diff options
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 73 | ||||
| -rw-r--r-- | test/passes/translate-to-fuzz_all-features_metrics_noprint.txt | 66 |
2 files changed, 64 insertions, 75 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 36dc5dcb1..a5f00d8ef 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -1856,50 +1856,50 @@ Literal TranslateToFuzzReader::makeLiteral(Type type) { } Expression* TranslateToFuzzReader::makeRefFuncConst(Type type) { - // ref.as_non_null is allowed in globals and we don't yet support func.ref in - // globals because we create globals before we create functions. As a result, - // we can only create non-nullable function references if we are in a function - // context for now. - // TODO: Generate trivial functions to support ref.func in globals. - assert(type.isNullable() || funcContext); - if (!funcContext || (type.isNullable() && oneIn(8))) { - return builder.makeRefNull(type); - } - auto heapType = type.getHeapType(); if (heapType == HeapType::func) { // First set to target to the last created function, and try to select // among other existing function if possible. - Function* target = funcContext->func; - if (!wasm.functions.empty() && !oneIn(wasm.functions.size())) { + Function* target = funcContext ? funcContext->func : nullptr; + // If there is no last function, and we have others, pick between them. Also + // pick between them with some random probability even if there is a last + // function. + if (!target || (!wasm.functions.empty() && !oneIn(wasm.functions.size()))) { target = pick(wasm.functions).get(); } - return builder.makeRefFunc(target->name, target->type); - } else { - // TODO: randomize the order - for (auto& func : wasm.functions) { - if (Type::isSubType(type, Type(func->type, NonNullable))) { - return builder.makeRefFunc(func->name, func->type); - } + if (target) { + return builder.makeRefFunc(target->name, target->type); } - // We don't have a matching function, so create a null with high probability - // if the type is nullable or otherwise create and cast a null with low - // probability. - if ((type.isNullable() && !oneIn(8)) || oneIn(8)) { - Expression* ret = builder.makeRefNull(Type(heapType, Nullable)); - if (!type.isNullable()) { - ret = builder.makeRefAs(RefAsNonNull, ret); - } - return ret; + } + if (heapType == HeapType::func) { + // From here on we need a specific signature type, as we want to create a + // RefFunc or even a Function out of it. Pick an arbitrary one if we only + // had generic 'func' here. + heapType = Signature(Type::none, Type::none); + } + // TODO: randomize the order + for (auto& func : wasm.functions) { + if (Type::isSubType(type, Type(func->type, NonNullable))) { + return builder.makeRefFunc(func->name, func->type); } - // As a final option, create a new function with the correct signature. - auto* func = wasm.addFunction( - builder.makeFunction(Names::getValidFunctionName(wasm, "ref_func_target"), - heapType, - {}, - builder.makeUnreachable())); - return builder.makeRefFunc(func->name, heapType); } + // We don't have a matching function, so create a null with high probability + // if the type is nullable or otherwise create and cast a null with low + // probability. + if ((type.isNullable() && !oneIn(8)) || oneIn(8)) { + Expression* ret = builder.makeRefNull(Type(heapType, Nullable)); + if (!type.isNullable()) { + ret = builder.makeRefAs(RefAsNonNull, ret); + } + return ret; + } + // As a final option, create a new function with the correct signature. + auto* func = wasm.addFunction( + builder.makeFunction(Names::getValidFunctionName(wasm, "ref_func_target"), + heapType, + {}, + builder.makeUnreachable())); + return builder.makeRefFunc(func->name, heapType); } Expression* TranslateToFuzzReader::makeConst(Type type) { @@ -1926,7 +1926,7 @@ Expression* TranslateToFuzzReader::makeConst(Type type) { HeapType::i31, HeapType::data)); } else { - subtype = HeapType::data; + subtype = HeapType::func; } return makeConst(Type(subtype, nullability)); } @@ -1950,6 +1950,7 @@ Expression* TranslateToFuzzReader::makeConst(Type type) { return builder.makeRefNull(type); } case HeapType::data: + assert(wasm.features.hasReferenceTypes() && wasm.features.hasGC()); // TODO: Construct nontrivial types. For now just create a hard coded // struct or array. if (oneIn(2)) { diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index 15f0a9ac4..1170f8a5a 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,48 +1,36 @@ total - [exports] : 4 - [funcs] : 5 + [exports] : 5 + [funcs] : 4 [globals] : 6 [imports] : 5 [memory-data] : 22 [table-data] : 0 [tables] : 1 [tags] : 1 - [total] : 810 + [total] : 363 [vars] : 9 - ArrayInit : 6 - AtomicCmpxchg : 2 - AtomicFence : 2 - AtomicNotify : 4 + AtomicFence : 1 AtomicRMW : 1 - Binary : 94 - Block : 93 - Break : 29 - Call : 34 - CallRef : 2 - Const : 143 - DataDrop : 1 - Drop : 4 - GlobalGet : 49 - GlobalSet : 25 - I31Get : 1 - I31New : 15 - If : 30 - Load : 24 - LocalGet : 69 - LocalSet : 36 - Loop : 19 - MemoryFill : 1 - Nop : 10 - RefEq : 2 - RefFunc : 7 - RefIs : 7 - RefNull : 4 - Return : 27 - SIMDExtract : 6 - SIMDShuffle : 1 - Select : 3 - Store : 1 - StructNew : 4 - TupleExtract : 4 - TupleMake : 7 - Unary : 43 + Binary : 65 + Block : 36 + Break : 7 + Call : 2 + CallRef : 1 + Const : 75 + Drop : 1 + GlobalGet : 19 + GlobalSet : 10 + I31New : 1 + If : 13 + Load : 19 + LocalGet : 47 + LocalSet : 24 + Loop : 6 + MemoryCopy : 1 + Nop : 6 + RefFunc : 2 + Return : 10 + Select : 2 + Store : 2 + TupleMake : 1 + Unary : 11 |