Skip to content

Commit 1fa64bf

Browse files
kripkenkripken
authored
Update fuzzer to newer GC spec regarding JS interop (#4965)
Do not export functions that have types not allowed in the rules for JS interop. Only very few GC types can be on the JS boundary atm.
1 parent 972cc6f commit 1fa64bf

File tree

2 files changed

+54
-37
lines changed

2 files changed

+54
-37
lines changed

src/tools/fuzzing/fuzzing.cpp

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -507,7 +507,8 @@ Function* TranslateToFuzzReader::addFunction() {
507507
params.push_back(type);
508508
}
509509
auto paramType = Type(params);
510-
func->type = Signature(paramType, getControlFlowType());
510+
auto resultType = getControlFlowType();
511+
func->type = Signature(paramType, resultType);
511512
Index numVars = upToSquared(MAX_VARS);
512513
for (Index i = 0; i < numVars; i++) {
513514
auto type = getConcreteType();
@@ -549,13 +550,29 @@ Function* TranslateToFuzzReader::addFunction() {
549550
wasm.addFunction(func);
550551
// Export some functions, but not all (to allow inlining etc.). Try to export
551552
// at least one, though, to keep each testcase interesting. Only functions
552-
// with defaultable params can be exported because the trap fuzzer depends on
553-
// that (TODO: fix this).
554-
bool defaultableParams =
555-
std::all_of(paramType.begin(), paramType.end(), [](Type t) {
556-
return t.isDefaultable();
553+
// with valid params and returns can be exported because the trap fuzzer
554+
// depends on that (TODO: fix this).
555+
auto validExportType = [](Type t) {
556+
if (!t.isRef()) {
557+
return true;
558+
}
559+
auto heapType = t.getHeapType();
560+
return heapType == HeapType::ext || heapType == HeapType::func ||
561+
heapType == HeapType::string;
562+
};
563+
bool validExportParams =
564+
std::all_of(paramType.begin(), paramType.end(), [&](Type t) {
565+
return validExportType(t) && t.isDefaultable();
557566
});
558-
if (defaultableParams && (numAddedFunctions == 0 || oneIn(2)) &&
567+
// Note: spec discussions around JS API integration are still ongoing, and it
568+
// is not clear if we should allow nondefaultable types in exports or not
569+
// (in imports, we cannot allow them in the fuzzer anyhow, since it can't
570+
// construct such values in JS to send over to the wasm from the fuzzer
571+
// harness).
572+
bool validExportResults =
573+
std::all_of(resultType.begin(), resultType.end(), validExportType);
574+
if (validExportParams && validExportResults &&
575+
(numAddedFunctions == 0 || oneIn(2)) &&
559576
!wasm.getExportOrNull(func->name)) {
560577
auto* export_ = new Export;
561578
export_->name = func->name;

test/passes/translate-to-fuzz_all-features_metrics_noprint.txt

Lines changed: 30 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,42 +1,42 @@
11
total
2-
[exports] : 5
3-
[funcs] : 8
2+
[exports] : 12
3+
[funcs] : 20
44
[globals] : 6
55
[imports] : 5
66
[memories] : 1
77
[memory-data] : 22
8-
[table-data] : 2
8+
[table-data] : 7
99
[tables] : 1
1010
[tags] : 2
11-
[total] : 495
12-
[vars] : 23
13-
ArrayInit : 2
14-
AtomicNotify : 1
15-
Binary : 64
16-
Block : 52
11+
[total] : 707
12+
[vars] : 37
13+
ArrayInit : 8
14+
Binary : 78
15+
Block : 78
1716
Break : 7
18-
Call : 28
19-
CallRef : 1
20-
Const : 126
21-
Drop : 3
22-
GlobalGet : 25
23-
GlobalSet : 12
24-
I31Get : 1
25-
I31New : 11
26-
If : 19
27-
Load : 22
28-
LocalGet : 33
29-
LocalSet : 20
30-
Loop : 4
31-
Nop : 5
32-
RefFunc : 3
17+
Call : 22
18+
CallRef : 3
19+
Const : 176
20+
Drop : 13
21+
GlobalGet : 51
22+
GlobalSet : 26
23+
I31New : 10
24+
If : 28
25+
Load : 20
26+
LocalGet : 38
27+
LocalSet : 24
28+
Loop : 6
29+
MemoryCopy : 1
30+
MemoryFill : 1
31+
Nop : 10
32+
RefEq : 1
33+
RefFunc : 12
3334
RefNull : 4
34-
Return : 17
35+
Return : 28
3536
SIMDExtract : 3
36-
Select : 3
37-
Store : 1
38-
StructNew : 1
37+
Store : 2
38+
StructNew : 2
3939
TupleExtract : 1
40-
TupleMake : 11
41-
Unary : 13
40+
TupleMake : 14
41+
Unary : 38
4242
Unreachable : 2

0 commit comments

Comments
 (0)