diff options
| author | Alon Zakai <azakai@google.com> | 2021-04-12 18:37:48 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-12 18:37:48 -0700 |
| commit | b0af95200a37d76eccf285dcb45b4ed6162212d0 (patch) | |
| tree | 3633c42ad4935b06f2fe88a8e9901b9d0b08d774 /test | |
| parent | c9aa77c3f6452154526456497731da1bc8e7d896 (diff) | |
| download | binaryen-b0af95200a37d76eccf285dcb45b4ed6162212d0.tar.gz binaryen-b0af95200a37d76eccf285dcb45b4ed6162212d0.tar.bz2 binaryen-b0af95200a37d76eccf285dcb45b4ed6162212d0.zip | |
Fuzzer: Distinguish traps from host limitations (#3801)
Host limitations are arbitrary and can be modified by optimizations, so
ignore them. For example, if the optimizer removes allocations then a
host limit on an allocation error may vanish. Or, an optimization that
removes recursion and replaces it with a loop may avoid a host limit
on call depth (that is not done currently, but might some day).
This removes a class of annoying false positives in the fuzzer.
Diffstat (limited to 'test')
| -rw-r--r-- | test/passes/Oz_fuzz-exec_all-features.txt | 15 | ||||
| -rw-r--r-- | test/passes/Oz_fuzz-exec_all-features.wast | 15 |
2 files changed, 29 insertions, 1 deletions
diff --git a/test/passes/Oz_fuzz-exec_all-features.txt b/test/passes/Oz_fuzz-exec_all-features.txt index 5d00a3db1..0da22edbd 100644 --- a/test/passes/Oz_fuzz-exec_all-features.txt +++ b/test/passes/Oz_fuzz-exec_all-features.txt @@ -33,7 +33,7 @@ [LoggingExternalInterface logging 3] [trap cast error] [fuzz-exec] calling array-alloc-failure -[trap allocation failure] +[host limit allocation failure] (module (type $struct (struct (field (mut i32)))) (type $void_func (func)) @@ -277,3 +277,16 @@ [LoggingExternalInterface logging 3] [trap cast error] [fuzz-exec] calling array-alloc-failure +ignoring comparison of ExecutionResults! +[fuzz-exec] calling foo +[host limit allocation failure] +(module + (type $none_=>_i32 (func (result i32))) + (export "foo" (func $0)) + (func $0 (; has Stack IR ;) (result i32) + (i32.const 0) + ) +) +[fuzz-exec] calling foo +[fuzz-exec] note result: foo => 0 +ignoring comparison of ExecutionResults! diff --git a/test/passes/Oz_fuzz-exec_all-features.wast b/test/passes/Oz_fuzz-exec_all-features.wast index 4092f6b34..c88133c3a 100644 --- a/test/passes/Oz_fuzz-exec_all-features.wast +++ b/test/passes/Oz_fuzz-exec_all-features.wast @@ -240,3 +240,18 @@ ) ) ) +(module + (type $[mut:i8] (array (mut i8))) + (func "foo" (result i32) + ;; before opts this will trap on failing to allocate -1 >>> 0 bytes. after + ;; opts the unused value is removed so there is no trap, and a value is + ;; returned, which should not confuse the fuzzer. + (drop + (array.new_default_with_rtt $[mut:i8] + (i32.const -1) + (rtt.canon $[mut:i8]) + ) + ) + (i32.const 0) + ) +) |