[improve livetests] Limit max generated value of randomNonNegativeIndex()

evicy · V8-internal LUCI CQ · commit fa2318a512e3 · 2025-01-20T03:25:05.000-08:00
This helper function is used to generate random indices for memory accesses. In some cases, it calls the randomSize() function which has an upper cap of the generated number which is way larger than the Wasm memory size usually. This was not an issue, as we used the remainder after modulo memory_size. However, as the generated number is uniformly chosen from a set of interesting integers which are close to the multiples of the memory_size, too often we ended up using values close to the memory_size. To fix this issue, we will pass the memory_size to randomSize() as the upper cap, so no multiples are generated, therefore, we will not get the memory_size value often. Change-Id: I157508ee5f9f1a6453de99f8066fd655d67547cb Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/7963788 Reviewed-by: Carl Smith <cffsmith@google.com> Commit-Queue: Eva Herencsárová <evih@google.com>
diff --git a/Sources/Fuzzilli/Base/ProgramBuilder.swift b/Sources/Fuzzilli/Base/ProgramBuilder.swift
@@ -260,12 +260,12 @@ public class ProgramBuilder {
     }
 
     /// Returns a random non-negative integer value suitable as index.
-    public func randomNonNegativeIndex() -> Int64 {
+    public func randomNonNegativeIndex(upTo max: Int64 = 0x100000000) -> Int64 {
         // Prefer small indices.
         if probability(0.33) {
             return Int64.random(in: 0...10)
         } else {
-            return randomSize()
+            return randomSize(upTo: max)
         }
     }
 
@@ -3484,10 +3484,10 @@ public class ProgramBuilder {
         let function = self.currentWasmModule.currentWasmFunction
 
         // Generate an in-bounds offset (dynamicOffset + staticOffset) into the memory.
-        let dynamicOffsetValue = self.randomNonNegativeIndex() % memSize
+        let dynamicOffsetValue = self.randomNonNegativeIndex(upTo: memSize)
         let dynamicOffset = memoryTypeInfo.isMemory64 ? function.consti64(dynamicOffsetValue)
                                                   : function.consti32(Int32(dynamicOffsetValue))
-        let staticOffset = self.randomNonNegativeIndex() % (memSize - dynamicOffsetValue)
+        let staticOffset = self.randomNonNegativeIndex(upTo: memSize) % (memSize - dynamicOffsetValue)
 
         return (dynamicOffset, staticOffset)
     }

Original file line number	Diff line number	Diff line change
`@@ -260,12 +260,12 @@ public class ProgramBuilder {`
`260`	`260`	`}`
`261`	`261`
`262`	`262`	`/// Returns a random non-negative integer value suitable as index.`
`263`		`- public func randomNonNegativeIndex() -> Int64 {`
	`263`	`+ public func randomNonNegativeIndex(upTo max: Int64 = 0x100000000) -> Int64 {`
`264`	`264`	`// Prefer small indices.`
`265`	`265`	`if probability(0.33) {`
`266`	`266`	`return Int64.random(in: 0...10)`
`267`	`267`	`} else {`
`268`		`- return randomSize()`
	`268`	`+ return randomSize(upTo: max)`
`269`	`269`	`}`
`270`	`270`	`}`
`271`	`271`
`@@ -3484,10 +3484,10 @@ public class ProgramBuilder {`
`3484`	`3484`	`let function = self.currentWasmModule.currentWasmFunction`
`3485`	`3485`
`3486`	`3486`	`// Generate an in-bounds offset (dynamicOffset + staticOffset) into the memory.`
`3487`		`- let dynamicOffsetValue = self.randomNonNegativeIndex() % memSize`
	`3487`	`+ let dynamicOffsetValue = self.randomNonNegativeIndex(upTo: memSize)`
`3488`	`3488`	`let dynamicOffset = memoryTypeInfo.isMemory64 ? function.consti64(dynamicOffsetValue)`
`3489`	`3489`	`: function.consti32(Int32(dynamicOffsetValue))`
`3490`		`- let staticOffset = self.randomNonNegativeIndex() % (memSize - dynamicOffsetValue)`
	`3490`	`+ let staticOffset = self.randomNonNegativeIndex(upTo: memSize) % (memSize - dynamicOffsetValue)`
`3491`	`3491`
`3492`	`3492`	`return (dynamicOffset, staticOffset)`
`3493`	`3493`	`}`