summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/tools/fuzzing.h49
-rw-r--r--test/passes/fuzz_metrics_noprint.bin.txt50
-rw-r--r--test/passes/translate-to-fuzz_all-features.txt696
3 files changed, 376 insertions, 419 deletions
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h
index 52a524e29..51e9300af 100644
--- a/src/tools/fuzzing.h
+++ b/src/tools/fuzzing.h
@@ -1546,6 +1546,38 @@ private:
}
}
+ // Optional tweaking of the value by a small adjustment.
+ auto tweak = [this, type](Literal value) {
+ // +- 1
+ switch (upTo(5)) {
+ case 0:
+ value = value.add(Literal::makeFromInt32(-1, type));
+ break;
+ case 1:
+ value = value.add(Literal::makeFromInt32(1, type));
+ break;
+ default: {
+ }
+ }
+ // For floats, optionally add a non-integer adjustment in +- [-1, 1]
+ if (type.isFloat() && oneIn(2)) {
+ const int RANGE = 1000;
+ auto RANGE_LITERAL = Literal::makeFromInt32(RANGE, type);
+ // adjustment -> [0, 2 * RANGE]
+ auto adjustment = Literal::makeFromInt32(upTo(2 * RANGE + 1), type);
+ // adjustment -> [-RANGE, RANGE]
+ adjustment = adjustment.sub(RANGE_LITERAL);
+ // adjustment -> [-1, 1]
+ adjustment = adjustment.div(RANGE_LITERAL);
+ value = value.add(adjustment);
+ }
+ // Flip sign.
+ if (oneIn(2)) {
+ value = value.mul(Literal::makeFromInt32(-1, type));
+ }
+ return value;
+ };
+
switch (upTo(4)) {
case 0: {
// totally random, entire range
@@ -1680,14 +1712,7 @@ private:
case Type::unreachable:
WASM_UNREACHABLE("unexpected type");
}
- // tweak around special values
- if (oneIn(3)) { // +- 1
- value = value.add(Literal::makeFromInt32(upTo(3) - 1, type));
- }
- if (oneIn(2)) { // flip sign
- value = value.mul(Literal::makeFromInt32(-1, type));
- }
- return value;
+ return tweak(value);
}
case 3: {
// powers of 2
@@ -1714,14 +1739,10 @@ private:
case Type::unreachable:
WASM_UNREACHABLE("unexpected type");
}
- // maybe negative
- if (oneIn(2)) {
- value = value.mul(Literal::makeFromInt32(-1, type));
- }
- return value;
+ return tweak(value);
}
}
- WASM_UNREACHABLE("invalide value");
+ WASM_UNREACHABLE("invalid value");
}
Expression* makeConst(Type type) {
diff --git a/test/passes/fuzz_metrics_noprint.bin.txt b/test/passes/fuzz_metrics_noprint.bin.txt
index a4db4bcd6..874a4e82b 100644
--- a/test/passes/fuzz_metrics_noprint.bin.txt
+++ b/test/passes/fuzz_metrics_noprint.bin.txt
@@ -1,31 +1,29 @@
total
[events] : 0
- [exports] : 31
- [funcs] : 45
+ [exports] : 35
+ [funcs] : 57
[globals] : 7
[imports] : 4
[memory-data] : 4
- [table-data] : 16
- [total] : 5788
- [vars] : 115
- binary : 453
- block : 823
- break : 242
- call : 208
- call_indirect : 47
- const : 997
- drop : 46
- global.get : 473
- global.set : 208
- if : 323
- load : 99
- local.get : 491
- local.set : 364
- loop : 148
- nop : 109
- return : 228
- select : 46
- store : 55
- switch : 3
- unary : 422
- unreachable : 3
+ [table-data] : 30
+ [total] : 2111
+ [vars] : 153
+ binary : 184
+ block : 311
+ break : 56
+ call : 110
+ call_indirect : 10
+ const : 362
+ drop : 29
+ global.get : 187
+ global.set : 80
+ if : 114
+ load : 46
+ local.get : 153
+ local.set : 112
+ loop : 36
+ nop : 46
+ return : 105
+ select : 13
+ store : 11
+ unary : 146
diff --git a/test/passes/translate-to-fuzz_all-features.txt b/test/passes/translate-to-fuzz_all-features.txt
index 216798375..5cfe2bc41 100644
--- a/test/passes/translate-to-fuzz_all-features.txt
+++ b/test/passes/translate-to-fuzz_all-features.txt
@@ -1,18 +1,19 @@
(module
(type $none_=>_none (func))
- (type $i64_=>_none (func (param i64)))
- (type $none_=>_i64_v128_f32_v128_v128 (func (result i64 v128 f32 v128 v128)))
- (type $i32_=>_none (func (param i32)))
(type $f32_=>_none (func (param f32)))
+ (type $nullref_=>_none (func (param nullref)))
+ (type $none_=>_externref_exnref_exnref_exnref (func (result externref exnref exnref exnref)))
+ (type $none_=>_exnref (func (result exnref)))
+ (type $i32_=>_none (func (param i32)))
+ (type $i64_=>_none (func (param i64)))
(type $f64_=>_none (func (param f64)))
+ (type $f64_i32_i64_f64_v128_=>_none (func (param f64 i32 i64 f64 v128)))
(type $v128_=>_none (func (param v128)))
- (type $nullref_=>_none (func (param nullref)))
(type $exnref_=>_none (func (param exnref)))
(type $none_=>_i32 (func (result i32)))
- (type $i64_v128_=>_f32 (func (param i64 v128) (result f32)))
- (type $f32_=>_f64 (func (param f32) (result f64)))
- (type $none_=>_externref (func (result externref)))
- (type $f64_=>_nullref (func (param f64) (result nullref)))
+ (type $funcref_f64_f32_v128_exnref_f32_=>_i64 (func (param funcref f64 f32 v128 exnref f32) (result i64)))
+ (type $externref_externref_f32_v128_funcref_funcref_=>_v128 (func (param externref externref f32 v128 funcref funcref) (result v128)))
+ (type $v128_=>_funcref (func (param v128) (result funcref)))
(import "fuzzing-support" "log-i32" (func $log-i32 (param i32)))
(import "fuzzing-support" "log-i64" (func $log-i64 (param i64)))
(import "fuzzing-support" "log-f32" (func $log-f32 (param f32)))
@@ -22,23 +23,32 @@
(import "fuzzing-support" "log-exnref" (func $log-exnref (param exnref)))
(memory $0 (shared 1 1))
(data (i32.const 0) "N\0fN\f5\f9\b1\ff\fa\eb\e5\fe\a7\ec\fb\fc\f4\a6\e4\ea\f0\ae\e3")
- (table $0 0 funcref)
+ (table $0 2 2 funcref)
+ (elem (i32.const 0) $func_8 $func_12)
(global $global$5 (mut f32) (f32.const 74))
(global $global$4 (mut nullref) (ref.null))
(global $global$3 (mut i32) (i32.const 1263230471))
(global $global$2 (mut i32) (i32.const -131072))
- (global $global$1 (mut (i64 f64 exnref)) (tuple.make
- (i64.const 4294967295)
- (f64.const -nan:0xffffffffffffa)
+ (global $global$1 (mut (funcref nullref nullref externref exnref f64)) (tuple.make
(ref.null)
+ (ref.null)
+ (ref.null)
+ (ref.null)
+ (ref.null)
+ (f64.const 1.1754943508222875e-38)
))
(global $hangLimit (mut i32) (i32.const 10))
- (event $event$0 (attr 0) (param i64))
- (event $event$1 (attr 0) (param))
+ (event $event$0 (attr 0) (param nullref))
+ (event $event$1 (attr 0) (param f32))
(export "hashMemory" (func $hashMemory))
(export "memory" (memory $0))
(export "func_8" (func $func_8))
- (export "func_10" (func $func_10))
+ (export "func_8_invoker" (func $func_8_invoker))
+ (export "func_11" (func $func_11))
+ (export "func_12" (func $func_12))
+ (export "func_12_invoker" (func $func_12_invoker))
+ (export "func_14" (func $func_14))
+ (export "func_15" (func $func_15))
(export "hangLimitInitializer" (func $hangLimitInitializer))
(func $hashMemory (result i32)
(local $0 i32)
@@ -271,21 +281,17 @@
)
(local.get $0)
)
- (func $func_8 (result externref)
+ (func $func_8 (result exnref)
(local $0 i64)
- (local $1 exnref)
- (local $2 nullref)
- (local $3 i32)
- (local $4 externref)
- (local $5 nullref)
- (local $6 f32)
+ (local $1 i64)
+ (local $2 exnref)
(block
(if
(i32.eqz
(global.get $hangLimit)
)
(return
- (local.get $4)
+ (ref.null)
)
)
(global.set $hangLimit
@@ -295,316 +301,62 @@
)
)
)
- (block $label$0 (result externref)
- (loop $label$1
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
- )
- (return
- (local.get $4)
- )
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
- )
- )
+ (ref.null)
+ )
+ (func $func_8_invoker
+ (drop
+ (call $func_8)
+ )
+ (drop
+ (call $func_8)
+ )
+ (call $log-i32
+ (call $hashMemory)
+ )
+ (drop
+ (call $func_8)
+ )
+ (call $log-i32
+ (call $hashMemory)
+ )
+ )
+ (func $func_10 (result externref exnref exnref exnref)
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
)
- (block
- (block $label$2
- (atomic.fence)
- (f64.store offset=3 align=2
- (i32.and
- (i32.const 521278814)
- (block $label$9 (result i32)
- (i64.atomic.store offset=22
- (i32.and
- (br_if $label$9
- (loop $label$11 (result i32)
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
- )
- (return
- (local.get $4)
- )
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
- )
- )
- )
- (i32.const 26)
- )
- (loop $label$10 (result i32)
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
- )
- (return
- (local.get $4)
- )
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
- )
- )
- )
- (local.get $3)
- )
- )
- (i32.const 15)
- )
- (i64x2.extract_lane 1
- (f32x4.lt
- (i64x2.splat
- (local.get $0)
- )
- (v128.load offset=3 align=1
- (i32.and
- (local.get $3)
- (i32.const 15)
- )
- )
- )
- )
- )
- (i32.gt_u
- (block $label$12 (result i32)
- (if
- (i32.const 521278814)
- (nop)
- (nop)
- )
- (local.get $3)
- )
- (local.tee $3
- (ref.is_null
- (loop $label$13 (result externref)
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
- )
- (return
- (local.get $4)
- )
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
- )
- )
- )
- (local.tee $4
- (loop $label$14 (result externref)
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
- )
- (return
- (local.get $4)
- )
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
- )
- )
- )
- (local.get $4)
- )
- )
- )
- )
- )
- )
- )
- )
- (f64.const 2.0368363672810022e-260)
- )
- )
- (br_if $label$1
- (loop $label$3
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
- )
- (return
- (local.get $4)
- )
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
- )
- )
- )
- (block $label$4
- (block $label$5
- (nop)
- (drop
- (f32.convert_i64_u
- (i64.const 1394725084389383962)
- )
- )
- (br_if $label$3
- (i32.eqz
- (if (result i32)
- (i32.eqz
- (if (result i32)
- (i32.eqz
- (i32.and
- (global.get $global$3)
- (i32.const 15)
- )
- )
- (if (result i32)
- (i32.eqz
- (i32.load16_u offset=3 align=1
- (i32.and
- (i32.and
- (global.get $global$3)
- (i32.const 15)
- )
- (i32.const 15)
- )
- )
- )
- (i32.and
- (global.get $global$3)
- (i32.const 15)
- )
- (loop $label$18 (result i32)
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
- )
- (return
- (local.get $4)
- )
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
- )
- )
- )
- (block (result i32)
- (block $label$19
- (loop $label$20
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
- )
- (return
- (local.get $4)
- )
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
- )
- )
- )
- (nop)
- )
- (br_if $label$19
- (i32.eqz
- (local.get $3)
- )
- )
- )
- (br_if $label$18
- (local.get $3)
- )
- (local.get $3)
- )
- )
- )
- (block $label$21
- (br $label$1)
- )
- )
- )
- (ref.is_null
- (ref.null)
- )
- (block $label$22
- (v128.store offset=4
- (i32.and
- (local.tee $3
- (i32.const 0)
- )
- (i32.const 15)
- )
- (i8x16.narrow_i16x8_u
- (if (result v128)
- (i32.eqz
- (block $label$23 (result i32)
- (i32.const -129)
- )
- )
- (block $label$24
- (return
- (local.get $4)
- )
- )
- (v128.const i32x4 0xffffc000 0xffffffe0 0x00007fff 0x737f197a)
- )
- (v128.const i32x4 0x10000000 0x00000000 0x00000080 0x00000000)
- )
- )
- (br $label$1)
- )
- )
- )
- )
- )
- (return
- (local.get $4)
- )
- )
- )
+ (return
+ (tuple.make
+ (ref.null)
+ (ref.null)
+ (ref.null)
+ (ref.null)
)
- (nop)
)
)
- (nop)
- (local.get $4)
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (tuple.make
+ (ref.null)
+ (ref.null)
+ (ref.null)
+ (ref.null)
)
)
- (func $func_9 (param $0 f64) (result nullref)
- (local $1 nullref)
- (local $2 f32)
- (local $3 externref)
- (local $4 exnref)
+ (func $func_11 (param $0 f64) (param $1 i32) (param $2 i64) (param $3 f64) (param $4 v128)
+ (local $5 nullref)
(block
(if
(i32.eqz
(global.get $hangLimit)
)
- (return
- (ref.null)
- )
+ (return)
)
(global.set $hangLimit
(i32.sub
@@ -613,31 +365,30 @@
)
)
)
- (local.get $1)
+ (block $label$0
+ (call $log-i32
+ (call $hashMemory)
+ )
+ (call $log-exnref
+ (ref.null)
+ )
+ )
)
- (func $func_10 (param $0 f32) (result f64)
- (local $1 externref)
- (local $2 v128)
- (local $3 i32)
- (local $4 v128)
- (local $5 funcref)
- (local $6 f64)
- (local $7 v128)
- (local $8 f32)
- (local $9 nullref)
- (local $10 exnref)
- (local $11 exnref)
- (local $12 externref)
- (local $13 nullref)
- (local $14 (v128 i32 exnref v128))
- (local $15 i64)
+ (func $func_12 (param $0 funcref) (param $1 f64) (param $2 f32) (param $3 v128) (param $4 exnref) (param $5 f32) (result i64)
+ (local $6 nullref)
+ (local $7 f32)
+ (local $8 exnref)
+ (local $9 f32)
+ (local $10 f64)
+ (local $11 i64)
+ (local $12 i32)
(block
(if
(i32.eqz
(global.get $hangLimit)
)
(return
- (local.get $6)
+ (local.get $11)
)
)
(global.set $hangLimit
@@ -647,33 +398,56 @@
)
)
)
- (select
- (local.get $6)
- (local.get $6)
- (if (result i32)
- (i32.eqz
- (local.get $3)
- )
- (i32.const -2147483648)
- (local.get $3)
+ (block $label$0
+ (call $log-f32
+ (f32.const -nan:0x7fffe0)
+ )
+ (return
+ (local.get $11)
+ )
+ )
+ )
+ (func $func_12_invoker
+ (drop
+ (call $func_12
+ (ref.null)
+ (f64.const -nan:0xfffffffffffec)
+ (f32.const 244)
+ (v128.const i32x4 0x5e58601d 0x5e555c53 0xffff0001 0xffffffff)
+ (ref.null)
+ (f32.const 72)
+ )
+ )
+ (drop
+ (call $func_12
+ (ref.func $log-v128)
+ (f64.const 32)
+ (f32.const 18014398509481984)
+ (v128.const i32x4 0x367f7324 0x5f000000 0x4e80108b 0xcf000000)
+ (ref.null)
+ (f32.const -549755813888)
+ )
+ )
+ (drop
+ (call $func_12
+ (ref.func $func_12)
+ (f64.const 4294967295.799)
+ (f32.const 1279937664)
+ (v128.const i32x4 0xffffffb6 0x00000000 0x4041414b 0x4478405c)
+ (ref.null)
+ (f32.const 10284)
)
)
)
- (func $func_11 (result i64 v128 f32 v128 v128)
- (local $0 (v128 f32 f64 f64 f32))
+ (func $func_14 (param $0 externref) (param $1 externref) (param $2 f32) (param $3 v128) (param $4 funcref) (param $5 funcref) (result v128)
+ (local $6 (i64 i32 i32 i64 funcref))
(block
(if
(i32.eqz
(global.get $hangLimit)
)
(return
- (tuple.make
- (i64.const 1250326222040357399)
- (v128.const i32x4 0x616a003f 0x8000ff02 0xffa20040 0x7fff5750)
- (f32.const -3402823466385288598117041e14)
- (v128.const i32x4 0x0400ff81 0x16168000 0x04000004 0x00000502)
- (v128.const i32x4 0x010e0007 0x04020e0f 0xc7000000 0xcf000000)
- )
+ (local.get $3)
)
)
(global.set $hangLimit
@@ -683,35 +457,118 @@
)
)
)
- (block $label$0
- (nop)
- (return
- (tuple.make
- (i64.const -20)
- (v128.const i32x4 0x7fffffff 0x00000000 0x00000000 0xffffff80)
- (f32.const -562949953421312)
- (v128.const i32x4 0x7fffffff 0x00000000 0x00000000 0xffffff80)
- (v128.const i32x4 0x0aff170d 0x490b3100 0x01800055 0x20004200)
+ (block $label$0 (result v128)
+ (i32.atomic.store8 offset=3
+ (i32.and
+ (if (result i32)
+ (global.get $global$3)
+ (i32.const 15)
+ (i32.const 1)
+ )
+ (i32.const 15)
+ )
+ (i32.load offset=3 align=2
+ (i32.and
+ (i32.const 15)
+ (i32.const 15)
+ )
+ )
+ )
+ (local.tee $3
+ (block $label$16 (result v128)
+ (loop $label$17
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (v128.const i32x4 0xffff0009 0xfffeffff 0x00005a18 0xffff7fff)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (block
+ (local.set $5
+ (tuple.extract 2
+ (tuple.make
+ (f32.const 3366576023666688)
+ (f32.const 1897033472)
+ (ref.null)
+ (ref.func $log-exnref)
+ (ref.null)
+ )
+ )
+ )
+ (local.set $5
+ (tuple.extract 2
+ (tuple.make
+ (f32.const 3366576023666688)
+ (f32.const 1897033472)
+ (ref.null)
+ (ref.func $log-exnref)
+ (ref.null)
+ )
+ )
+ )
+ (if
+ (i32.eqz
+ (i8x16.extract_lane_u 13
+ (i16x8.neg
+ (local.get $3)
+ )
+ )
+ )
+ (block $label$18
+ (loop $label$19
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (v128.const i32x4 0x2a230007 0x24000cff 0x01000405 0xe6abf412)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (drop
+ (v128.const i32x4 0xffff8001 0xffffffff 0xfc000000 0xffffffff)
+ )
+ )
+ (call $func_12_invoker)
+ )
+ (drop
+ (local.tee $0
+ (local.get $1)
+ )
+ )
+ )
+ )
+ )
+ (local.get $3)
)
)
)
)
- (func $func_12 (param $0 i64) (param $1 v128) (result f32)
- (local $2 (exnref i32 nullref exnref nullref f64))
- (local $3 i32)
- (local $4 i64)
- (local $5 f32)
- (local $6 i64)
- (local $7 f32)
- (local $8 nullref)
- (local $9 f64)
+ (func $func_15 (param $0 v128) (result funcref)
(block
(if
(i32.eqz
(global.get $hangLimit)
)
(return
- (f32.const 57)
+ (ref.null)
)
)
(global.set $hangLimit
@@ -721,8 +578,89 @@
)
)
)
- (return
- (f32.const 6.254571977675003e-36)
+ (select (result nullref)
+ (if (result nullref)
+ (loop $label$10 (result i32)
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (ref.func $log-f64)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (block (result i32)
+ (block $label$11
+ (i32.atomic.store8 offset=4
+ (i32.and
+ (i32.load8_s offset=3
+ (i32.and
+ (i32.const 1026044209)
+ (i32.const 15)
+ )
+ )
+ (i32.const 15)
+ )
+ (i32.const 0)
+ )
+ (drop
+ (local.get $0)
+ )
+ )
+ (br_if $label$10
+ (i32.const 128)
+ )
+ (select
+ (select
+ (i32.const -127)
+ (i32.const -65537)
+ (i32.const -254)
+ )
+ (i32.const 102650628)
+ (i32.const 810034249)
+ )
+ )
+ )
+ (ref.null)
+ (block $label$13 (result nullref)
+ (loop $label$14
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (ref.func $func_8)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (nop)
+ )
+ (ref.null)
+ )
+ )
+ (ref.null)
+ (i32.atomic.load8_u offset=1
+ (ref.is_null
+ (call_indirect (type $none_=>_exnref)
+ (i32.const 0)
+ )
+ )
+ )
)
)
(func $hangLimitInitializer
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-08 18:28:27 +0000