diff options
| -rwxr-xr-x | scripts/fuzz_opt.py | 3 | ||||
| -rw-r--r-- | src/ir/type-updating.cpp | 9 | ||||
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 22 |
3 files changed, 29 insertions, 5 deletions
diff --git a/scripts/fuzz_opt.py b/scripts/fuzz_opt.py index 887b6abe9..6db2bd3bc 100755 --- a/scripts/fuzz_opt.py +++ b/scripts/fuzz_opt.py @@ -668,6 +668,9 @@ def run_vm(cmd): HOST_LIMIT_PREFIX, # see comment above on this constant V8_UNINITIALIZED_NONDEF_LOCAL, + # V8 does not accept nullable stringviews + # (https://github.com/WebAssembly/binaryen/pull/6574) + 'expected (ref stringview_wtf16), got nullref', ] for issue in known_issues: if issue in output: diff --git a/src/ir/type-updating.cpp b/src/ir/type-updating.cpp index 12a8c7c36..0144b9330 100644 --- a/src/ir/type-updating.cpp +++ b/src/ir/type-updating.cpp @@ -304,6 +304,15 @@ namespace TypeUpdating { bool canHandleAsLocal(Type type) { // TODO: Inline this into its callers. + if (type.isRef()) { + // V8 does not accept nullable string views, and so we must avoid putting + // them in locals (as even a non-nullable one may end up nullable if we see + // situations that require fixing in handleNonDefaultableLocals). + auto heapType = type.getHeapType(); + return heapType != HeapType::stringview_wtf8 && + heapType != HeapType::stringview_wtf16 && + heapType != HeapType::stringview_iter; + } return type.isConcrete(); } diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 6c62e5191..3378d0745 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -29,8 +29,12 @@ namespace wasm { namespace { -// Weighting for the core make* methods. Some nodes are important enough that -// we should do them quite often. +bool canBeNullable(HeapType type) { + // V8 does not accept nullable string views. + return type != HeapType::stringview_wtf8 && + type != HeapType::stringview_wtf16 && + type != HeapType::stringview_iter; +} } // anonymous namespace @@ -703,6 +707,9 @@ Function* TranslateToFuzzReader::addFunction() { Index numVars = upToSquared(MAX_VARS); for (Index i = 0; i < numVars; i++) { auto type = getConcreteType(); + if (!TypeUpdating::canHandleAsLocal(type)) { + type = Type::i32; + } func->vars.push_back(type); } context.computeTypeLocals(); @@ -1858,7 +1865,7 @@ Expression* TranslateToFuzzReader::makeLocalGet(Type type) { // the time), or emit a local.get of a new local, or emit a local.tee of a new // local. auto choice = upTo(3); - if (choice == 0) { + if (choice == 0 || !TypeUpdating::canHandleAsLocal(type)) { return makeConst(type); } // Otherwise, add a new local. If the type is not non-nullable then we may @@ -2712,6 +2719,9 @@ Expression* TranslateToFuzzReader::makeCompoundRef(Type type) { if (funcContext && !funcContext->typeLocals[type].empty()) { return makeLocalGet(type); } + if (!canBeNullable(heapType)) { + return makeConst(type); + } return builder.makeRefAs(RefAsNonNull, builder.makeRefNull(heapType)); } @@ -2824,7 +2834,8 @@ Expression* TranslateToFuzzReader::makeStringConcat() { } Expression* TranslateToFuzzReader::makeStringSlice() { - auto* ref = makeTrappingRefUse(HeapType::stringview_wtf16); + // StringViews cannot be non-nullable. + auto* ref = make(Type(HeapType::stringview_wtf16, NonNullable)); auto* start = make(Type::i32); auto* end = make(Type::i32); return builder.makeStringSliceWTF(StringSliceWTF16, ref, start, end); @@ -2855,7 +2866,8 @@ Expression* TranslateToFuzzReader::makeStringMeasure(Type type) { Expression* TranslateToFuzzReader::makeStringGet(Type type) { assert(type == Type::i32); - auto* ref = makeTrappingRefUse(HeapType::stringview_wtf16); + // StringViews cannot be non-nullable. + auto* ref = make(Type(HeapType::stringview_wtf16, NonNullable)); auto* pos = make(Type::i32); return builder.makeStringWTF16Get(ref, pos); } |