forks/binaryen.git -

	Commit message (Collapse)	Author	Age	Files	Lines
*	Fuzz JSPI (#7148)	Alon Zakai	2024-12-16	1	-1/+18
\| \| \| \| \| \| \| \| \| \|	* Add a new "sleep" fuzzer import, that does a sleep for some ms. * Add JSPI support in fuzz_shell.js. This is in the form of commented-out async/await keywords - commented out so that normal fuzzing is not impacted. When we want to fuzz JSPI, we uncomment them. We also apply the JSPI operations of marking imports and exports as suspending/promising. JSPI fuzzing is added to both fuzz_opt.py and ClusterFuzz's run.py.
*	Execution results: JS traps on exnref on the boundary (#7147)	Alon Zakai	2024-12-12	1	-0/+22
\| \| \|	Fixes #7145
*	Fuzzer: Add call-ref, call-ref-catch imports (#7137)	Alon Zakai	2024-12-09	1	-1/+198
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Similar to call-export, these imports call a wasm function from outside the module. The difference is that we send a function reference for them to call (rather than an export index). This gives more coverage, first by sending a ref from wasm to JS, and also since we will now try to call anything that is sent. Exports, in comparison, are filtered by the fuzzer to things that JS can handle, so this may lead to more traps, but maybe also some new situations. This also leads to adding more logic to execution-results.h to model JS trapping properly. fuzz_shell.js is refactored to allow sharing code between call-export and call-ref*.
*	[EH] Fuzz calls from JS by calling wasm exports, sometimes catching (#7067)	Alon Zakai	2024-11-08	1	-1/+55
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This adds two new imports to fuzzer modules: * call-export, which gets an export index and calls it. * call-export-catch, which does the call in a try-catch, swallowing any error, and returning 1 if it saw an error. The former gives us calls back into the wasm, possibly making various trips between wasm and JS in interesting ways. The latter adds a try-catch which helps fuzz wasm EH. We do these calls using a wasm export index, i.e., the index in the list of exports. This is simple, but it does have the downside that it makes executing the wasm sensitive to changes in exports (e.g. wasm-merge adds more), which requires some handling in the fuzzer.
*	Fuzz the Table from JS (#7042)	Alon Zakai	2024-10-31	1	-1/+60
\| \| \| \| \|	Continues the work from #7027 which added throwing from JS, this adds table get/set operations from JS, to further increase our coverage of Wasm/JS interactions (the table can be used from both sides).
*	[EH] Fuzz throws from JS (#7027)	Alon Zakai	2024-10-23	1	-0/+39
	We already generated (throw ..) instructions in wasm, but it makes sense to model throws from outside as well, as they cross the module boundary. This adds a new fuzzer import to the generated modules, "throw", that just does a throw from JS etc. Also be more precise about handling fuzzing-support imports in fuzz-exec: we now check that logging functions start with "log*" and error otherwise (this check is now needed given we have "throw", which is not logging). Also fix a minor issue with name conflicts for logging functions by using getValidFunctionName for them, both for logging and for throw.