summaryrefslogtreecommitdiff
path: root/test/binaryen.js
diff options
context:
space:
mode:
authorAlon Zakai <azakai@google.com>2020-04-13 11:37:29 -0700
committerGitHub <noreply@github.com>2020-04-13 11:37:29 -0700
commite0716f53362f233662537a27f2165ed9dbb301e3 (patch)
tree5439c8da3c4b4134159232718d62e3ea076698ea /test/binaryen.js
parent585f8174c1339d7ac5eeceed89d2ac30e4ba8826 (diff)
downloadbinaryen-e0716f53362f233662537a27f2165ed9dbb301e3.tar.gz
binaryen-e0716f53362f233662537a27f2165ed9dbb301e3.tar.bz2
binaryen-e0716f53362f233662537a27f2165ed9dbb301e3.zip
Add --deterministic flag to wasm2js, for fuzzing (#2757)
In wasm2js we ignore things that trap in wasm that we can't really handle, like a load from memory out of bounds would trap in wasm, but in JS we don't want to emit a bounds check on each load. So wasm2js focuses on programs that don't trap. However, this is annoying in the fuzzer as it turns out that our behavior for places where wasm would trap was not deterministic. That is, wasm would trap, wasm2js would not trap and do behavior X, and wasm2js with optimizations would also not trap but do behavior Y != X. This produced false positives in the fuzzer (and might be annoying in manual debugging too). As a workaround, this adds a --deterministic flag to wasm2js, which tries to be deterministic about what it does for cases where wasm would trap. This handles the case of an int division by 0 which traps in wasm but without this flag could have different behavior in wasm2js with or without opts (see details in the patch).
Diffstat (limited to 'test/binaryen.js')
0 files changed, 0 insertions, 0 deletions