diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/tools/execution-results.h | 3 | ||||
| -rw-r--r-- | src/tools/fuzzing.h | 3 | ||||
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 29 |
3 files changed, 35 insertions, 0 deletions
diff --git a/src/tools/execution-results.h b/src/tools/execution-results.h index b8823c3f0..ea822d547 100644 --- a/src/tools/execution-results.h +++ b/src/tools/execution-results.h @@ -128,6 +128,9 @@ public: } catch (const WasmException& e) { return {Literal(int32_t(1))}; } + } else if (import->base == "sleep") { + // Do not actually sleep, just return the id. + return {arguments[1]}; } else { WASM_UNREACHABLE("unknown fuzzer import"); } diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index 78219045c..f76ed62a5 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -117,6 +117,7 @@ private: Name callExportCatchImportName; Name callRefImportName; Name callRefCatchImportName; + Name sleepImportName; std::unordered_map<Type, std::vector<Name>> globalsByType; std::unordered_map<Type, std::vector<Name>> mutableGlobalsByType; @@ -238,6 +239,7 @@ private: void addImportCallingSupport(); void addImportThrowingSupport(); void addImportTableSupport(); + void addImportSleepSupport(); void addHashMemorySupport(); // Special expression makers @@ -249,6 +251,7 @@ private: // Call either an export or a ref. We do this from a single function to better // control the frequency of each. Expression* makeImportCallCode(Type type); + Expression* makeImportSleep(Type type); Expression* makeMemoryHashLogging(); // Function creation diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index a7f5e0d01..2b9286180 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -317,6 +317,7 @@ void TranslateToFuzzReader::build() { } addImportLoggingSupport(); addImportCallingSupport(); + addImportSleepSupport(); modifyInitialFunctions(); // keep adding functions until we run out of input while (!random.finished()) { @@ -909,6 +910,24 @@ void TranslateToFuzzReader::addImportTableSupport() { } } +void TranslateToFuzzReader::addImportSleepSupport() { + if (!oneIn(4)) { + // Fuzz this somewhat rarely, as it may be slow. + return; + } + + // An import that sleeps for a given number of milliseconds, and also receives + // an integer id. It returns that integer id (useful for tracking separate + // sleeps). + sleepImportName = Names::getValidFunctionName(wasm, "sleep"); + auto func = std::make_unique<Function>(); + func->name = sleepImportName; + func->module = "fuzzing-support"; + func->base = "sleep"; + func->type = Signature({Type::i32, Type::i32}, Type::i32); + wasm.addFunction(std::move(func)); +} + void TranslateToFuzzReader::addHashMemorySupport() { // Add memory hasher helper (for the hash, see hash.h). The function looks // like: @@ -1090,6 +1109,13 @@ Expression* TranslateToFuzzReader::makeImportCallCode(Type type) { return builder.makeCall(exportTarget, {index}, type); } +Expression* TranslateToFuzzReader::makeImportSleep(Type type) { + // Sleep for some ms, and return a given id. + auto* ms = make(Type::i32); + auto id = make(Type::i32); + return builder.makeCall(sleepImportName, {ms, id}, Type::i32); +} + Expression* TranslateToFuzzReader::makeMemoryHashLogging() { auto* hash = builder.makeCall(std::string("hashMemory"), {}, Type::i32); return builder.makeCall(logImportNames[Type::i32], {hash}, Type::none); @@ -1768,6 +1794,9 @@ Expression* TranslateToFuzzReader::_makeConcrete(Type type) { if (callExportCatchImportName || callRefCatchImportName) { options.add(FeatureSet::MVP, &Self::makeImportCallCode); } + if (sleepImportName) { + options.add(FeatureSet::MVP, &Self::makeImportSleep); + } options.add(FeatureSet::ReferenceTypes, &Self::makeRefIsNull); options.add(FeatureSet::ReferenceTypes | FeatureSet::GC, &Self::makeRefEq, |