diff options
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/fuzzing.h | 11 | ||||
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 31 | ||||
| -rw-r--r-- | src/tools/fuzzing/heap-types.cpp | 20 | ||||
| -rw-r--r-- | src/tools/fuzzing/parameters.h | 3 | ||||
| -rw-r--r-- | src/tools/wasm-ctor-eval.cpp | 1 | ||||
| -rw-r--r-- | src/tools/wasm-fuzz-types.cpp | 20 |
6 files changed, 14 insertions, 72 deletions
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index d0c92690a..47d55cfef 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -181,11 +181,11 @@ private: // Recombination and mutation can replace a node with another node of the same // type, but should not do so for certain types that are dangerous. For - // example, it would be bad to add an RTT in a tuple, as that would force us - // to use temporary locals for the tuple, but RTTs are not defaultable. - // Also, 'pop' pseudo instruction for EH is supposed to exist only at the - // beginning of a 'catch' block, so it shouldn't be moved around or deleted - // freely. + // example, it would be bad to add a non-nullable reference to a tuple, as + // that would force us to use temporary locals for the tuple, but non-nullable + // references cannot always be stored in locals. Also, the 'pop' pseudo + // instruction for EH is supposed to exist only at the beginning of a 'catch' + // block, so it shouldn't be moved around or deleted freely. bool canBeArbitrarilyReplaced(Expression* curr) { return curr->type.isDefaultable() && !EHUtils::containsValidDanglingPop(curr); @@ -312,7 +312,6 @@ private: bool isLoggableType(Type type); Nullability getSubType(Nullability nullability); HeapType getSubType(HeapType type); - Rtt getSubType(Rtt rtt); Type getSubType(Type type); // Utilities diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 59c9dca45..4d0a8d7b7 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -918,7 +918,7 @@ Expression* TranslateToFuzzReader::_makeConcrete(Type type) { &Self::makeSelect) .add(FeatureSet::Multivalue, &Self::makeTupleExtract); } - if (type.isSingle() && !type.isRef() && !type.isRtt()) { + if (type.isSingle() && !type.isRef()) { options.add(FeatureSet::MVP, {&Self::makeLoad, Important}); options.add(FeatureSet::SIMD, &Self::makeSIMD); } @@ -1893,8 +1893,6 @@ Expression* TranslateToFuzzReader::makeConst(Type type) { } else { return makeConstCompoundRef(type); } - } else if (type.isRtt()) { - return builder.makeRtt(type); } else if (type.isTuple()) { std::vector<Expression*> operands; for (const auto& t : type) { @@ -2035,14 +2033,15 @@ Expression* TranslateToFuzzReader::makeUnary(Type type) { // give up return makeTrivial(type); } - // There are no unary ops for reference or RTT types. - if (type.isRef() || type.isRtt()) { + // There are no unary ops for reference types. + // TODO: not quite true if you count struct.new and array.new. + if (type.isRef()) { return makeTrivial(type); } switch (type.getBasic()) { case Type::i32: { auto singleConcreteType = getSingleConcreteType(); - if (singleConcreteType.isRef() || singleConcreteType.isRtt()) { + if (singleConcreteType.isRef()) { // TODO: Do something more interesting here. return makeTrivial(type); } @@ -2241,8 +2240,9 @@ Expression* TranslateToFuzzReader::makeBinary(Type type) { // give up return makeTrivial(type); } - // There are no binary ops for reference or RTT types. - if (type.isRef() || type.isRtt()) { + // There are no binary ops for reference types. + // TODO: Use struct.new + if (type.isRef()) { return makeTrivial(type); } switch (type.getBasic()) { @@ -3056,19 +3056,6 @@ HeapType TranslateToFuzzReader::getSubType(HeapType type) { return type; } -Rtt TranslateToFuzzReader::getSubType(Rtt rtt) { - if (getTypeSystem() == TypeSystem::Nominal || - getTypeSystem() == TypeSystem::Isorecursive) { - // With nominal or isorecursive typing the depth in rtts must match the - // nominal hierarchy, so we cannot create a random depth like we do below. - return rtt; - } - uint32_t depth = rtt.depth != Rtt::NoDepth - ? rtt.depth - : oneIn(2) ? Rtt::NoDepth : upTo(MAX_RTT_DEPTH + 1); - return Rtt(depth, rtt.heapType); -} - Type TranslateToFuzzReader::getSubType(Type type) { if (type.isTuple()) { std::vector<Type> types; @@ -3080,8 +3067,6 @@ Type TranslateToFuzzReader::getSubType(Type type) { auto heapType = getSubType(type.getHeapType()); auto nullability = getSubType(type.getNullability()); return Type(heapType, nullability); - } else if (type.isRtt()) { - return Type(getSubType(type.getRtt())); } else { // This is an MVP type without subtypes. assert(type.isBasic()); diff --git a/src/tools/fuzzing/heap-types.cpp b/src/tools/fuzzing/heap-types.cpp index edb96977d..364065b8b 100644 --- a/src/tools/fuzzing/heap-types.cpp +++ b/src/tools/fuzzing/heap-types.cpp @@ -181,20 +181,12 @@ struct HeapTypeGeneratorImpl { return builder.getTempRefType(heapType, nullability); } - Type generateRttType() { - auto heapType = generateHeapType(); - auto depth = rand.oneIn(2) ? Rtt::NoDepth : rand.upTo(MAX_RTT_DEPTH); - return builder.getTempRttType(Rtt(depth, heapType)); - } - Type generateSingleType() { - switch (rand.upTo(3)) { + switch (rand.upTo(2)) { case 0: return generateBasicType(); case 1: return generateRefType(); - case 2: - return generateRttType(); } WASM_UNREACHABLE("unexpected"); } @@ -412,20 +404,10 @@ struct HeapTypeGeneratorImpl { return {pickSubHeapType(super.type), nullability}; } - Rtt generateSubRtt(Rtt super) { - auto depth = super.hasDepth() - ? super.depth - : rand.oneIn(2) ? Rtt::NoDepth : rand.upTo(MAX_RTT_DEPTH); - return {depth, super.heapType}; - } - Type generateSubtype(Type type) { if (type.isRef()) { auto ref = generateSubRef({type.getHeapType(), type.getNullability()}); return builder.getTempRefType(ref.type, ref.nullability); - } else if (type.isRtt()) { - auto rtt = generateSubRtt(type.getRtt()); - return builder.getTempRttType(rtt); } else if (type.isBasic()) { // Non-reference basic types do not have subtypes. return type; diff --git a/src/tools/fuzzing/parameters.h b/src/tools/fuzzing/parameters.h index 6618ce6db..1ba7b064f 100644 --- a/src/tools/fuzzing/parameters.h +++ b/src/tools/fuzzing/parameters.h @@ -38,9 +38,6 @@ constexpr int MAX_TUPLE_SIZE = 6; // The maximum number of struct fields. static const int MAX_STRUCT_SIZE = 6; -// The maximum rtt depth. -constexpr int MAX_RTT_DEPTH = 3; - // The number of nontrivial heap types to generate. constexpr int MIN_HEAPTYPES = 4; constexpr int MAX_HEAPTYPES = 20; diff --git a/src/tools/wasm-ctor-eval.cpp b/src/tools/wasm-ctor-eval.cpp index 22fa87633..6150441cd 100644 --- a/src/tools/wasm-ctor-eval.cpp +++ b/src/tools/wasm-ctor-eval.cpp @@ -558,7 +558,6 @@ public: Expression* init; auto heapType = type.getHeapType(); - // TODO: handle rtts if we need them if (heapType.isStruct()) { init = builder.makeStructNew(heapType, args); } else if (heapType.isArray()) { diff --git a/src/tools/wasm-fuzz-types.cpp b/src/tools/wasm-fuzz-types.cpp index d2540636f..d80c89ea8 100644 --- a/src/tools/wasm-fuzz-types.cpp +++ b/src/tools/wasm-fuzz-types.cpp @@ -386,24 +386,6 @@ void Fuzzer::checkCanonicalization() { } } - CopiedType getRtt(Type old) { - auto copied = getChildHeapType(old.getHeapType()); - auto rtt = old.getRtt(); - rtt.heapType = copied.get(); - if (copied.getNew()) { - // The child is temporary, so we must put it in a temporary type. - return {NewType{builder.getTempRttType(rtt)}}; - } else { - // The child is canonical, so we can either put it in a temporary type - // or use the canonical type. - if (rand.oneIn(2)) { - return {NewType{builder.getTempRttType(rtt)}}; - } else { - return {OldType{Type(rtt)}}; - } - } - } - CopiedType getRef(Type old) { auto copied = getChildHeapType(old.getHeapType()); auto type = copied.get(); @@ -425,8 +407,6 @@ void Fuzzer::checkCanonicalization() { CopiedType getType(Type old) { if (old.isTuple()) { return getTuple(old); - } else if (old.isRtt()) { - return getRtt(old); } else if (old.isRef()) { return getRef(old); } else { |