[wasm][fuzzer] Use a consistent namespace
Most wasm fuzzers live in the v8::internal::wasm::fuzzer namespace. Thus also move the wasm-fuzzer there. Additionally - use the C++20 syntax for declaring the namespace, - skip unneeded full or partial classifications on types, and - remove a redundant HandleScope. R=ahaas@chromium.org Bug: v8:13496 Change-Id: I31d948af449efd9708aa6b27f35e8f3c9280a3f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030579 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#84300}
This commit is contained in:
Clemens Backes
V8 LUCI CQ
parent
076e7554da
commit
435c5d7a96
@ -17,29 +17,28 @@
|
||||
#include "test/fuzzer/fuzzer-support.h"
|
||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
||||
|
||||
namespace v8 {
|
||||
namespace internal {
|
||||
namespace v8::internal {
|
||||
class WasmModuleObject;
|
||||
}
|
||||
|
||||
namespace wasm {
|
||||
namespace fuzzer {
|
||||
namespace v8::internal::wasm::fuzzer {
|
||||
|
||||
class AsyncFuzzerResolver : public i::wasm::CompilationResultResolver {
|
||||
class AsyncFuzzerResolver : public CompilationResultResolver {
|
||||
public:
|
||||
AsyncFuzzerResolver(i::Isolate* isolate, bool* done)
|
||||
AsyncFuzzerResolver(Isolate* isolate, bool* done)
|
||||
: isolate_(isolate), done_(done) {}
|
||||
|
||||
void OnCompilationSucceeded(i::Handle<i::WasmModuleObject> module) override {
|
||||
void OnCompilationSucceeded(Handle<WasmModuleObject> module) override {
|
||||
*done_ = true;
|
||||
InterpretAndExecuteModule(isolate_, module);
|
||||
}
|
||||
|
||||
void OnCompilationFailed(i::Handle<i::Object> error_reason) override {
|
||||
void OnCompilationFailed(Handle<Object> error_reason) override {
|
||||
*done_ = true;
|
||||
}
|
||||
|
||||
private:
|
||||
i::Isolate* isolate_;
|
||||
Isolate* isolate_;
|
||||
bool* done_;
|
||||
};
|
||||
|
||||
@ -52,7 +51,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
v8_flags.wasm_max_mem_pages = 32;
|
||||
v8_flags.wasm_max_table_size = 100;
|
||||
|
||||
i::Isolate* i_isolate = reinterpret_cast<v8::internal::Isolate*>(isolate);
|
||||
Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
|
||||
|
||||
// Clear any pending exceptions from a prior run.
|
||||
if (i_isolate->has_pending_exception()) {
|
||||
@ -61,7 +60,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
|
||||
v8::Isolate::Scope isolate_scope(isolate);
|
||||
v8::HandleScope handle_scope(isolate);
|
||||
i::HandleScope internal_scope(i_isolate);
|
||||
v8::Context::Scope context_scope(support->GetContext());
|
||||
|
||||
// We explicitly enable staged WebAssembly features here to increase fuzzer
|
||||
@ -73,7 +71,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
testing::SetupIsolateForWasmModule(i_isolate);
|
||||
|
||||
bool done = false;
|
||||
auto enabled_features = i::wasm::WasmFeatures::FromIsolate(i_isolate);
|
||||
auto enabled_features = WasmFeatures::FromIsolate(i_isolate);
|
||||
constexpr const char* kAPIMethodName = "WasmAsyncFuzzer.compile";
|
||||
GetWasmEngine()->AsyncCompile(
|
||||
i_isolate, enabled_features,
|
||||
@ -88,7 +86,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
} // namespace fuzzer
|
||||
} // namespace wasm
|
||||
} // namespace internal
|
||||
} // namespace v8
|
||||
} // namespace v8::internal::wasm::fuzzer
|
||||
|
||||
@ -10,10 +10,7 @@
|
||||
#include "test/common/wasm/test-signatures.h"
|
||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
||||
|
||||
namespace v8 {
|
||||
namespace internal {
|
||||
namespace wasm {
|
||||
namespace fuzzer {
|
||||
namespace v8::internal::wasm::fuzzer {
|
||||
|
||||
class WasmCodeFuzzer : public WasmExecutionFuzzer {
|
||||
bool GenerateModule(Isolate* isolate, Zone* zone,
|
||||
@ -38,7 +35,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
} // namespace fuzzer
|
||||
} // namespace wasm
|
||||
} // namespace internal
|
||||
} // namespace v8
|
||||
} // namespace v8::internal::wasm::fuzzer
|
||||
|
||||
@ -19,10 +19,7 @@
|
||||
#include "test/common/wasm/test-signatures.h"
|
||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
||||
|
||||
namespace v8 {
|
||||
namespace internal {
|
||||
namespace wasm {
|
||||
namespace fuzzer {
|
||||
namespace v8::internal::wasm::fuzzer {
|
||||
|
||||
namespace {
|
||||
|
||||
@ -2616,7 +2613,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
} // namespace fuzzer
|
||||
} // namespace wasm
|
||||
} // namespace internal
|
||||
} // namespace v8
|
||||
} // namespace v8::internal::wasm::fuzzer
|
||||
|
||||
@ -28,10 +28,7 @@
|
||||
#include "test/common/wasm/wasm-module-runner.h"
|
||||
#include "test/fuzzer/fuzzer-support.h"
|
||||
|
||||
namespace v8 {
|
||||
namespace internal {
|
||||
namespace wasm {
|
||||
namespace fuzzer {
|
||||
namespace v8::internal::wasm::fuzzer {
|
||||
|
||||
// Compile a baseline module. We pass a pointer to a max step counter and a
|
||||
// nondeterminsm flag that are updated during execution by Liftoff.
|
||||
@ -43,7 +40,7 @@ Handle<WasmModuleObject> CompileReferenceModule(Zone* zone, Isolate* isolate,
|
||||
// Create the native module.
|
||||
std::shared_ptr<NativeModule> native_module;
|
||||
constexpr bool kNoVerifyFunctions = false;
|
||||
auto enabled_features = i::wasm::WasmFeatures::FromIsolate(isolate);
|
||||
auto enabled_features = WasmFeatures::FromIsolate(isolate);
|
||||
ModuleResult module_res = DecodeWasmModule(
|
||||
enabled_features, wire_bytes.start(), wire_bytes.end(),
|
||||
kNoVerifyFunctions, ModuleOrigin::kWasmOrigin, isolate->counters(),
|
||||
@ -86,7 +83,7 @@ Handle<WasmModuleObject> CompileReferenceModule(Zone* zone, Isolate* isolate,
|
||||
return WasmModuleObject::New(isolate, std::move(native_module), script);
|
||||
}
|
||||
|
||||
void InterpretAndExecuteModule(i::Isolate* isolate,
|
||||
void InterpretAndExecuteModule(Isolate* isolate,
|
||||
Handle<WasmModuleObject> module_object,
|
||||
Handle<WasmModuleObject> module_ref,
|
||||
int32_t* max_steps, int32_t* nondeterminism) {
|
||||
@ -506,7 +503,7 @@ void DecodeAndAppendInitExpr(StdoutStream& os, Zone* zone,
|
||||
void GenerateTestCase(Isolate* isolate, ModuleWireBytes wire_bytes,
|
||||
bool compiles) {
|
||||
constexpr bool kVerifyFunctions = false;
|
||||
auto enabled_features = i::wasm::WasmFeatures::FromIsolate(isolate);
|
||||
auto enabled_features = WasmFeatures::FromIsolate(isolate);
|
||||
ModuleResult module_res = DecodeWasmModule(
|
||||
enabled_features, wire_bytes.start(), wire_bytes.end(), kVerifyFunctions,
|
||||
ModuleOrigin::kWasmOrigin, isolate->counters(),
|
||||
@ -741,7 +738,7 @@ void WasmExecutionFuzzer::FuzzWasmModule(base::Vector<const uint8_t> data,
|
||||
// respect that limit.
|
||||
if (data.size() > max_input_size()) return;
|
||||
|
||||
i::Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
|
||||
Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
|
||||
|
||||
// Clear any pending exceptions from a prior run.
|
||||
i_isolate->clear_pending_exception();
|
||||
@ -807,7 +804,7 @@ void WasmExecutionFuzzer::FuzzWasmModule(base::Vector<const uint8_t> data,
|
||||
GenerateTestCase(i_isolate, wire_bytes, true);
|
||||
}
|
||||
|
||||
auto enabled_features = i::wasm::WasmFeatures::FromIsolate(i_isolate);
|
||||
auto enabled_features = WasmFeatures::FromIsolate(i_isolate);
|
||||
MaybeHandle<WasmModuleObject> compiled_module;
|
||||
{
|
||||
// Explicitly enable Liftoff, disable tiering and set the tier_mask. This
|
||||
@ -849,7 +846,4 @@ void WasmExecutionFuzzer::FuzzWasmModule(base::Vector<const uint8_t> data,
|
||||
module_ref, &max_steps, &nondeterminism);
|
||||
}
|
||||
|
||||
} // namespace fuzzer
|
||||
} // namespace wasm
|
||||
} // namespace internal
|
||||
} // namespace v8
|
||||
} // namespace v8::internal::wasm::fuzzer
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
#include "test/fuzzer/fuzzer-support.h"
|
||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
||||
|
||||
namespace v8::internal::wasm {
|
||||
namespace v8::internal::wasm::fuzzer {
|
||||
|
||||
// Some properties of the compilation result to check. Extend if needed.
|
||||
struct CompilationResult {
|
||||
@ -40,14 +40,14 @@ struct CompilationResult {
|
||||
|
||||
class TestResolver : public CompilationResultResolver {
|
||||
public:
|
||||
explicit TestResolver(i::Isolate* isolate) : isolate_(isolate) {}
|
||||
explicit TestResolver(Isolate* isolate) : isolate_(isolate) {}
|
||||
|
||||
void OnCompilationSucceeded(i::Handle<i::WasmModuleObject> module) override {
|
||||
void OnCompilationSucceeded(Handle<WasmModuleObject> module) override {
|
||||
done_ = true;
|
||||
native_module_ = module->shared_native_module();
|
||||
}
|
||||
|
||||
void OnCompilationFailed(i::Handle<i::Object> error_reason) override {
|
||||
void OnCompilationFailed(Handle<Object> error_reason) override {
|
||||
done_ = true;
|
||||
failed_ = true;
|
||||
Handle<String> str =
|
||||
@ -66,7 +66,7 @@ class TestResolver : public CompilationResultResolver {
|
||||
const std::string& error_message() const { return error_message_; }
|
||||
|
||||
private:
|
||||
i::Isolate* isolate_;
|
||||
Isolate* isolate_;
|
||||
bool done_ = false;
|
||||
bool failed_ = false;
|
||||
std::string error_message_;
|
||||
@ -145,21 +145,21 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
|
||||
v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
|
||||
v8::Isolate* isolate = support->GetIsolate();
|
||||
i::Isolate* i_isolate = reinterpret_cast<v8::internal::Isolate*>(isolate);
|
||||
Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
|
||||
|
||||
v8::Isolate::Scope isolate_scope(isolate);
|
||||
i::HandleScope handle_scope(i_isolate);
|
||||
v8::HandleScope handle_scope(isolate);
|
||||
v8::Context::Scope context_scope(support->GetContext());
|
||||
|
||||
// We explicitly enable staged WebAssembly features here to increase fuzzer
|
||||
// coverage. For libfuzzer fuzzers it is not possible that the fuzzer enables
|
||||
// the flag by itself.
|
||||
fuzzer::OneTimeEnableStagedWasmFeatures(isolate);
|
||||
OneTimeEnableStagedWasmFeatures(isolate);
|
||||
|
||||
// Limit the maximum module size to avoid OOM.
|
||||
v8_flags.wasm_max_module_size = 256 * KB;
|
||||
|
||||
WasmFeatures enabled_features = i::wasm::WasmFeatures::FromIsolate(i_isolate);
|
||||
WasmFeatures enabled_features = WasmFeatures::FromIsolate(i_isolate);
|
||||
|
||||
base::Vector<const uint8_t> data_vec{data, size - 1};
|
||||
uint8_t config = data[size - 1];
|
||||
@ -196,4 +196,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
} // namespace v8::internal::wasm
|
||||
} // namespace v8::internal::wasm::fuzzer
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
#include "test/fuzzer/fuzzer-support.h"
|
||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
||||
|
||||
namespace i = v8::internal;
|
||||
namespace v8::internal::wasm::fuzzer {
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
|
||||
@ -27,10 +27,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
|
||||
// We reduce the maximum memory size and table size of WebAssembly instances
|
||||
// to avoid OOMs in the fuzzer.
|
||||
i::v8_flags.wasm_max_mem_pages = 32;
|
||||
i::v8_flags.wasm_max_table_size = 100;
|
||||
v8_flags.wasm_max_mem_pages = 32;
|
||||
v8_flags.wasm_max_table_size = 100;
|
||||
|
||||
i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
|
||||
Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
|
||||
|
||||
// Clear any pending exceptions from a prior run.
|
||||
if (i_isolate->has_pending_exception()) {
|
||||
@ -44,27 +44,27 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
// We explicitly enable staged WebAssembly features here to increase fuzzer
|
||||
// coverage. For libfuzzer fuzzers it is not possible that the fuzzer enables
|
||||
// the flag by itself.
|
||||
i::wasm::fuzzer::OneTimeEnableStagedWasmFeatures(isolate);
|
||||
OneTimeEnableStagedWasmFeatures(isolate);
|
||||
|
||||
v8::TryCatch try_catch(isolate);
|
||||
i::wasm::testing::SetupIsolateForWasmModule(i_isolate);
|
||||
i::wasm::ModuleWireBytes wire_bytes(data, data + size);
|
||||
testing::SetupIsolateForWasmModule(i_isolate);
|
||||
ModuleWireBytes wire_bytes(data, data + size);
|
||||
|
||||
i::HandleScope scope(i_isolate);
|
||||
i::wasm::ErrorThrower thrower(i_isolate, "wasm fuzzer");
|
||||
i::Handle<i::WasmModuleObject> module_object;
|
||||
auto enabled_features = i::wasm::WasmFeatures::FromIsolate(i_isolate);
|
||||
HandleScope scope(i_isolate);
|
||||
ErrorThrower thrower(i_isolate, "wasm fuzzer");
|
||||
Handle<WasmModuleObject> module_object;
|
||||
auto enabled_features = WasmFeatures::FromIsolate(i_isolate);
|
||||
bool compiles =
|
||||
i::wasm::GetWasmEngine()
|
||||
GetWasmEngine()
|
||||
->SyncCompile(i_isolate, enabled_features, &thrower, wire_bytes)
|
||||
.ToHandle(&module_object);
|
||||
|
||||
if (i::v8_flags.wasm_fuzzer_gen_test) {
|
||||
i::wasm::fuzzer::GenerateTestCase(i_isolate, wire_bytes, compiles);
|
||||
if (v8_flags.wasm_fuzzer_gen_test) {
|
||||
GenerateTestCase(i_isolate, wire_bytes, compiles);
|
||||
}
|
||||
|
||||
if (compiles) {
|
||||
i::wasm::fuzzer::InterpretAndExecuteModule(i_isolate, module_object);
|
||||
InterpretAndExecuteModule(i_isolate, module_object);
|
||||
}
|
||||
|
||||
// Pump the message loop and run micro tasks, e.g. GC finalization tasks.
|
||||
@ -72,3 +72,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
isolate->PerformMicrotaskCheckpoint();
|
||||
return 0;
|
||||
}
|
||||
|
||||
} // namespace v8::internal::wasm::fuzzer
|
||||
|
||||
Loading…
Reference in New Issue
Block a user