diff options
author | Alon Zakai <azakai@google.com> | 2020-10-27 10:30:24 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-27 10:30:24 -0700 |
commit | 9a174f0ce9dc44b74db0e04728de62e6556176f9 (patch) | |
tree | 6f8a331eb2a23f795df6e12373bff22d28c1dfdd /test/passes/fuzz_metrics_noprint.bin.txt | |
parent | ca16f7cdc57549333474d7042128d2007bc35fad (diff) | |
download | binaryen-9a174f0ce9dc44b74db0e04728de62e6556176f9.tar.gz binaryen-9a174f0ce9dc44b74db0e04728de62e6556176f9.tar.bz2 binaryen-9a174f0ce9dc44b74db0e04728de62e6556176f9.zip |
Fuzzer: Add an option to fuzz with initial wasm contents (#3276)
Previously the fuzzer constructed a new random valid wasm file from
scratch. The new --initial-fuzz=FILENAME option makes it start from
an existing wasm file, and then add random contents on top of that. It
also randomly modifies the existing contents, for example tweaking
a Const, replacing some nodes with other things of the same type, etc.
It also has a chance to replace a drop with a logging (as some of our
tests just drop a result, and we match the optimized output's wasm
instead of the result; by logging, the fuzzer can check things).
The goal is to find bugs by using existing hand-written testcases as
a basis. This PR uses the test suite's testcases as initial fuzz contents.
This can find issues as they often check for corner cases - they are
designed to be "interesting", which random data may be less likely
to find.
This has found several bugs already, see recent fuzz fixes. I mentioned
the first few on Twitter but past 4 I stopped counting...
https://twitter.com/kripken/status/1314323318036602880
This required various changes to the fuzzer's generation to account
for the fact that there can be existing functions and so forth before
it starts to run, so it needs to avoid collisions and so forth.
Diffstat (limited to 'test/passes/fuzz_metrics_noprint.bin.txt')
-rw-r--r-- | test/passes/fuzz_metrics_noprint.bin.txt | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/test/passes/fuzz_metrics_noprint.bin.txt b/test/passes/fuzz_metrics_noprint.bin.txt index da8acec57..ad654067f 100644 --- a/test/passes/fuzz_metrics_noprint.bin.txt +++ b/test/passes/fuzz_metrics_noprint.bin.txt @@ -1,30 +1,30 @@ total [events] : 0 - [exports] : 45 - [funcs] : 72 + [exports] : 35 + [funcs] : 47 [globals] : 7 [imports] : 4 [memory-data] : 4 - [table-data] : 30 - [total] : 5321 - [vars] : 256 - binary : 416 - block : 755 - break : 178 - call : 234 - call_indirect : 49 - const : 970 - drop : 58 - global.get : 461 - global.set : 201 - if : 313 - load : 98 - local.get : 412 - local.set : 301 - loop : 119 - nop : 80 - return : 209 - select : 46 - store : 43 - unary : 375 - unreachable : 3 + [table-data] : 16 + [total] : 6048 + [vars] : 137 + binary : 458 + block : 871 + break : 230 + call : 240 + call_indirect : 52 + const : 1081 + drop : 40 + global.get : 480 + global.set : 204 + if : 356 + load : 108 + local.get : 527 + local.set : 351 + loop : 155 + nop : 120 + return : 233 + select : 51 + store : 58 + unary : 432 + unreachable : 1 |