test/fuzzer/wasm-code.cc - Issue 2520853003: [wasm] Add a flag to generate an mjsunit test out of a wasm-code fuzzer test case.

Side by Side Diff: test/fuzzer/wasm-code.cc

Issue 2520853003: [wasm] Add a flag to generate an mjsunit test out of a wasm-code fuzzer test case. (Closed)

Patch Set: Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 the V8 project authors. All rights reserved.	1 // Copyright 2016 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <stddef.h>	5 #include <stddef.h>

6 #include <stdint.h>	6 #include <stdint.h>

7	7

8 #include "include/v8.h"	8 #include "include/v8.h"

9 #include "src/isolate.h"	9 #include "src/isolate.h"

10 #include "src/objects.h"	10 #include "src/objects.h"

	11 #include "src/ostreams.h"

11 #include "src/wasm/wasm-interpreter.h"	12 #include "src/wasm/wasm-interpreter.h"

12 #include "src/wasm/wasm-module-builder.h"	13 #include "src/wasm/wasm-module-builder.h"

13 #include "src/wasm/wasm-module.h"	14 #include "src/wasm/wasm-module.h"

14 #include "test/common/wasm/test-signatures.h"	15 #include "test/common/wasm/test-signatures.h"

15 #include "test/common/wasm/wasm-module-runner.h"	16 #include "test/common/wasm/wasm-module-runner.h"

16 #include "test/fuzzer/fuzzer-support.h"	17 #include "test/fuzzer/fuzzer-support.h"

17	18

18 #define WASM_CODE_FUZZER_HASH_SEED 83	19 #define WASM_CODE_FUZZER_HASH_SEED 83

19	20

20 using namespace v8::internal::wasm;	21 using namespace v8::internal::wasm;

21	22

22 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {	23 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

	24 // Save the flag so that we can change it and restore it later.

	25 bool generate_test = v8::internal::FLAG_wasm_code_generate_test;

	26 if (generate_test) {

	27 v8::internal::OFStream os(stdout);

	28

	29 os << "// Copyright 2016 the V8 project authors. All rights reserved."

	30 << std::endl;

	31 os << "// Use of this source code is governed by a BSD-style license that "

	32 "can be"

	33 << std::endl;

	34 os << "// found in the LICENSE file." << std::endl;

	35 os << std::endl;

	36 os << "// Flags: --expose-wasm" << std::endl;

	37 os << std::endl;

	38 os << "load(\"test/mjsunit/wasm/wasm-constants.js\");" << std::endl;

	39 os << "load(\"test/mjsunit/wasm/wasm-module-builder.js\");" << std::endl;

	40 os << std::endl;

	41 os << "(function() {" << std::endl;

	42 os << " var builder = new WasmModuleBuilder();" << std::endl;

	43 os << " builder.addFunction(\"test\", kSig_i_iii)" << std::endl;

	44 os << " .addBody([" << std::endl;

	45 }

23 v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();	46 v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();

24 v8::Isolate* isolate = support->GetIsolate();	47 v8::Isolate* isolate = support->GetIsolate();

25 v8::internal::Isolate* i_isolate =	48 v8::internal::Isolate* i_isolate =

26 reinterpret_cast<v8::internal::Isolate*>(isolate);	49 reinterpret_cast<v8::internal::Isolate*>(isolate);

27	50

28 // Clear any pending exceptions from a prior run.	51 // Clear any pending exceptions from a prior run.

29 if (i_isolate->has_pending_exception()) {	52 if (i_isolate->has_pending_exception()) {

30 i_isolate->clear_pending_exception();	53 i_isolate->clear_pending_exception();

31 }	54 }

32	55

(...skipping 19 matching lines...) Expand all Loading...
52	75

53 v8::internal::wasm::testing::SetupIsolateForWasmModule(i_isolate);	76 v8::internal::wasm::testing::SetupIsolateForWasmModule(i_isolate);

54	77

55 v8::internal::HandleScope scope(i_isolate);	78 v8::internal::HandleScope scope(i_isolate);

56	79

57 ErrorThrower interpreter_thrower(i_isolate, "Interpreter");	80 ErrorThrower interpreter_thrower(i_isolate, "Interpreter");

58 std::unique_ptr<const WasmModule> module(testing::DecodeWasmModuleForTesting(	81 std::unique_ptr<const WasmModule> module(testing::DecodeWasmModuleForTesting(

59 i_isolate, &interpreter_thrower, buffer.begin(), buffer.end(),	82 i_isolate, &interpreter_thrower, buffer.begin(), buffer.end(),

60 v8::internal::wasm::ModuleOrigin::kWasmOrigin, true));	83 v8::internal::wasm::ModuleOrigin::kWasmOrigin, true));

61	84

	85 // Clear the flag so that the WebAssembly code is not printed twice.

	86 v8::internal::FLAG_wasm_code_generate_test = false;

62 if (module == nullptr) {	87 if (module == nullptr) {

	88 if (generate_test) {

	89 v8::internal::OFStream os(stdout);

	90 os << " ])" << std::endl;

	91 os << " .exportFunc();" << std::endl;

	92 os << " assertThrows(function() { builder.instantiate(); });"

	93 << std::endl;

	94 os << "})();" << std::endl;

	95 }

63 return 0;	96 return 0;

64 }	97 }

	98 if (generate_test) {

	99 v8::internal::OFStream os(stdout);

	100 os << " ])" << std::endl;

	101 os << " .exportFunc();" << std::endl;

	102 os << " var module = builder.instantiate();" << std::endl;

	103 os << " module.exports.test(1, 2, 3);" << std::endl;

	104 os << "})();" << std::endl;

	105 }

	106

65 int32_t result_interpreted;	107 int32_t result_interpreted;

66 bool possible_nondeterminism = false;	108 bool possible_nondeterminism = false;

67 {	109 {

68 WasmVal args[] = {WasmVal(1), WasmVal(2), WasmVal(3)};	110 WasmVal args[] = {WasmVal(1), WasmVal(2), WasmVal(3)};

69 result_interpreted = testing::InterpretWasmModule(	111 result_interpreted = testing::InterpretWasmModule(

70 i_isolate, &interpreter_thrower, module.get(), 0, args,	112 i_isolate, &interpreter_thrower, module.get(), 0, args,

71 &possible_nondeterminism);	113 &possible_nondeterminism);

72 }	114 }

73	115

74 ErrorThrower compiler_thrower(i_isolate, "Compiler");	116 ErrorThrower compiler_thrower(i_isolate, "Compiler");

75 v8::internal::Handle<v8::internal::JSObject> instance =	117 v8::internal::Handle<v8::internal::JSObject> instance =

76 testing::InstantiateModuleForTesting(i_isolate, &compiler_thrower,	118 testing::InstantiateModuleForTesting(i_isolate, &compiler_thrower,

77 module.get());	119 module.get());

78	120 // Restore the flag.

	121 v8::internal::FLAG_wasm_code_generate_test = generate_test;

79 if (!interpreter_thrower.error()) {	122 if (!interpreter_thrower.error()) {

80 CHECK(!instance.is_null());	123 CHECK(!instance.is_null());

81 } else {	124 } else {

82 return 0;	125 return 0;

83 }	126 }

84 int32_t result_compiled;	127 int32_t result_compiled;

85 {	128 {

86 v8::internal::Handle<v8::internal::Object> arguments[] = {	129 v8::internal::Handle<v8::internal::Object> arguments[] = {

87 v8::internal::handle(v8::internal::Smi::FromInt(1), i_isolate),	130 v8::internal::handle(v8::internal::Smi::FromInt(1), i_isolate),

88 v8::internal::handle(v8::internal::Smi::FromInt(2), i_isolate),	131 v8::internal::handle(v8::internal::Smi::FromInt(2), i_isolate),

(...skipping 11 matching lines...) Expand all Loading...
100 // result_compiled. Therefore we do not check the equality of the results	143 // result_compiled. Therefore we do not check the equality of the results

101 // if the execution may have produced a NaN at some point.	144 // if the execution may have produced a NaN at some point.

102 if (!possible_nondeterminism && (result_interpreted != result_compiled)) {	145 if (!possible_nondeterminism && (result_interpreted != result_compiled)) {

103 V8_Fatal(__FILE__, __LINE__, "WasmCodeFuzzerHash=%x",	146 V8_Fatal(__FILE__, __LINE__, "WasmCodeFuzzerHash=%x",

104 v8::internal::StringHasher::HashSequentialString(	147 v8::internal::StringHasher::HashSequentialString(

105 data, static_cast<int>(size), WASM_CODE_FUZZER_HASH_SEED));	148 data, static_cast<int>(size), WASM_CODE_FUZZER_HASH_SEED));

106 }	149 }

107 }	150 }

108 return 0;	151 return 0;

109 }	152 }

OLD	NEW

« src/flag-definitions.h ('K') | « src/wasm/ast-decoder.cc ('k') | no next file » | no next file with comments »