summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/tools/fuzzing.h19
-rw-r--r--test/passes/fuzz_metrics_noprint.bin.txt50
-rw-r--r--test/passes/translate-to-fuzz_all-features.txt612
3 files changed, 555 insertions, 126 deletions
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h
index 4fe356931..d2cdb7a7f 100644
--- a/src/tools/fuzzing.h
+++ b/src/tools/fuzzing.h
@@ -1261,12 +1261,21 @@ private:
}
}
+ // Some globals are for internal use, and should not be modified by random
+ // fuzz code.
+ bool isValidGlobal(Name name) { return name != HANG_LIMIT_GLOBAL; }
+
Expression* makeGlobalGet(Type type) {
auto it = globalsByType.find(type);
if (it == globalsByType.end() || it->second.empty()) {
return makeConst(type);
}
- return builder.makeGlobalGet(pick(it->second), type);
+ auto name = pick(it->second);
+ if (isValidGlobal(name)) {
+ return builder.makeGlobalGet(name, type);
+ } else {
+ return makeTrivial(type);
+ }
}
Expression* makeGlobalSet(Type type) {
@@ -1276,8 +1285,12 @@ private:
if (it == globalsByType.end() || it->second.empty()) {
return makeTrivial(Type::none);
}
- auto* value = make(type);
- return builder.makeGlobalSet(pick(it->second), value);
+ auto name = pick(it->second);
+ if (isValidGlobal(name)) {
+ return builder.makeGlobalSet(name, make(type));
+ } else {
+ return makeTrivial(Type::none);
+ }
}
Expression* makeTupleMake(Type type) {
diff --git a/test/passes/fuzz_metrics_noprint.bin.txt b/test/passes/fuzz_metrics_noprint.bin.txt
index efa390f23..a79ff8f26 100644
--- a/test/passes/fuzz_metrics_noprint.bin.txt
+++ b/test/passes/fuzz_metrics_noprint.bin.txt
@@ -1,30 +1,30 @@
total
[events] : 0
- [exports] : 69
- [funcs] : 101
+ [exports] : 18
+ [funcs] : 22
[globals] : 7
[imports] : 4
[memory-data] : 4
- [table-data] : 39
- [total] : 7276
- [vars] : 287
- binary : 555
- block : 1075
- break : 250
- call : 433
- call_indirect : 75
- const : 1310
- drop : 111
- global.get : 606
- global.set : 263
- if : 415
- load : 137
- local.get : 465
- local.set : 364
- loop : 166
- nop : 110
- return : 300
- select : 46
- store : 61
- unary : 531
- unreachable : 3
+ [table-data] : 9
+ [total] : 4993
+ [vars] : 58
+ binary : 397
+ block : 736
+ break : 204
+ call : 173
+ call_indirect : 32
+ const : 823
+ drop : 42
+ global.get : 421
+ global.set : 190
+ if : 292
+ load : 95
+ local.get : 392
+ local.set : 297
+ loop : 146
+ nop : 97
+ return : 189
+ select : 39
+ store : 55
+ switch : 1
+ unary : 372
diff --git a/test/passes/translate-to-fuzz_all-features.txt b/test/passes/translate-to-fuzz_all-features.txt
index ab8ac7ca2..7ebc6d070 100644
--- a/test/passes/translate-to-fuzz_all-features.txt
+++ b/test/passes/translate-to-fuzz_all-features.txt
@@ -1,20 +1,20 @@
(module
(type $none_=>_none (func))
(type $none_=>_i32 (func (result i32)))
- (type $i32_=>_none (func (param i32)))
(type $i64_=>_none (func (param i64)))
+ (type $i32_=>_none (func (param i32)))
(type $f32_=>_none (func (param f32)))
(type $f64_=>_none (func (param f64)))
(type $v128_=>_none (func (param v128)))
(type $exnref_=>_none (func (param exnref)))
- (type $none_=>_i64 (func (result i64)))
- (type $externref_eqref_funcref_=>_i64 (func (param externref eqref funcref) (result i64)))
+ (type $funcref_f64_=>_i32 (func (param funcref f64) (result i32)))
(type $none_=>_f32 (func (result f32)))
+ (type $eqref_i32_=>_funcref (func (param eqref i32) (result funcref)))
(type $i32_i32_f32_exnref_=>_externref (func (param i32 i32 f32 exnref) (result externref)))
(type $externref_f64_f32_eqref_i31ref_anyref_=>_externref (func (param externref f64 f32 eqref i31ref anyref) (result externref)))
(type $exnref_f32_i31ref_externref_funcref_i31ref_i64_=>_exnref (func (param exnref f32 i31ref externref funcref i31ref i64) (result exnref)))
- (type $none_=>_exnref_anyref_v128 (func (result exnref anyref v128)))
- (type $externref_i32_eqref_v128_=>_exnref_anyref_v128 (func (param externref i32 eqref v128) (result exnref anyref v128)))
+ (type $none_=>_eqref_i31ref_i64_v128_eqref (func (result eqref i31ref i64 v128 eqref)))
+ (type $v128_i31ref_=>_eqref_i31ref_i64_v128_eqref (func (param v128 i31ref) (result eqref i31ref i64 v128 eqref)))
(type $none_=>_i31ref (func (result i31ref)))
(import "fuzzing-support" "log-i32" (func $log-i32 (param i32)))
(import "fuzzing-support" "log-i64" (func $log-i64 (param i64)))
@@ -25,7 +25,7 @@
(memory $0 (shared 1 1))
(data (i32.const 0) "N\0fN\f5\f9\b1\ff\fa\eb\e5\fe\a7\ec\fb\fc\f4\a6\e4\ea\f0\ae\e3")
(table $0 5 5 funcref)
- (elem (i32.const 0) $func_9 $func_9 $func_9 $func_10 $func_16)
+ (elem (i32.const 0) $func_9 $func_9 $func_9 $func_10 $func_14)
(global $global$5 (mut eqref) (ref.null eq))
(global $global$4 (mut i32) (i32.const 470177031))
(global $global$3 (mut f64) (f64.const 2147483647))
@@ -44,8 +44,8 @@
(export "func_7_invoker" (func $func_7_invoker))
(export "func_9" (func $func_9))
(export "func_11_invoker" (func $func_11_invoker))
- (export "func_14_invoker" (func $func_14_invoker))
- (export "func_17" (func $func_17))
+ (export "func_14" (func $func_14))
+ (export "func_18" (func $func_18))
(export "hangLimitInitializer" (func $hangLimitInitializer))
(func $hashMemory (result i32)
(local $0 i32)
@@ -462,7 +462,7 @@
(global.get $hangLimit)
)
(return
- (i32.const 471818526)
+ (local.get $0)
)
)
(global.set $hangLimit
@@ -477,59 +477,112 @@
(local.get $0)
)
)
- (func $func_14_invoker
- (drop
- (call $func_14)
- )
- (call $log-i32
- (call $hashMemory)
- )
- (drop
- (call $func_14)
- )
- (drop
- (call $func_14)
- )
- (drop
- (call $func_14)
- )
- (drop
- (call $func_14)
- )
- (drop
- (call $func_14)
- )
- (call $log-i32
- (call $hashMemory)
- )
- (drop
- (call $func_14)
- )
- (call $log-i32
- (call $hashMemory)
+ (func $func_15 (result i32)
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (i32.const 32768)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
)
+ (global.get $global$4)
)
- (func $func_16 (param $0 externref) (param $1 i32) (param $2 eqref) (param $3 v128) (result exnref anyref v128)
- (local $4 exnref)
- (local $5 i31ref)
- (local $6 eqref)
- (local $7 funcref)
- (local $8 (i31ref eqref f64))
- (local $9 v128)
- (local $10 eqref)
- (local $11 exnref)
+ (func $func_16 (param $0 eqref) (param $1 i32) (result funcref)
+ (local $2 v128)
+ (local $3 funcref)
+ (local $4 eqref)
(block
(if
(i32.eqz
(global.get $hangLimit)
)
(return
- (tuple.make
- (ref.null exn)
- (ref.null any)
- (v128.const i32x4 0x0c1f021d 0x00020814 0x4742fffc 0x007f252c)
+ (local.get $3)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (loop $label$1 (result funcref)
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (local.get $3)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (block (result funcref)
+ (block $label$2
+ (br_if $label$2
+ (i32.eqz
+ (block $label$3
+ (global.set $global$4
+ (local.tee $1
+ (local.get $1)
+ )
+ )
+ (block $label$4
+ (nop)
+ (br_if $label$1
+ (i32.eqz
+ (i31.get_u
+ (i31.new
+ (i32.const -90)
+ )
+ )
+ )
+ )
+ )
+ (br $label$1)
+ )
+ )
+ )
+ (memory.init 0
+ (i32.and
+ (local.get $1)
+ (i32.const 15)
+ )
+ (i32.const 16)
+ (i32.const 3)
)
)
+ (br_if $label$1
+ (i32.const 131071)
+ )
+ (local.get $3)
+ )
+ )
+ )
+ (func $func_17 (param $0 i64)
+ (local $1 externref)
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return)
)
(global.set $hangLimit
(i32.sub
@@ -540,25 +593,137 @@
)
(block $label$0
(call $log-i32
- (local.get $1)
+ (call $hashMemory)
)
- (return
- (tuple.make
- (ref.null exn)
- (ref.null any)
- (v128.const i32x4 0x00010001 0xfff00000 0xffff8001 0x00000202)
+ (if
+ (i32.eqz
+ (f64.gt
+ (f64.const 103)
+ (f64.max
+ (f64.const 8388607.124)
+ (if
+ (i32.eqz
+ (global.get $global$4)
+ )
+ (block $label$1
+ (call $log-v128
+ (f64x2.replace_lane 0
+ (f32x4.neg
+ (i8x16.shr_u
+ (v128.load offset=3
+ (i32.const 65535)
+ )
+ (loop $label$2 (result i32)
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return)
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (block (result i32)
+ (block $label$3
+ (call $log-exnref
+ (ref.null exn)
+ )
+ (call $log-i32
+ (i32.atomic.rmw8.sub_u offset=22
+ (i32.and
+ (i32.const 6)
+ (i32.const 15)
+ )
+ (i32.const 1852667194)
+ )
+ )
+ )
+ (br_if $label$2
+ (tuple.extract 0
+ (tuple.make
+ (i32.const -2147483648)
+ (i31.new
+ (i32.const -32767)
+ )
+ )
+ )
+ )
+ (i32.const -2147483648)
+ )
+ )
+ )
+ )
+ (f64.const -nan:0xffffffffffff3)
+ )
+ )
+ (br $label$0)
+ )
+ (block $label$4
+ (br_if $label$0
+ (i32.eqz
+ (tuple.extract 2
+ (block $label$5
+ (call $log-i32
+ (call $hashMemory)
+ )
+ (br $label$0)
+ )
+ )
+ )
+ )
+ (br $label$0)
+ )
+ )
+ )
+ )
+ )
+ (block $label$6
+ (call $log-i32
+ (call $hashMemory)
+ )
+ (call $log-i32
+ (call $hashMemory)
+ )
+ )
+ (if
+ (i32.eqz
+ (i32.or
+ (i32.const 65535)
+ (i32.const 8)
+ )
+ )
+ (call $log-i32
+ (i32.const 608321884)
+ )
+ (atomic.fence)
)
)
)
)
- (func $func_17 (result i64)
+ (func $func_18 (param $0 v128) (param $1 i31ref) (result eqref i31ref i64 v128 eqref)
+ (local $2 i64)
+ (local $3 v128)
+ (local $4 f32)
(block
(if
(i32.eqz
(global.get $hangLimit)
)
(return
- (i64.const 590056222575119631)
+ (tuple.make
+ (ref.null eq)
+ (i31.new
+ (i32.const -2147483648)
+ )
+ (i64.const 369041285507055655)
+ (v128.const i32x4 0xffffffd1 0xffffffff 0x25312936 0x5455263f)
+ (ref.null eq)
+ )
)
)
(global.set $hangLimit
@@ -568,19 +733,62 @@
)
)
)
- (i64.const 650238098827575305)
+ (tuple.make
+ (ref.null eq)
+ (local.get $1)
+ (i64.const -32766)
+ (v128.bitselect
+ (local.get $3)
+ (block $label$2
+ (atomic.fence)
+ (return
+ (tuple.make
+ (ref.null eq)
+ (i31.new
+ (i32.const 19521)
+ )
+ (i64.const -32766)
+ (v128.const i32x4 0x4f800000 0x3e116873 0x46ca0800 0x54000000)
+ (ref.null eq)
+ )
+ )
+ )
+ (tuple.extract 2
+ (tuple.make
+ (i31.new
+ (i32.const 1684216173)
+ )
+ (ref.null eq)
+ (v128.const i32x4 0xffa20004 0x00000000 0x2b25ffa6 0x005b0080)
+ (ref.null eq)
+ )
+ )
+ )
+ (global.get $global$5)
+ )
)
- (func $func_18 (param $0 externref) (param $1 eqref) (param $2 funcref) (result i64)
- (local $3 f32)
- (local $4 eqref)
- (local $5 exnref)
+ (func $func_19 (param $0 funcref) (param $1 f64) (result i32)
+ (local $2 (funcref f32 exnref exnref externref))
+ (local $3 externref)
+ (local $4 v128)
+ (local $5 f64)
+ (local $6 i32)
+ (local $7 (f64 i31ref eqref eqref))
+ (local $8 anyref)
+ (local $9 (eqref i31ref i32 i31ref anyref))
+ (local $10 eqref)
+ (local $11 exnref)
+ (local $12 externref)
+ (local $13 externref)
+ (local $14 externref)
+ (local $15 i31ref)
(block
(if
(i32.eqz
(global.get $hangLimit)
)
(return
- (i64.const -1)
+ (i32.const 2147483647)
)
)
(global.set $hangLimit
@@ -590,52 +798,260 @@
)
)
)
- (block $label$0 (result i64)
- (nop)
- (local.set $5
- (local.get $5)
- )
- (br_if $label$0
- (if (result i64)
- (i32.const 0)
- (block $label$2 (result i64)
+ (select
+ (i32.atomic.load8_u offset=22
+ (i32.and
+ (block (result i32)
(nop)
- (br_if $label$2
- (i64.or
- (i64.const -2147483648)
- (i64.const 3088)
+ (nop)
+ (i32.const -33)
+ )
+ (i32.const 15)
+ )
+ )
+ (local.tee $6
+ (select
+ (i16x8.extract_lane_s 4
+ (v128.const i32x4 0xfffffff8 0x00008001 0xffffffa0 0x180b1217)
+ )
+ (if (result i32)
+ (i32.eqz
+ (if (result i32)
+ (i32.eqz
+ (loop $label$3 (result i32)
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (i32.const 2151)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (block (result i32)
+ (br_if $label$3
+ (local.get $6)
+ )
+ (br_if $label$3
+ (local.get $6)
+ )
+ (i32.const -33)
+ )
+ )
+ )
+ (i32.const 2147483647)
+ (if (result i32)
+ (i32.eqz
+ (i32.const 32768)
+ )
+ (i32.const 16404)
+ (i32.const -1024)
+ )
)
- (i32.const -17)
)
+ (block $label$9 (result i32)
+ (i32.const 4935)
+ )
+ (local.get $6)
)
- (block $label$11 (result i64)
- (nop)
- (call $log-f64
- (f64.const 3848309694063512128130702e64)
+ (select
+ (i32.const 33554433)
+ (i32.trunc_f64_s
+ (f64.const 3402823466385288598117041e14)
)
- (loop $label$12 (result i64)
- (block
- (if
- (i32.eqz
- (global.get $hangLimit)
+ (local.tee $6
+ (select
+ (local.get $6)
+ (select
+ (i16x8.extract_lane_s 4
+ (v128.const i32x4 0xfffffff8 0x00008001 0xffffffa0 0x180b1217)
)
- (return
- (i64.const -32768)
+ (if (result i32)
+ (i32.eqz
+ (if (result i32)
+ (i32.eqz
+ (i32.const 524287)
+ )
+ (block $label$1
+ (memory.init 0
+ (i32.and
+ (f32.ge
+ (block $label$2 (result f32)
+ (call $log-i32
+ (call $hashMemory)
+ )
+ (if (result f32)
+ (if (result i32)
+ (i32.eqz
+ (i32.const -129)
+ )
+ (i32.const 2147483647)
+ (if (result i32)
+ (i32.eqz
+ (i32.const 32768)
+ )
+ (i32.const 16404)
+ (i32.const -1024)
+ )
+ )
+ (f32.const -nan:0x7fffa8)
+ (block $label$4 (result f32)
+ (call $log-i32
+ (call $hashMemory)
+ )
+ (f32.const 18446744073709551615)
+ )
+ )
+ )
+ (if (result f32)
+ (i32.eqz
+ (ref.is_null
+ (if (result externref)
+ (i32.eqz
+ (i32.const -65535)
+ )
+ (ref.null extern)
+ (local.get $12)
+ )
+ )
+ )
+ (block $label$5 (result f32)
+ (call $log-f32
+ (select
+ (f32.const 4096)
+ (f32.const -nan:0x7fffa1)
+ (i32.const 2097640319)
+ )
+ )
+ (f32.const 8192)
+ )
+ (f32.const -1125899906842624)
+ )
+ )
+ (i32.const 15)
+ )
+ (i32.const 1)
+ (i32.const 2)
+ )
+ (return
+ (local.get $6)
+ )
+ )
+ (block $label$6 (result i32)
+ (loop $label$7
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (local.get $6)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (block $label$8
+ (nop)
+ (memory.fill
+ (i32.and
+ (i8x16.extract_lane_s 11
+ (i8x16.max_s
+ (local.get $4)
+ (i16x8.add_saturate_u
+ (v128.const i32x4 0xffea0f4a 0xfdffffec 0xdfff0512 0x1910ffff)
+ (local.get $4)
+ )
+ )
+ )
+ (i32.const 15)
+ )
+ (i32.and
+ (i32.const 1326258715)
+ (i32.const 15)
+ )
+ (local.get $6)
+ )
+ )
+ )
+ (i32.const -10)
+ )
+ )
+ )
+ (local.get $6)
+ (local.get $6)
)
- )
- (global.set $hangLimit
- (i32.sub
- (global.get $hangLimit)
- (i32.const 1)
+ (select
+ (i32.const 33554433)
+ (i32.trunc_f64_s
+ (f64.const 3402823466385288598117041e14)
+ )
+ (local.tee $6
+ (select
+ (local.get $6)
+ (ref.eq
+ (loop $label$0 (result i31ref)
+ (block
+ (if
+ (i32.eqz
+ (global.get $hangLimit)
+ )
+ (return
+ (i32.const 268435455)
+ )
+ )
+ (global.set $hangLimit
+ (i32.sub
+ (global.get $hangLimit)
+ (i32.const 1)
+ )
+ )
+ )
+ (block (result i31ref)
+ (local.set $5
+ (f64.const 371920655)
+ )
+ (br_if $label$0
+ (i32.eqz
+ (local.tee $6
+ (local.tee $6
+ (local.tee $6
+ (local.tee $6
+ (local.get $6)
+ )
+ )
+ )
+ )
+ )
+ )
+ (local.get $15)
+ )
+ )
+ (local.get $10)
+ )
+ (local.get $6)
+ )
+ )
)
)
+ (local.get $6)
)
- (i64.const 4883)
)
)
)
- (i32.const 8)
)
+ (global.get $global$4)
)
)
(func $hangLimitInitializer
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-05 21:59:50 +0000