From 65f09f262e00348462e3371fbc89c6c1d398fba1 Mon Sep 17 00:00:00 2001
From: Alon Zakai <azakai@google.com>
Date: Thu, 21 Apr 2022 07:33:04 -0700
Subject: [NominalFuzzing] Fix TranslateToFuzzReader::getSubType(Rtt) (#4604)

Randomly selecting a depth is ok for structural typing, but in nominal it
must match the actual hierarchy of types.
---
 src/tools/fuzzing/fuzzing.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/tools/fuzzing/fuzzing.cpp')

diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
index 064871931..467d7f724 100644
--- a/src/tools/fuzzing/fuzzing.cpp
+++ b/src/tools/fuzzing/fuzzing.cpp
@@ -3041,6 +3041,12 @@ HeapType TranslateToFuzzReader::getSubType(HeapType type) {
 }
 
 Rtt TranslateToFuzzReader::getSubType(Rtt rtt) {
+  if (getTypeSystem() == TypeSystem::Nominal ||
+      getTypeSystem() == TypeSystem::Isorecursive) {
+    // With nominal or isorecursive typing the depth in rtts must match the
+    // nominal hierarchy, so we cannot create a random depth like we do below.
+    return rtt;
+  }
   uint32_t depth = rtt.depth != Rtt::NoDepth
                      ? rtt.depth
                      : oneIn(2) ? Rtt::NoDepth : upTo(MAX_RTT_DEPTH + 1);
-- 
cgit v1.2.3