diff options
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 37 | ||||
| -rw-r--r-- | src/tools/wasm-reduce.cpp | 1 |
2 files changed, 17 insertions, 21 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index ed653ef6b..135e50393 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -62,6 +62,17 @@ void TranslateToFuzzReader::pickPasses(OptimizationOptions& options) { // things like ClusterFuzz, where we are using Binaryen to fuzz other things // than itself). As a result, the list of passes here is different from // fuzz_opt.py. + + // Enclose the world, some of the time. We do this before picking any other + // passes so that we make the initial fuzz contents more optimizable by + // closed-world passes later. Note that we do this regardless of whether we + // are in closed-world mode or not, as it is good to get this variety + // regardless. + if (oneIn(2)) { + options.passes.push_back("enclose-world"); + } + + // Main selection of passes. while (options.passes.size() < 20 && !random.finished() && !oneIn(3)) { switch (upTo(42)) { case 0: @@ -1075,30 +1086,14 @@ Function* TranslateToFuzzReader::addFunction() { // Add hang limit checks after all other operations on the function body. wasm.addFunction(std::move(allocation)); // Export some functions, but not all (to allow inlining etc.). Try to export - // at least one, though, to keep each testcase interesting. Only functions - // with valid params and returns can be exported because the trap fuzzer - // depends on that (TODO: fix this). - auto validExportType = [](Type t) { - if (!t.isRef()) { - return true; - } - auto heapType = t.getHeapType(); - return heapType == HeapType::ext || heapType == HeapType::func || - heapType == HeapType::string; - }; + // at least one, though, to keep each testcase interesting. Avoid non- + // nullable params, as those cannot be constructed by the fuzzer on the + // outside. bool validExportParams = std::all_of(paramType.begin(), paramType.end(), [&](Type t) { - return validExportType(t) && t.isDefaultable(); + return t.isDefaultable(); }); - // Note: spec discussions around JS API integration are still ongoing, and it - // is not clear if we should allow nondefaultable types in exports or not - // (in imports, we cannot allow them in the fuzzer anyhow, since it can't - // construct such values in JS to send over to the wasm from the fuzzer - // harness). - bool validExportResults = - std::all_of(resultType.begin(), resultType.end(), validExportType); - if (validExportParams && validExportResults && - (numAddedFunctions == 0 || oneIn(2)) && + if (validExportParams && (numAddedFunctions == 0 || oneIn(2)) && !wasm.getExportOrNull(func->name)) { auto* export_ = new Export; export_->name = func->name; diff --git a/src/tools/wasm-reduce.cpp b/src/tools/wasm-reduce.cpp index 8d9858b78..026825118 100644 --- a/src/tools/wasm-reduce.cpp +++ b/src/tools/wasm-reduce.cpp @@ -275,6 +275,7 @@ struct Reducer "--dae-optimizing", "--dce", "--duplicate-function-elimination", + "--enclose-world", "--gto", "--inlining", "--inlining-optimizing", |