diff options
| -rw-r--r-- | scripts/fuzz_opt.py | 16 | ||||
| -rw-r--r-- | src/tools/fuzzing.h | 10 | ||||
| -rw-r--r-- | src/tools/wasm-opt.cpp | 7 |
3 files changed, 29 insertions, 4 deletions
diff --git a/scripts/fuzz_opt.py b/scripts/fuzz_opt.py index fb777d235..4a32e11bf 100644 --- a/scripts/fuzz_opt.py +++ b/scripts/fuzz_opt.py @@ -48,6 +48,8 @@ INPUT_SIZE_LIMIT = 150 * 1024 LOG_LIMIT = 125 +WASM2JS = False + # utilities @@ -145,7 +147,10 @@ def run_bynterp(wasm): def run_wasm2js(wasm): wrapper = run([in_bin('wasm-opt'), wasm, '--emit-js-wrapper=/dev/stdout'] + FEATURE_OPTS) - main = run([in_bin('wasm2js'), wasm, '--emscripten'] + FEATURE_OPTS) + cmd = [in_bin('wasm2js'), wasm, '--emscripten'] + if random.random() < 0.5: + cmd += ['-O'] + main = run(cmd + FEATURE_OPTS) with open(os.path.join(options.binaryen_root, 'scripts', 'wasm2js.js')) as f: glue = f.read() with open('js.js', 'w') as f: @@ -164,7 +169,8 @@ def run_vms(prefix): results = [] results.append(run_bynterp(wasm)) results.append(fix_output(run_vm([os.path.expanduser('d8'), prefix + 'js'] + V8_OPTS + ['--', wasm]))) - # results.append(run_wasm2js(wasm)) + if WASM2JS: + results.append(run_wasm2js(wasm)) # append to add results from VMs # results += [fix_output(run_vm([os.path.expanduser('d8'), prefix + 'js'] + V8_OPTS + ['--', prefix + 'wasm']))] @@ -292,6 +298,12 @@ def get_multiple_opt_choices(): if not NANS: FUZZ_OPTS += ['--no-fuzz-nans'] +if WASM2JS: + # wasm2js does not handle nans precisely, and does not + # handle oob loads etc. with traps + FUZZ_OPTS += ['--no-fuzz-nans'] + FUZZ_OPTS += ['--no-fuzz-oob'] + if __name__ == '__main__': print('checking infinite random inputs') random.seed(time.time() * os.getpid()) diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index b9a9fe4ff..965cb74fa 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -189,6 +189,8 @@ public: void setAllowMemory(bool allowMemory_) { allowMemory = allowMemory_; } + void setAllowOOB(bool allowOOB_) { allowOOB = allowOOB_; } + void build() { if (allowMemory) { setupMemory(); @@ -252,6 +254,10 @@ private: // Whether to emit memory operations like loads and stores. bool allowMemory = true; + // Whether to emit loads, stores, and call_indirects that may be out + // of bounds (which traps in wasm, and is undefined behavior in C). + bool allowOOB = true; + // Whether to emit atomic waits (which in single-threaded mode, may hang...) static const bool ATOMIC_WAITS = false; @@ -1212,7 +1218,7 @@ private: // with high probability, make sure the type is valid otherwise, most are // going to trap Expression* target; - if (!oneIn(10)) { + if (!allowOOB || !oneIn(10)) { target = builder.makeConst(Literal(int32_t(i))); } else { target = make(i32); @@ -1277,7 +1283,7 @@ private: // with high probability, mask the pointer so it's in a reasonable // range. otherwise, most pointers are going to be out of range and // most memory ops will just trap - if (!oneIn(10)) { + if (!allowOOB || !oneIn(10)) { ret = builder.makeBinary( AndInt32, ret, builder.makeConst(Literal(int32_t(USABLE_MEMORY - 1)))); } diff --git a/src/tools/wasm-opt.cpp b/src/tools/wasm-opt.cpp index f7e8b5918..6d78a209b 100644 --- a/src/tools/wasm-opt.cpp +++ b/src/tools/wasm-opt.cpp @@ -73,6 +73,7 @@ int main(int argc, const char* argv[]) { bool fuzzPasses = false; bool fuzzNaNs = true; bool fuzzMemory = true; + bool fuzzOOB = true; std::string emitJSWrapper; std::string emitSpecWrapper; std::string inputSourceMapFilename; @@ -157,6 +158,11 @@ int main(int argc, const char* argv[]) { "don't emit memory ops when fuzzing", Options::Arguments::Zero, [&](Options* o, const std::string& arguments) { fuzzMemory = false; }) + .add("--no-fuzz-oob", + "", + "don't emit out-of-bounds loads/stores/indirect calls when fuzzing", + Options::Arguments::Zero, + [&](Options* o, const std::string& arguments) { fuzzOOB = false; }) .add("--emit-js-wrapper", "-ejw", "Emit a JavaScript wrapper file that can run the wasm with some test " @@ -242,6 +248,7 @@ int main(int argc, const char* argv[]) { } reader.setAllowNaNs(fuzzNaNs); reader.setAllowMemory(fuzzMemory); + reader.setAllowOOB(fuzzOOB); reader.build(); if (options.passOptions.validate) { if (!WasmValidator().validate(wasm)) { |