| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
nans are allowed, as they are nondetermnistic (#1996)
|
| |
|
|
|
|
|
| |
Get fuzzer to attempt to create almost all features. Pass v8 all the flags to allow that.
Fix fuzz bugs where we read signed_ even when it was irrelevant for that type of load.
Improve wasm-reduce on fuzz testcases, try to replace a node with drops of its children, not just the children themselves.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* make DE_NAN avoid creating nan literals in the first place
* add a reducer option `--denan` to not introduce nans in destructive reduction
* add a `Literal::isNaN()` method
* also remove the default exception logging from the fuzzer js glue, which is a source of non-useful VM differences (like nan nondeterminism)
* added an option `--no-fuzz-nans` to make it easy to avoid nans when fuzzing (without hacking the source and recompiling).
Background: trying to get fuzzing on jsc working despite this open issue: https://bugs.webkit.org/show_bug.cgi?id=175691
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The main fuzz_opt.py script compares JS VMs, and separately runs binaryen's fuzz-exec that compares the binaryen interpreter to itself (before and after opts). This PR lets us directly compare binaryen's interpreter output to JS VMs. This found a bunch of minor things we can do better on both sides, giving more fuzz coverage.
To enable this, a bunch of tiny fixes were needed:
* Add --fuzz-exec-before which is like --fuzz-exec but just runs the code before opts are run, instead of before and after.
* Normalize double printing (so JS and C++ print comparable things). This includes negative zero in JS, which we never printed properly til now.
* Various improvements to how we print fuzz-exec logging - remove unuseful things, and normalize the others across JS and C++.
* Properly legalize the wasm when --emit-js-wrapper (i.e., we will run the code from JS), and use that in the JS wrapper code.
|
| |
|
|
|
|
|
| |
* Allow fuzzing from other directories, by looking for wasm-opt relative to the script itself.
* Ignore some VM debug assertions which are fuzz bugs that have already been filed.
* Pick the random seed based on the process ID too, for better parallel fuzzing.
* Remove commandline parsing stuff in fuzz_opt.py, which won't work with the other commandline parsing in test.shared - but we don't need it anyhow.
|
| |
|
| |
We iterated over a set. Instead, iterate over the relevant items in their order in the IR.
|
|
|
A small fuzz script I've been using locally. Runs wasm-opt on random inputs and random passes, looking for breakage or the passes changing something. Can also run VMs before and after the passes, and compare the VMs.
|
