diff options
author | Alon Zakai <azakai@google.com> | 2020-04-13 11:37:29 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-13 11:37:29 -0700 |
commit | e0716f53362f233662537a27f2165ed9dbb301e3 (patch) | |
tree | 5439c8da3c4b4134159232718d62e3ea076698ea /test/binaryen.js | |
parent | 585f8174c1339d7ac5eeceed89d2ac30e4ba8826 (diff) | |
download | binaryen-e0716f53362f233662537a27f2165ed9dbb301e3.tar.gz binaryen-e0716f53362f233662537a27f2165ed9dbb301e3.tar.bz2 binaryen-e0716f53362f233662537a27f2165ed9dbb301e3.zip |
Add --deterministic flag to wasm2js, for fuzzing (#2757)
In wasm2js we ignore things that trap in wasm that we can't
really handle, like a load from memory out of bounds would
trap in wasm, but in JS we don't want to emit a bounds check
on each load. So wasm2js focuses on programs that don't
trap.
However, this is annoying in the fuzzer as it turns out that
our behavior for places where wasm would trap was not
deterministic. That is, wasm would trap, wasm2js would not
trap and do behavior X, and wasm2js with optimizations
would also not trap but do behavior Y != X. This produced
false positives in the fuzzer (and might be annoying in
manual debugging too).
As a workaround, this adds a --deterministic flag to wasm2js,
which tries to be deterministic about what it does for cases
where wasm would trap. This handles the case of an int
division by 0 which traps in wasm but without this flag could
have different behavior in wasm2js with or without opts
(see details in the patch).
Diffstat (limited to 'test/binaryen.js')
0 files changed, 0 insertions, 0 deletions