[fuzzer] Add table.copy to the fuzzed module
We add table.copy operation to the fuzzed module. Bug: v8:11954 Change-Id: I7f584335b977ae9bf46f13cb8ddacdcce0824291 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168275 Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Rakhim Khismet <khismet@google.com> Cr-Commit-Position: refs/heads/main@{#76935}
This commit is contained in:
parent
93191813d4
commit
a3905e3269
@ -888,9 +888,9 @@ class WasmGenerator {
|
|||||||
}
|
}
|
||||||
void table_get(HeapType type, DataRange* data) {
|
void table_get(HeapType type, DataRange* data) {
|
||||||
ValueType needed_type = ValueType::Ref(type, kNullable);
|
ValueType needed_type = ValueType::Ref(type, kNullable);
|
||||||
int table_size = builder_->builder()->NumTables();
|
int table_count = builder_->builder()->NumTables();
|
||||||
ZoneVector<uint32_t> table(builder_->builder()->zone());
|
ZoneVector<uint32_t> table(builder_->builder()->zone());
|
||||||
for (int i = 0; i < table_size; i++) {
|
for (int i = 0; i < table_count; i++) {
|
||||||
if (builder_->builder()->GetTableType(i) == needed_type) {
|
if (builder_->builder()->GetTableType(i) == needed_type) {
|
||||||
table.push_back(i);
|
table.push_back(i);
|
||||||
}
|
}
|
||||||
@ -914,6 +914,30 @@ class WasmGenerator {
|
|||||||
void table_fill(DataRange* data) {
|
void table_fill(DataRange* data) {
|
||||||
table_op<kVoid>({kWasmI32, kWasmFuncRef, kWasmI32}, data, kExprTableFill);
|
table_op<kVoid>({kWasmI32, kWasmFuncRef, kWasmI32}, data, kExprTableFill);
|
||||||
}
|
}
|
||||||
|
void table_copy(DataRange* data) {
|
||||||
|
ValueType needed_type =
|
||||||
|
data->get<bool>()
|
||||||
|
? ValueType::Ref(HeapType(HeapType::kFunc), kNullable)
|
||||||
|
: ValueType::Ref(HeapType(HeapType::kExtern), kNullable);
|
||||||
|
int table_count = builder_->builder()->NumTables();
|
||||||
|
ZoneVector<uint32_t> table(builder_->builder()->zone());
|
||||||
|
for (int i = 0; i < table_count; i++) {
|
||||||
|
if (builder_->builder()->GetTableType(i) == needed_type) {
|
||||||
|
table.push_back(i);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (table.empty()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
int first_index = data->get<uint8_t>() % static_cast<int>(table.size());
|
||||||
|
int second_index = data->get<uint8_t>() % static_cast<int>(table.size());
|
||||||
|
Generate(kWasmI32, data);
|
||||||
|
Generate(kWasmI32, data);
|
||||||
|
Generate(kWasmI32, data);
|
||||||
|
builder_->EmitWithPrefix(kExprTableCopy);
|
||||||
|
builder_->EmitU32V(table[first_index]);
|
||||||
|
builder_->EmitU32V(table[second_index]);
|
||||||
|
}
|
||||||
|
|
||||||
template <ValueKind wanted_kind>
|
template <ValueKind wanted_kind>
|
||||||
void array_get(DataRange* data) {
|
void array_get(DataRange* data) {
|
||||||
@ -1200,7 +1224,8 @@ void WasmGenerator::Generate<kVoid>(DataRange* data) {
|
|||||||
&WasmGenerator::array_set,
|
&WasmGenerator::array_set,
|
||||||
|
|
||||||
&WasmGenerator::table_set,
|
&WasmGenerator::table_set,
|
||||||
&WasmGenerator::table_fill};
|
&WasmGenerator::table_fill,
|
||||||
|
&WasmGenerator::table_copy};
|
||||||
|
|
||||||
GenerateOneOf(alternatives, data);
|
GenerateOneOf(alternatives, data);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user