureSet::ReferenceTypes, Type::funcref, Type::anyref) + // Avoid Type::anyref without GC enabled, see + // TranslateToFuzzReader::getSingleConcreteType. + .add(FeatureSet::ReferenceTypes, Type::funcref) .add(FeatureSet::ReferenceTypes | FeatureSet::GC, Type(HeapType::func, NonNullable), Type(HeapType::any, NonNullable), @@ -3001,11 +3008,15 @@ HeapType TranslateToFuzzReader::getSubType(HeapType type) { return HeapType::func; case HeapType::any: // TODO: nontrivial types as well. - return pick(HeapType::func, - HeapType::any, - HeapType::eq, - HeapType::i31, - HeapType::data); + return pick( + FeatureOptions<HeapType>() + .add(FeatureSet::ReferenceTypes, HeapType::func, HeapType::any) + .add(FeatureSet::ReferenceTypes | FeatureSet::GC, + HeapType::func, + HeapType::any, + HeapType::eq, + HeapType::i31, + HeapType::data)); case HeapType::eq: // TODO: nontrivial types as well. return pick(HeapType::eq, HeapType::i31, HeapType::data); |