From bbeff193df2c760b3ae63ab8c4595d5fabbcbc60 Mon Sep 17 00:00:00 2001
From: Andreas Haas <ahaas@chromium.org>
Date: Mon, 26 Jul 2021 13:16:47 +0200
Subject: [PATCH] [fuzzer] Disallow atomic.wait in fuzzers

It is very unlikely that atomic.wait does anything useful in the fuzzer,
and will most likely just timeout the fuzzer. That's why it's better to
just disallow atomic.wait on the fuzzer.

R=thibaudm@chromium.org

Bug: chromium:1229074
Change-Id: I57aaff013964fa4c0e6ab411789e53a9013cabd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053584
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75920}
---
 test/common/wasm/wasm-interpreter.cc | 4 ++--
 test/fuzzer/fuzzer-support.cc        | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/test/common/wasm/wasm-interpreter.cc b/test/common/wasm/wasm-interpreter.cc
index cb12fa87cb..d11929b451 100644
--- a/test/common/wasm/wasm-interpreter.cc
+++ b/test/common/wasm/wasm-interpreter.cc
@@ -2169,7 +2169,7 @@ class WasmInterpreterInternals {
         *len += 1;
         break;
       case kExprI32AtomicWait: {
-        if (!module()->has_shared_memory) {
+        if (!module()->has_shared_memory || !isolate_->allow_atomics_wait()) {
           DoTrap(kTrapUnreachable, pc);
           return false;
         }
@@ -2189,7 +2189,7 @@ class WasmInterpreterInternals {
         break;
       }
       case kExprI64AtomicWait: {
-        if (!module()->has_shared_memory) {
+        if (!module()->has_shared_memory || !isolate_->allow_atomics_wait()) {
           DoTrap(kTrapUnreachable, pc);
           return false;
         }
diff --git a/test/fuzzer/fuzzer-support.cc b/test/fuzzer/fuzzer-support.cc
index 5bc6c6c30e..608e4875ca 100644
--- a/test/fuzzer/fuzzer-support.cc
+++ b/test/fuzzer/fuzzer-support.cc
@@ -26,6 +26,7 @@ FuzzerSupport::FuzzerSupport(int* argc, char*** argv) {
   allocator_ = v8::ArrayBuffer::Allocator::NewDefaultAllocator();
   v8::Isolate::CreateParams create_params;
   create_params.array_buffer_allocator = allocator_;
+  create_params.allow_atomics_wait = false;
   isolate_ = v8::Isolate::New(create_params);
 
   {