[wasm][fuzzer] Enable trap handlers

On x64, trap handlers are enabled as part of the default configuration. However, each embedder has to enable trap handlers explicitly, and in the wasm fuzzers, trap handlers were not enabled. This CL enables trap handlers now in all wasm fuzzers. Drive-by change: enable all staged wasm features in the wasm-async fuzzer. R=clemensb@chromium.org Change-Id: Ib7c2addb092551b5554a2b74830e5b67db077909 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362957 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69500}
2020-08-20 13:28:04 +02:00 · 2020-08-20 13:28:04 +02:00 · 1e6d2cb319
commit 1e6d2cb319
parent cf929eba0f
3 changed files with 28 additions and 0 deletions
--- a/test/fuzzer/wasm-async.cc
+++ b/test/fuzzer/wasm-async.cc
@ -45,6 +45,21 @@ class AsyncFuzzerResolver : public i::wasm::CompilationResultResolver {
 };

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  if (V8_TRAP_HANDLER_SUPPORTED && i::FLAG_wasm_trap_handler) {
+    constexpr bool kUseDefaultTrapHandler = true;
+    if (!v8::V8::EnableWebAssemblyTrapHandler(kUseDefaultTrapHandler)) {
+      FATAL("Could not register trap handler");
+    }
+  }
+
+  // We explicitly enable staged WebAssembly features here to increase fuzzer
+  // coverage. For libfuzzer fuzzers it is not possible that the fuzzer enables
+  // the flag by itself.
+#define ENABLE_STAGED_FEATURES(feat, desc, val) \
+  i::FlagScope<bool> enable_##feat(&i::FLAG_experimental_wasm_##feat, true);
+  FOREACH_WASM_STAGING_FEATURE_FLAG(ENABLE_STAGED_FEATURES)
+#undef ENABLE_STAGED_FEATURES
+
  FlagScope<bool> turn_on_async_compile(
      &v8::internal::FLAG_wasm_async_compilation, true);
  FlagScope<uint32_t> max_mem_flag_scope(&v8::internal::FLAG_wasm_max_mem_pages,
--- a/test/fuzzer/wasm-fuzzer-common.cc
+++ b/test/fuzzer/wasm-fuzzer-common.cc
@ -298,6 +298,12 @@ void GenerateTestCase(Isolate* isolate, ModuleWireBytes wire_bytes,

 void WasmExecutionFuzzer::FuzzWasmModule(Vector<const uint8_t> data,
                                         bool require_valid) {
+  if (V8_TRAP_HANDLER_SUPPORTED && i::FLAG_wasm_trap_handler) {
+    constexpr bool kUseDefaultTrapHandler = true;
+    if (!v8::V8::EnableWebAssemblyTrapHandler(kUseDefaultTrapHandler)) {
+      FATAL("Could not register trap handler");
+    }
+  }
  // We explicitly enable staged WebAssembly features here to increase fuzzer
  // coverage. For libfuzzer fuzzers it is not possible that the fuzzer enables
  // the flag by itself.
--- a/test/fuzzer/wasm.cc
+++ b/test/fuzzer/wasm.cc
@ -21,6 +21,13 @@
 namespace i = v8::internal;

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  if (V8_TRAP_HANDLER_SUPPORTED && i::FLAG_wasm_trap_handler) {
+    constexpr bool kUseDefaultTrapHandler = true;
+    if (!v8::V8::EnableWebAssemblyTrapHandler(kUseDefaultTrapHandler)) {
+      FATAL("Could not register trap handler");
+    }
+  }
+
  // We explicitly enable staged WebAssembly features here to increase fuzzer
  // coverage. For libfuzzer fuzzers it is not possible that the fuzzer enables
  // the flag by itself.