diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/tools/fuzzing.h | 10 | ||||
| -rw-r--r-- | src/tools/wasm-opt.cpp | 7 |
2 files changed, 15 insertions, 2 deletions
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index b9a9fe4ff..965cb74fa 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -189,6 +189,8 @@ public: void setAllowMemory(bool allowMemory_) { allowMemory = allowMemory_; } + void setAllowOOB(bool allowOOB_) { allowOOB = allowOOB_; } + void build() { if (allowMemory) { setupMemory(); @@ -252,6 +254,10 @@ private: // Whether to emit memory operations like loads and stores. bool allowMemory = true; + // Whether to emit loads, stores, and call_indirects that may be out + // of bounds (which traps in wasm, and is undefined behavior in C). + bool allowOOB = true; + // Whether to emit atomic waits (which in single-threaded mode, may hang...) static const bool ATOMIC_WAITS = false; @@ -1212,7 +1218,7 @@ private: // with high probability, make sure the type is valid otherwise, most are // going to trap Expression* target; - if (!oneIn(10)) { + if (!allowOOB || !oneIn(10)) { target = builder.makeConst(Literal(int32_t(i))); } else { target = make(i32); @@ -1277,7 +1283,7 @@ private: // with high probability, mask the pointer so it's in a reasonable // range. otherwise, most pointers are going to be out of range and // most memory ops will just trap - if (!oneIn(10)) { + if (!allowOOB || !oneIn(10)) { ret = builder.makeBinary( AndInt32, ret, builder.makeConst(Literal(int32_t(USABLE_MEMORY - 1)))); } diff --git a/src/tools/wasm-opt.cpp b/src/tools/wasm-opt.cpp index f7e8b5918..6d78a209b 100644 --- a/src/tools/wasm-opt.cpp +++ b/src/tools/wasm-opt.cpp @@ -73,6 +73,7 @@ int main(int argc, const char* argv[]) { bool fuzzPasses = false; bool fuzzNaNs = true; bool fuzzMemory = true; + bool fuzzOOB = true; std::string emitJSWrapper; std::string emitSpecWrapper; std::string inputSourceMapFilename; @@ -157,6 +158,11 @@ int main(int argc, const char* argv[]) { "don't emit memory ops when fuzzing", Options::Arguments::Zero, [&](Options* o, const std::string& arguments) { fuzzMemory = false; }) + .add("--no-fuzz-oob", + "", + "don't emit out-of-bounds loads/stores/indirect calls when fuzzing", + Options::Arguments::Zero, + [&](Options* o, const std::string& arguments) { fuzzOOB = false; }) .add("--emit-js-wrapper", "-ejw", "Emit a JavaScript wrapper file that can run the wasm with some test " @@ -242,6 +248,7 @@ int main(int argc, const char* argv[]) { } reader.setAllowNaNs(fuzzNaNs); reader.setAllowMemory(fuzzMemory); + reader.setAllowOOB(fuzzOOB); reader.build(); if (options.passOptions.validate) { if (!WasmValidator().validate(wasm)) { |