From 3c66ad3c7c602416d4cf674b3d7528d9acd6d51f Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Wed, 25 Nov 2020 15:36:04 -0800 Subject: [TypedFunctionReferences] Enable call_ref in fuzzer, and fix minor misc fuzz bugs (#3401) * Count signatures in tuple locals. * Count nested signature types (confirming @aheejin was right, that was missing). * Inlining was using the wrong type. * OptimizeInstructions should return -1 for unhandled types, not error. * The fuzzer should check for ref types as well, not just typed function references, similar to what GC does. * The fuzzer now creates a function if it has no other option for creating a constant expression of a function type, then does a ref.func of that. * Handle unreachability in call_ref binary reading. * S-expression parsing fixes in more places, and add a tiny fuzzer for it. * Switch fuzzer test to just have the metrics, and not print all the fuzz output which changes a lot. Also fix noprint handling which only worked on binaries before. * Fix Properties::getLiteral() to use the specific function type properly, and make Literal's function constructor require that, to prevent future bugs. * Turn all input types into nullable types, for now. --- src/wasm/wasm-validator.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/wasm/wasm-validator.cpp') diff --git a/src/wasm/wasm-validator.cpp b/src/wasm/wasm-validator.cpp index 5faa8b2f5..fb55417d5 100644 --- a/src/wasm/wasm-validator.cpp +++ b/src/wasm/wasm-validator.cpp @@ -1963,6 +1963,8 @@ void FunctionValidator::visitRefNull(RefNull* curr) { shouldBeTrue(getModule()->features.hasReferenceTypes(), curr, "ref.null requires reference-types to be enabled"); + shouldBeTrue( + curr->type.isNullable(), curr, "ref.null types must be nullable"); } void FunctionValidator::visitRefIsNull(RefIsNull* curr) { @@ -2158,10 +2160,10 @@ void FunctionValidator::visitCallRef(CallRef* curr) { shouldBeTrue(getModule()->features.hasTypedFunctionReferences(), curr, "call_ref requires typed-function-references to be enabled"); - shouldBeTrue(curr->target->type.isFunction(), - curr, - "call_ref target must be a function reference"); if (curr->target->type != Type::unreachable) { + shouldBeTrue(curr->target->type.isFunction(), + curr, + "call_ref target must be a function reference"); validateCallParamsAndResult( curr, curr->target->type.getHeapType().getSignature()); } -- cgit v1.2.3