AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[wasm] [fuzzer] Remove wasm_call fuzzer

Browse Source 
The wasm call fuzzer is superseded by the wasm compile fuzzer, thus
remove it.

The chromium side will land in https://crrev.com/c/895531.

R=ahaas@chromium.org

Change-Id: I211d9f8ad2ca5432dbbc6ecce0b6e13760f1af60
Reviewed-on: https://chromium-review.googlesource.com/895534
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51034}
This commit is contained in:
Clemens Hammacher 2018-01-31 14:55:05 +01:00 committed by Commit Bot
parent 2fe1af4787
commit 51af4f58c0
6 changed files with 1 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
BUILD.gn
View File

@ -2859,7 +2859,6 @@ group("v8_fuzzers") {
":v8_simple_regexp_builtins_fuzzer",
":v8_simple_regexp_fuzzer",
":v8_simple_wasm_async_fuzzer",
":v8_simple_wasm_call_fuzzer",
":v8_simple_wasm_code_fuzzer",
":v8_simple_wasm_compile_fuzzer",
":v8_simple_wasm_data_section_fuzzer",
@ -3252,27 +3251,6 @@ v8_source_set("wasm_code_fuzzer") {
v8_fuzzer("wasm_code_fuzzer") {
}
v8_source_set("wasm_call_fuzzer") {
sources = [
"test/common/wasm/test-signatures.h",
"test/fuzzer/wasm-call.cc",
]
deps = [
":fuzzer_support",
":lib_wasm_fuzzer_common",
":wasm_module_runner",
]
configs = [
":external_config",
":internal_config_base",
]
}
v8_fuzzer("wasm_call_fuzzer") {
}
v8_source_set("lib_wasm_fuzzer_common") {
sources = [
"test/fuzzer/wasm-fuzzer-common.cc",

32
gypfiles/fuzzer.gyp
View File

@ -209,38 +209,6 @@
'../test/fuzzer/wasm-fuzzer-common.h',
],
},
{
'target_name': 'v8_simple_wasm_call_fuzzer',
'type': 'executable',
'dependencies': [
'wasm_call_fuzzer_lib',
],
'include_dirs': [
'..',
],
'sources': [
'../test/fuzzer/fuzzer.cc',
],
},
{
'target_name': 'wasm_call_fuzzer_lib',
'type': 'static_library',
'dependencies': [
'v8.gyp:v8_libplatform',
'fuzzer_support',
],
'include_dirs': [
'..',
],
'sources': [
'../test/fuzzer/wasm-call.cc',
'../test/common/wasm/test-signatures.h',
'../test/common/wasm/wasm-module-runner.cc',
'../test/common/wasm/wasm-module-runner.h',
'../test/fuzzer/wasm-fuzzer-common.cc',
'../test/fuzzer/wasm-fuzzer-common.h',
],
},
{
'target_name': 'v8_simple_wasm_code_fuzzer',
'type': 'executable',

2
test/fuzzer/fuzzer.isolate
View File

@ -12,7 +12,6 @@
'<(PRODUCT_DIR)/v8_simple_multi_return_fuzzer<(EXECUTABLE_SUFFIX)',
'<(PRODUCT_DIR)/v8_simple_wasm_fuzzer<(EXECUTABLE_SUFFIX)',
'<(PRODUCT_DIR)/v8_simple_wasm_async_fuzzer<(EXECUTABLE_SUFFIX)',
'<(PRODUCT_DIR)/v8_simple_wasm_call_fuzzer<(EXECUTABLE_SUFFIX)',
'<(PRODUCT_DIR)/v8_simple_wasm_code_fuzzer<(EXECUTABLE_SUFFIX)',
'<(PRODUCT_DIR)/v8_simple_wasm_compile_fuzzer<(EXECUTABLE_SUFFIX)',
'<(PRODUCT_DIR)/v8_simple_wasm_data_section_fuzzer<(EXECUTABLE_SUFFIX)',
@ -31,7 +30,6 @@
'./multi_return/',
'./wasm/',
'./wasm_async/',
'./wasm_call/',
'./wasm_code/',
'./wasm_compile/',
'./wasm_data_section/',

2
test/fuzzer/testcfg.py
View File

@ -15,7 +15,7 @@ class VariantsGenerator(testsuite.VariantsGenerator):
class TestSuite(testsuite.TestSuite):
SUB_TESTS = ( 'json', 'parser', 'regexp_builtins', 'regexp', 'multi_return', 'wasm',
'wasm_async', 'wasm_call', 'wasm_code', 'wasm_compile',
'wasm_async', 'wasm_code', 'wasm_compile',
'wasm_data_section', 'wasm_function_sigs_section',
'wasm_globals_section', 'wasm_imports_section', 'wasm_memory_section',
'wasm_names_section', 'wasm_types_section' )

134
test/fuzzer/wasm-call.cc
View File

@ -1,134 +0,0 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stddef.h>
#include <stdint.h>
#include "include/v8.h"
#include "src/isolate.h"
#include "src/objects-inl.h"
#include "src/objects.h"
#include "src/utils.h"
#include "src/wasm/wasm-interpreter.h"
#include "src/wasm/wasm-module-builder.h"
#include "src/wasm/wasm-module.h"
#include "test/common/wasm/test-signatures.h"
#include "test/common/wasm/wasm-module-runner.h"
#include "test/fuzzer/fuzzer-support.h"
#include "test/fuzzer/wasm-fuzzer-common.h"
namespace v8 {
namespace internal {
namespace wasm {
namespace fuzzer {
static constexpr uint32_t kMaxNumFunctions = 3;
static constexpr uint32_t kMaxNumParams = 3;
class WasmCallFuzzer : public WasmExecutionFuzzer {
template <typename V>
static inline V read_value(const uint8_t** data, size_t* size, bool* ok) {
// The status flag {ok} checks that the decoding up until now was okay, and
// that a value of type V can be read without problems.
*ok &= (*size > sizeof(V));
if (!(*ok)) return 0;
V result = ReadLittleEndianValue<V>(*data);
*data += sizeof(V);
*size -= sizeof(V);
return result;
}
static void add_argument(Isolate* isolate, ValueType type,
WasmValue* interpreter_args,
Handle<Object>* compiler_args, int* argc,
const uint8_t** data, size_t* size, bool* ok) {
if (!(*ok)) return;
switch (type) {
case kWasmF32: {
float value = read_value<float>(data, size, ok);
interpreter_args[*argc] = WasmValue(value);
compiler_args[*argc] =
isolate->factory()->NewNumber(static_cast<double>(value));
break;
}
case kWasmF64: {
double value = read_value<double>(data, size, ok);
interpreter_args[*argc] = WasmValue(value);
compiler_args[*argc] = isolate->factory()->NewNumber(value);
break;
}
case kWasmI32: {
int32_t value = read_value<int32_t>(data, size, ok);
interpreter_args[*argc] = WasmValue(value);
compiler_args[*argc] =
isolate->factory()->NewNumber(static_cast<double>(value));
break;
}
default:
UNREACHABLE();
}
(*argc)++;
}
bool GenerateModule(
Isolate* isolate, Zone* zone, const uint8_t* data, size_t size,
ZoneBuffer& buffer, int32_t& num_args,
std::unique_ptr<WasmValue[]>& interpreter_args,
std::unique_ptr<Handle<Object>[]>& compiler_args) override {
bool ok = true;
uint8_t num_functions =
(read_value<uint8_t>(&data, &size, &ok) % kMaxNumFunctions) + 1;
ValueType types[] = {kWasmF32, kWasmF64, kWasmI32, kWasmI64};
interpreter_args.reset(new WasmValue[3]);
compiler_args.reset(new Handle<Object>[3]);
WasmModuleBuilder builder(zone);
for (int fun = 0; fun < num_functions; fun++) {
size_t num_params = static_cast<size_t>(
(read_value<uint8_t>(&data, &size, &ok) % kMaxNumParams) + 1);
FunctionSig::Builder sig_builder(zone, 1, num_params);
sig_builder.AddReturn(kWasmI32);
for (size_t param = 0; param < num_params; param++) {
// The main function cannot handle int64 parameters.
ValueType param_type = types[(read_value<uint8_t>(&data, &size, &ok) %
(arraysize(types) - (fun == 0 ? 1 : 0)))];
sig_builder.AddParam(param_type);
if (fun == 0) {
add_argument(isolate, param_type, interpreter_args.get(),
compiler_args.get(), &num_args, &data, &size, &ok);
}
}
WasmFunctionBuilder* f = builder.AddFunction(sig_builder.Build());
uint32_t code_size = static_cast<uint32_t>(size / num_functions);
f->EmitCode(data, code_size);
uint8_t end_opcode = kExprEnd;
f->EmitCode(&end_opcode, 1);
data += code_size;
size -= code_size;
if (fun == 0) {
builder.AddExport(CStrVector("main"), f);
}
}
builder.SetMaxMemorySize(32);
builder.WriteTo(buffer);
if (!ok) {
// The input data was too short.
return 0;
}
return true;
}
};
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
return WasmCallFuzzer().FuzzWasmModule(data, size);
}
} // namespace fuzzer
} // namespace wasm
} // namespace internal
} // namespace v8

0
test/fuzzer/wasm_call/foo
View File