Fuzzer: Do not emit random global.get/sets of the hang limit global (#3229)

kripken · web-flow · commit d38ddda4c299 · 2020-10-12T14:54:26.000-07:00
That global is for internal use. If we emit random sets to it, we could prevent
it from doing its job of preventing an infinite loop (normally it decreases each
time a loop runs or we recurse, until we reach 0 - if we set it to a nonzero
value in that code, that would be bad).

Random gets are less of a problem, but may be confusing when debugging
a testcase.
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h
@@ -1261,12 +1261,21 @@ class TranslateToFuzzReader {
     }
   }
 
+  // Some globals are for internal use, and should not be modified by random
+  // fuzz code.
+  bool isValidGlobal(Name name) { return name != HANG_LIMIT_GLOBAL; }
+
   Expression* makeGlobalGet(Type type) {
     auto it = globalsByType.find(type);
     if (it == globalsByType.end() || it->second.empty()) {
       return makeConst(type);
     }
-    return builder.makeGlobalGet(pick(it->second), type);
+    auto name = pick(it->second);
+    if (isValidGlobal(name)) {
+      return builder.makeGlobalGet(name, type);
+    } else {
+      return makeTrivial(type);
+    }
   }
 
   Expression* makeGlobalSet(Type type) {
@@ -1276,8 +1285,12 @@ class TranslateToFuzzReader {
     if (it == globalsByType.end() || it->second.empty()) {
       return makeTrivial(Type::none);
     }
-    auto* value = make(type);
-    return builder.makeGlobalSet(pick(it->second), value);
+    auto name = pick(it->second);
+    if (isValidGlobal(name)) {
+      return builder.makeGlobalSet(name, make(type));
+    } else {
+      return makeTrivial(Type::none);
+    }
   }
 
   Expression* makeTupleMake(Type type) {
diff --git a/test/passes/fuzz_metrics_noprint.bin.txt b/test/passes/fuzz_metrics_noprint.bin.txt
@@ -1,30 +1,30 @@
 total
  [events]       : 0       
- [exports]      : 69      
- [funcs]        : 101     
+ [exports]      : 18      
+ [funcs]        : 22      
  [globals]      : 7       
  [imports]      : 4       
  [memory-data]  : 4       
- [table-data]   : 39      
- [total]        : 7276    
- [vars]         : 287     
- binary         : 555     
- block          : 1075    
- break          : 250     
- call           : 433     
- call_indirect  : 75      
- const          : 1310    
- drop           : 111     
- global.get     : 606     
- global.set     : 263     
- if             : 415     
- load           : 137     
- local.get      : 465     
- local.set      : 364     
- loop           : 166     
- nop            : 110     
- return         : 300     
- select         : 46      
- store          : 61      
- unary          : 531     
- unreachable    : 3       
+ [table-data]   : 9       
+ [total]        : 4993    
+ [vars]         : 58      
+ binary         : 397     
+ block          : 736     
+ break          : 204     
+ call           : 173     
+ call_indirect  : 32      
+ const          : 823     
+ drop           : 42      
+ global.get     : 421     
+ global.set     : 190     
+ if             : 292     
+ load           : 95      
+ local.get      : 392     
+ local.set      : 297     
+ loop           : 146     
+ nop            : 97      
+ return         : 189     
+ select         : 39      
+ store          : 55      
+ switch         : 1       
+ unary          : 372     
diff --git a/test/passes/translate-to-fuzz_all-features.txt b/test/passes/translate-to-fuzz_all-features.txt

Original file line number	Diff line number	Diff line change
`@@ -1261,12 +1261,21 @@ class TranslateToFuzzReader {`
`1261`	`1261`	`}`
`1262`	`1262`	`}`
`1263`	`1263`
	`1264`	`+ // Some globals are for internal use, and should not be modified by random`
	`1265`	`+ // fuzz code.`
	`1266`	`+ bool isValidGlobal(Name name) { return name != HANG_LIMIT_GLOBAL; }`
	`1267`	`+`
`1264`	`1268`	`Expression* makeGlobalGet(Type type) {`
`1265`	`1269`	`auto it = globalsByType.find(type);`
`1266`	`1270`	`if (it == globalsByType.end() \|\| it->second.empty()) {`
`1267`	`1271`	`return makeConst(type);`
`1268`	`1272`	`}`
`1269`		`- return builder.makeGlobalGet(pick(it->second), type);`
	`1273`	`+ auto name = pick(it->second);`
	`1274`	`+ if (isValidGlobal(name)) {`
	`1275`	`+ return builder.makeGlobalGet(name, type);`
	`1276`	`+ } else {`
	`1277`	`+ return makeTrivial(type);`
	`1278`	`+ }`
`1270`	`1279`	`}`
`1271`	`1280`
`1272`	`1281`	`Expression* makeGlobalSet(Type type) {`
`@@ -1276,8 +1285,12 @@ class TranslateToFuzzReader {`
`1276`	`1285`	`if (it == globalsByType.end() \|\| it->second.empty()) {`
`1277`	`1286`	`return makeTrivial(Type::none);`
`1278`	`1287`	`}`
`1279`		`- auto* value = make(type);`
`1280`		`- return builder.makeGlobalSet(pick(it->second), value);`
	`1288`	`+ auto name = pick(it->second);`
	`1289`	`+ if (isValidGlobal(name)) {`
	`1290`	`+ return builder.makeGlobalSet(name, make(type));`
	`1291`	`+ } else {`
	`1292`	`+ return makeTrivial(Type::none);`
	`1293`	`+ }`
`1281`	`1294`	`}`
`1282`	`1295`
`1283`	`1296`	`Expression* makeTupleMake(Type type) {`