[fuzzer] Remove the wasm section fuzzers
The fuzzers were already removed on the chrome side and therefore inactive, see https://crrev.com/c/1194228. R=machenbach@chromium.org Bug: v8:8562 Change-Id: I0cf5ec6d07e07452c5168ea952f45028bcea1c85 Reviewed-on: https://chromium-review.googlesource.com/c/1406678 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#58750}
This commit is contained in:
parent
94d84cc934
commit
b9854da1ec
147
BUILD.gn
147
BUILD.gn
@ -3511,14 +3511,7 @@ group("v8_fuzzers") {
|
|||||||
":v8_simple_wasm_async_fuzzer",
|
":v8_simple_wasm_async_fuzzer",
|
||||||
":v8_simple_wasm_code_fuzzer",
|
":v8_simple_wasm_code_fuzzer",
|
||||||
":v8_simple_wasm_compile_fuzzer",
|
":v8_simple_wasm_compile_fuzzer",
|
||||||
":v8_simple_wasm_data_section_fuzzer",
|
|
||||||
":v8_simple_wasm_function_sigs_section_fuzzer",
|
|
||||||
":v8_simple_wasm_fuzzer",
|
":v8_simple_wasm_fuzzer",
|
||||||
":v8_simple_wasm_globals_section_fuzzer",
|
|
||||||
":v8_simple_wasm_imports_section_fuzzer",
|
|
||||||
":v8_simple_wasm_memory_section_fuzzer",
|
|
||||||
":v8_simple_wasm_names_section_fuzzer",
|
|
||||||
":v8_simple_wasm_types_section_fuzzer",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3907,146 +3900,6 @@ v8_source_set("lib_wasm_fuzzer_common") {
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
v8_source_set("wasm_types_section_fuzzer") {
|
|
||||||
sources = [
|
|
||||||
"test/fuzzer/wasm-types-section.cc",
|
|
||||||
]
|
|
||||||
|
|
||||||
deps = [
|
|
||||||
":fuzzer_support",
|
|
||||||
":lib_wasm_fuzzer_common",
|
|
||||||
":wasm_module_runner",
|
|
||||||
]
|
|
||||||
|
|
||||||
configs = [
|
|
||||||
":external_config",
|
|
||||||
":internal_config_base",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_fuzzer("wasm_types_section_fuzzer") {
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_source_set("wasm_names_section_fuzzer") {
|
|
||||||
sources = [
|
|
||||||
"test/fuzzer/wasm-names-section.cc",
|
|
||||||
]
|
|
||||||
|
|
||||||
deps = [
|
|
||||||
":fuzzer_support",
|
|
||||||
":lib_wasm_fuzzer_common",
|
|
||||||
":wasm_module_runner",
|
|
||||||
]
|
|
||||||
|
|
||||||
configs = [
|
|
||||||
":external_config",
|
|
||||||
":internal_config_base",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_fuzzer("wasm_names_section_fuzzer") {
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_source_set("wasm_globals_section_fuzzer") {
|
|
||||||
sources = [
|
|
||||||
"test/fuzzer/wasm-globals-section.cc",
|
|
||||||
]
|
|
||||||
|
|
||||||
deps = [
|
|
||||||
":fuzzer_support",
|
|
||||||
":lib_wasm_fuzzer_common",
|
|
||||||
":wasm_module_runner",
|
|
||||||
]
|
|
||||||
|
|
||||||
configs = [
|
|
||||||
":external_config",
|
|
||||||
":internal_config_base",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_fuzzer("wasm_globals_section_fuzzer") {
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_source_set("wasm_imports_section_fuzzer") {
|
|
||||||
sources = [
|
|
||||||
"test/fuzzer/wasm-imports-section.cc",
|
|
||||||
]
|
|
||||||
|
|
||||||
deps = [
|
|
||||||
":fuzzer_support",
|
|
||||||
":lib_wasm_fuzzer_common",
|
|
||||||
":wasm_module_runner",
|
|
||||||
]
|
|
||||||
|
|
||||||
configs = [
|
|
||||||
":external_config",
|
|
||||||
":internal_config_base",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_fuzzer("wasm_imports_section_fuzzer") {
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_source_set("wasm_function_sigs_section_fuzzer") {
|
|
||||||
sources = [
|
|
||||||
"test/fuzzer/wasm-function-sigs-section.cc",
|
|
||||||
]
|
|
||||||
|
|
||||||
deps = [
|
|
||||||
":fuzzer_support",
|
|
||||||
":lib_wasm_fuzzer_common",
|
|
||||||
":wasm_module_runner",
|
|
||||||
]
|
|
||||||
|
|
||||||
configs = [
|
|
||||||
":external_config",
|
|
||||||
":internal_config_base",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_fuzzer("wasm_function_sigs_section_fuzzer") {
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_source_set("wasm_memory_section_fuzzer") {
|
|
||||||
sources = [
|
|
||||||
"test/fuzzer/wasm-memory-section.cc",
|
|
||||||
]
|
|
||||||
|
|
||||||
deps = [
|
|
||||||
":fuzzer_support",
|
|
||||||
":lib_wasm_fuzzer_common",
|
|
||||||
":wasm_module_runner",
|
|
||||||
]
|
|
||||||
|
|
||||||
configs = [
|
|
||||||
":external_config",
|
|
||||||
":internal_config_base",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_fuzzer("wasm_memory_section_fuzzer") {
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_source_set("wasm_data_section_fuzzer") {
|
|
||||||
sources = [
|
|
||||||
"test/fuzzer/wasm-data-section.cc",
|
|
||||||
]
|
|
||||||
|
|
||||||
deps = [
|
|
||||||
":fuzzer_support",
|
|
||||||
":lib_wasm_fuzzer_common",
|
|
||||||
":wasm_module_runner",
|
|
||||||
]
|
|
||||||
|
|
||||||
configs = [
|
|
||||||
":external_config",
|
|
||||||
":internal_config_base",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_fuzzer("wasm_data_section_fuzzer") {
|
|
||||||
}
|
|
||||||
|
|
||||||
v8_source_set("wasm_compile_fuzzer") {
|
v8_source_set("wasm_compile_fuzzer") {
|
||||||
sources = [
|
sources = [
|
||||||
"test/common/wasm/test-signatures.h",
|
"test/common/wasm/test-signatures.h",
|
||||||
|
@ -22,12 +22,5 @@ group("v8_fuzzer") {
|
|||||||
"./wasm_async/",
|
"./wasm_async/",
|
||||||
"./wasm_code/",
|
"./wasm_code/",
|
||||||
"./wasm_compile/",
|
"./wasm_compile/",
|
||||||
"./wasm_data_section/",
|
|
||||||
"./wasm_function_sigs_section/",
|
|
||||||
"./wasm_globals_section/",
|
|
||||||
"./wasm_imports_section/",
|
|
||||||
"./wasm_memory_section/",
|
|
||||||
"./wasm_names_section/",
|
|
||||||
"./wasm_types_section/",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -15,10 +15,7 @@ class VariantsGenerator(testsuite.VariantsGenerator):
|
|||||||
|
|
||||||
class TestSuite(testsuite.TestSuite):
|
class TestSuite(testsuite.TestSuite):
|
||||||
SUB_TESTS = ( 'json', 'parser', 'regexp_builtins', 'regexp', 'multi_return', 'wasm',
|
SUB_TESTS = ( 'json', 'parser', 'regexp_builtins', 'regexp', 'multi_return', 'wasm',
|
||||||
'wasm_async', 'wasm_code', 'wasm_compile',
|
'wasm_async', 'wasm_code', 'wasm_compile')
|
||||||
'wasm_data_section', 'wasm_function_sigs_section',
|
|
||||||
'wasm_globals_section', 'wasm_imports_section', 'wasm_memory_section',
|
|
||||||
'wasm_names_section', 'wasm_types_section' )
|
|
||||||
|
|
||||||
def ListTests(self):
|
def ListTests(self):
|
||||||
tests = []
|
tests = []
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style license that can be
|
|
||||||
// found in the LICENSE file.
|
|
||||||
|
|
||||||
#include "src/objects-inl.h"
|
|
||||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
|
||||||
|
|
||||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
||||||
return v8::internal::wasm::fuzzer::FuzzWasmSection(
|
|
||||||
v8::internal::wasm::kDataSectionCode, data, size);
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style license that can be
|
|
||||||
// found in the LICENSE file.
|
|
||||||
|
|
||||||
#include "src/objects-inl.h"
|
|
||||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
|
||||||
|
|
||||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
||||||
return v8::internal::wasm::fuzzer::FuzzWasmSection(
|
|
||||||
v8::internal::wasm::kFunctionSectionCode, data, size);
|
|
||||||
}
|
|
@ -24,49 +24,6 @@ namespace internal {
|
|||||||
namespace wasm {
|
namespace wasm {
|
||||||
namespace fuzzer {
|
namespace fuzzer {
|
||||||
|
|
||||||
static constexpr const char* kNameString = "name";
|
|
||||||
static constexpr size_t kNameStringLength = 4;
|
|
||||||
|
|
||||||
int FuzzWasmSection(SectionCode section, const uint8_t* data, size_t size) {
|
|
||||||
v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
|
|
||||||
v8::Isolate* isolate = support->GetIsolate();
|
|
||||||
i::Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
|
|
||||||
|
|
||||||
// Clear any pending exceptions from a prior run.
|
|
||||||
i_isolate->clear_pending_exception();
|
|
||||||
|
|
||||||
v8::Isolate::Scope isolate_scope(isolate);
|
|
||||||
v8::HandleScope handle_scope(isolate);
|
|
||||||
v8::Context::Scope context_scope(support->GetContext());
|
|
||||||
v8::TryCatch try_catch(isolate);
|
|
||||||
|
|
||||||
AccountingAllocator allocator;
|
|
||||||
Zone zone(&allocator, ZONE_NAME);
|
|
||||||
|
|
||||||
ZoneBuffer buffer(&zone);
|
|
||||||
buffer.write_u32(kWasmMagic);
|
|
||||||
buffer.write_u32(kWasmVersion);
|
|
||||||
if (section == kNameSectionCode) {
|
|
||||||
buffer.write_u8(kUnknownSectionCode);
|
|
||||||
buffer.write_size(size + kNameStringLength + 1);
|
|
||||||
buffer.write_u8(kNameStringLength);
|
|
||||||
buffer.write(reinterpret_cast<const uint8_t*>(kNameString),
|
|
||||||
kNameStringLength);
|
|
||||||
buffer.write(data, size);
|
|
||||||
} else {
|
|
||||||
buffer.write_u8(section);
|
|
||||||
buffer.write_size(size);
|
|
||||||
buffer.write(data, size);
|
|
||||||
}
|
|
||||||
|
|
||||||
ErrorThrower thrower(i_isolate, "decoder");
|
|
||||||
|
|
||||||
testing::DecodeWasmModuleForTesting(i_isolate, &thrower, buffer.begin(),
|
|
||||||
buffer.end(), kWasmOrigin);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void InterpretAndExecuteModule(i::Isolate* isolate,
|
void InterpretAndExecuteModule(i::Isolate* isolate,
|
||||||
Handle<WasmModuleObject> module_object) {
|
Handle<WasmModuleObject> module_object) {
|
||||||
// We do not instantiate the module if there is a start function, because a
|
// We do not instantiate the module if there is a start function, because a
|
||||||
|
@ -17,8 +17,6 @@ namespace internal {
|
|||||||
namespace wasm {
|
namespace wasm {
|
||||||
namespace fuzzer {
|
namespace fuzzer {
|
||||||
|
|
||||||
int FuzzWasmSection(SectionCode section, const uint8_t* data, size_t size);
|
|
||||||
|
|
||||||
// First instantiates and interprets the "main" function within module_object if
|
// First instantiates and interprets the "main" function within module_object if
|
||||||
// possible. If the interpretation finishes within kMaxSteps steps,
|
// possible. If the interpretation finishes within kMaxSteps steps,
|
||||||
// module_object is instantiated again and the compiled "main" function is
|
// module_object is instantiated again and the compiled "main" function is
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style license that can be
|
|
||||||
// found in the LICENSE file.
|
|
||||||
|
|
||||||
#include "src/objects-inl.h"
|
|
||||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
|
||||||
|
|
||||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
||||||
return v8::internal::wasm::fuzzer::FuzzWasmSection(
|
|
||||||
v8::internal::wasm::kGlobalSectionCode, data, size);
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style license that can be
|
|
||||||
// found in the LICENSE file.
|
|
||||||
|
|
||||||
#include "src/objects-inl.h"
|
|
||||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
|
||||||
|
|
||||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
||||||
return v8::internal::wasm::fuzzer::FuzzWasmSection(
|
|
||||||
v8::internal::wasm::kImportSectionCode, data, size);
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style license that can be
|
|
||||||
// found in the LICENSE file.
|
|
||||||
|
|
||||||
#include "src/objects-inl.h"
|
|
||||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
|
||||||
|
|
||||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
||||||
return v8::internal::wasm::fuzzer::FuzzWasmSection(
|
|
||||||
v8::internal::wasm::kMemorySectionCode, data, size);
|
|
||||||
}
|
|
@ -1,12 +0,0 @@
|
|||||||
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style license that can be
|
|
||||||
// found in the LICENSE file.
|
|
||||||
|
|
||||||
#include "src/objects-inl.h"
|
|
||||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
|
||||||
|
|
||||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
||||||
// TODO(titzer): Names section requires a preceding function section.
|
|
||||||
return v8::internal::wasm::fuzzer::FuzzWasmSection(
|
|
||||||
v8::internal::wasm::kNameSectionCode, data, size);
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style license that can be
|
|
||||||
// found in the LICENSE file.
|
|
||||||
|
|
||||||
#include "src/objects-inl.h"
|
|
||||||
#include "test/fuzzer/wasm-fuzzer-common.h"
|
|
||||||
|
|
||||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
||||||
return v8::internal::wasm::fuzzer::FuzzWasmSection(
|
|
||||||
v8::internal::wasm::kTypeSectionCode, data, size);
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user