[fuzzer] Add table.copy to the fuzzed module

We add table.copy operation to the fuzzed module.

Bug: v8:11954
Change-Id: I7f584335b977ae9bf46f13cb8ddacdcce0824291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168275
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/main@{#76935}
This commit is contained in:
Rakhim Khismet 2021-09-17 16:49:39 +00:00 committed by V8 LUCI CQ
parent 93191813d4
commit a3905e3269

View File

@ -888,9 +888,9 @@ class WasmGenerator {
} }
void table_get(HeapType type, DataRange* data) { void table_get(HeapType type, DataRange* data) {
ValueType needed_type = ValueType::Ref(type, kNullable); ValueType needed_type = ValueType::Ref(type, kNullable);
int table_size = builder_->builder()->NumTables(); int table_count = builder_->builder()->NumTables();
ZoneVector<uint32_t> table(builder_->builder()->zone()); ZoneVector<uint32_t> table(builder_->builder()->zone());
for (int i = 0; i < table_size; i++) { for (int i = 0; i < table_count; i++) {
if (builder_->builder()->GetTableType(i) == needed_type) { if (builder_->builder()->GetTableType(i) == needed_type) {
table.push_back(i); table.push_back(i);
} }
@ -914,6 +914,30 @@ class WasmGenerator {
void table_fill(DataRange* data) { void table_fill(DataRange* data) {
table_op<kVoid>({kWasmI32, kWasmFuncRef, kWasmI32}, data, kExprTableFill); table_op<kVoid>({kWasmI32, kWasmFuncRef, kWasmI32}, data, kExprTableFill);
} }
void table_copy(DataRange* data) {
ValueType needed_type =
data->get<bool>()
? ValueType::Ref(HeapType(HeapType::kFunc), kNullable)
: ValueType::Ref(HeapType(HeapType::kExtern), kNullable);
int table_count = builder_->builder()->NumTables();
ZoneVector<uint32_t> table(builder_->builder()->zone());
for (int i = 0; i < table_count; i++) {
if (builder_->builder()->GetTableType(i) == needed_type) {
table.push_back(i);
}
}
if (table.empty()) {
return;
}
int first_index = data->get<uint8_t>() % static_cast<int>(table.size());
int second_index = data->get<uint8_t>() % static_cast<int>(table.size());
Generate(kWasmI32, data);
Generate(kWasmI32, data);
Generate(kWasmI32, data);
builder_->EmitWithPrefix(kExprTableCopy);
builder_->EmitU32V(table[first_index]);
builder_->EmitU32V(table[second_index]);
}
template <ValueKind wanted_kind> template <ValueKind wanted_kind>
void array_get(DataRange* data) { void array_get(DataRange* data) {
@ -1200,7 +1224,8 @@ void WasmGenerator::Generate<kVoid>(DataRange* data) {
&WasmGenerator::array_set, &WasmGenerator::array_set,
&WasmGenerator::table_set, &WasmGenerator::table_set,
&WasmGenerator::table_fill}; &WasmGenerator::table_fill,
&WasmGenerator::table_copy};
GenerateOneOf(alternatives, data); GenerateOneOf(alternatives, data);
} }