test/fuzzer/wasm-code.cc - Issue 2280623002: [wasm] Create a new fuzzer for wasm code.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: test/fuzzer/wasm-code.cc

Issue 2280623002: [wasm] Create a new fuzzer for wasm code. (Closed)

Patch Set: Getting the naming scheme right Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: test/fuzzer/wasm-code.cc

diff --git a/test/fuzzer/wasm-asmjs.cc b/test/fuzzer/wasm-code.cc

similarity index 61%

copy from test/fuzzer/wasm-asmjs.cc

copy to test/fuzzer/wasm-code.cc

index cb8b86bad4f037b425e7f74d1f0505dcd7ce66e8..ae1ec4a0deb7e92cf943d793ea95573a161dbae6 100644

--- a/test/fuzzer/wasm-asmjs.cc

+++ b/test/fuzzer/wasm-code.cc

@@ -2,18 +2,15 @@

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.

-#include <limits.h>

#include <stddef.h>

#include <stdint.h>

#include "include/v8.h"

-#include "src/factory.h"

-#include "src/isolate-inl.h"

#include "src/isolate.h"

-#include "src/objects-inl.h"

-#include "src/objects.h"

+#include "src/wasm/encoder.h"

#include "src/wasm/wasm-js.h"

#include "src/wasm/wasm-module.h"

+#include "test/cctest/wasm/test-signatures.h"

#include "test/fuzzer/fuzzer-support.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

@@ -31,9 +28,27 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

v8::HandleScope handle_scope(isolate);

v8::Context::Scope context_scope(support->GetContext());

v8::TryCatch try_catch(isolate);

+ v8::base::AccountingAllocator allocator;

+ v8::internal::Zone zone(&allocator);

+ v8::internal::wasm::TestSignatures sigs;

+ v8::internal::wasm::WasmModuleBuilder builder(&zone);

+ uint16_t f1_index = builder.AddFunction();

+ v8::internal::wasm::WasmFunctionBuilder* f = builder.FunctionAt(f1_index);

+ f->SetSignature(sigs.i_iii());

+ f->EmitCode(data, static_cast<uint32_t>(size));

+ f->SetExported();

+ f->SetName("main", 4);

+ v8::internal::wasm::ZoneBuffer buffer(&zone);

+ builder.WriteTo(buffer);

v8::internal::WasmJs::InstallWasmFunctionMap(i_isolate,

i_isolate->native_context());

- v8::internal::wasm::testing::CompileAndRunWasmModule(i_isolate, data,

- data + size, true);

+ v8::internal::wasm::testing::CompileAndRunWasmModule(

+ i_isolate, buffer.begin(), buffer.end(), false);

return 0;

}

« no previous file with comments | « test/fuzzer/testcfg.py ('k') | test/fuzzer/wasm_code/foo » ('j') | no next file with comments »